[c-nsp] Router ASR1k ACL count question
Nick Cutting
ncutting at edgetg.com
Thu Jul 21 16:35:11 EDT 2016
As James said -
You can also add the log keyword, but then the CPU gets involved, much slower - but you want peace of mind
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of James Bensley
Sent: Thursday, July 21, 2016 10:46 AM
To: Cisco Network Service Providers <cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] Router ASR1k ACL count question
On 21 July 2016 at 15:37, Satish Patel <satish.txt at gmail.com> wrote:
> Any input?
>
> On Wed, Jul 20, 2016 at 11:52 AM, Satish Patel <satish.txt at gmail.com> wrote:
>> I have C3850 (L3) switch and Cisco ASR1006 Router, I am running ACL
>> on both device but if i rung "show ip access-lists" on both then i
>> can see c3850 hit counter not increasing but on ASR1006 router it is
>> increasing.
>>
>> What does that mean? I heard from people C3850 using hardware ACL
>> because of that its counter doesn't increase. Does that means ASR1006
>> using software ACL because its counter increasing every single hit.
I have no idea what that is happening for you, I'm not familar with the 3850s specifically, but the idea that it relates to hardware or software forwarding doens't make sense to me.
In both platforms all traffic should by default be forwarded by hardware so the hardware ASICs are incrementing the packet and byte counters for bps, drops, erros etc. Packets should only be software processes when they are punted.
Cheers,
James.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list