use of discontiguos-netmasks to optimize TCAM resource usage as applicable to acls
Randy
randy_94108 at yahoo.com
Sat Jun 4 21:01:28 EDT 2016
NX-OS appears to do this:
actual acl:
show access-list v1873
IP access list v1873
10 permit ip 10.28.0.0/16 10.28.72.0/24
20 permit ip 10.28.0.0/16 10.28.74.0/24
30 permit ip 10.28.73.0/24 10.28.73.0/24
40 permit ip 10.28.73.0/24 10.28.75.0/24
50 permit ip 10.28.73.0/24 10.28.76.0/24
Same acl in TCAM:
sh system internal access-list vlan 1873 input statis
<SNIP>
[0163:011a:011a] prec 1 permit-routed ip 10.28.0.0/16 10.28.72.0/255.255.253.0 [0]
[0164:011b:011b] prec 1 permit-routed ip 10.28.73.0/24 10.28.76.0/24 [0]
[0165:011c:011c] prec 1 permit-routed ip 10.28.73.0/24 10.28.73.0/255.255.253.0 [0]
(I don't recall this on IOS based platforms that did acl-lookups in hardware - perhaps I am wrong! May be I didn't configure an acl as the one above.)
Can someone educate me?
./Randy
More information about the cisco-nsp
mailing list