[c-nsp] how ACLs affect the processing of a Cisco 7200 NPE-G2

Ali Sumsam ali+cisconsp at eintellego.net
Sun Nov 11 17:24:48 EST 2012


Thanks Dobbins,
I am going to try Turbo ACL as a first thing and observe the result.


Regards,
*Ali Sumsam CCIE*
*Network Engineer - Level 3*
eintellego Pty Ltd
ali at eintellego.net ; www.eintellego.net

Phone: 1300 753 383 ; Fax: (+612) 8572 9954

Cell +61 (0)410 603 531

facebook.com/eintellego
PO Box 7726, Baulkham Hills, NSW 1755 Australia

The Experts Who The Experts Call
Juniper - Cisco – Brocade - IBM



On Sat, Nov 10, 2012 at 12:00 AM, Dobbins, Roland <rdobbins at arbor.net>wrote:

>
> On Nov 9, 2012, at 7:30 PM, Steve McCrory wrote:
>
> > The concept I was working with is true (adding more statements does not
> impact performance) but perhaps my exact figures where slightly out,
>
> Apologies for being unclear - when the tables are built and populated with
> bitmaps, the *packet classification process* is indeed pretty consistent in
> terms of the induced latency, out to pretty large theoretical limits of ACL
> stanzas; with Turbo ACLs, the maximum number of lookups to match on a given
> ACE is 5 (as opposed to 1 for each and every ACE with non-compiled ACLs;
> with a 100-stanza non-compiled ACL, this would require 100 lookups).
>
> However, the box still has to handle the packets, one way or another, so
> the overall performance savings gained isn't generally that much, in the
> scheme of things (unless you've totally bloated ACLs which probably are
> subject to bit-rot and are causing other problems, anyways).
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
>           Luck is the residue of opportunity and design.
>
>                        -- John Milton
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list