RE: access-list switching

From: Howard C. Berkowitz (hcb@gettcomm.com)
Date: Fri Oct 25 2002 - 11:34:42 GMT-3

• Next message: Peter van Oene: "Re: good practices at the lab"
• Previous message: MADMAN: "Re: ISDN ppp multilink question"
• Maybe in reply to: Volkov, Dmitry (Toronto - BCE): "access-list switching"
• Next in thread: Brian Dennis: "RE: access-list switching"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

At 5:49 AM -0700 10/25/02, Brian Dennis wrote:
>I couldn't find the exact release fast switching was supported but this
>newsgroup posting (see below) about a bug with ACL's and fast switching
>from the manager of customer engineering at cisco (1990) might help.
>Notice the date and the IOS version ;-)
>
>Brian Dennis, CCIE #2210 (R&S/ISP Dial)

My recollection was that fast switching for access lists came in
stages. From memory and the first release I worked on,

      9.0 Outbound standard access lists could be fast switched.

By and large, there were no inbound access lists. In 9.2 or 10.0,
inbound access lists came in, but if you configured one, it forced
process switching for every access list on the box. Configuring
extended outbound did the same thing.

In a subsequent release, configuring inbound standard limited fast
switching to the interface involved. Next (and it varied with
platform as well), extended access lists could be fast switched, and
then inbound standards could be silicon switched on a 7000 with SSP,
not SP.

In other words, there were all sorts of interactions. I usually
wound up not trying to find the answer in documentation, but simply
to configure it and view the resulting switching modes.

>
><posting>
>
>From: Joel P. Bion (jpbion@cisco.com)
>Subject: Bug in IP Fast switching/access lists...
>Newsgroups: comp.dcom.sys.cisco
>Date: 1990-10-19 16:59:38 PST
>
>
>Hello.
>
> cisco Systems has recently uncovered a bug in the use of IP
>access
>lists and IP fast switching with the 8.1(19)-8.1(21) releases. This
>problem
>has been fixed in 8.2 development code, and will also be included in the
>next GS maintenance release, currently scheduled for November 12th.
>
> The conditions under which the problem is seen are complex,
>but the result is that access would (to the end user) apparently be
>"randomly" granted or denied. Your safest insurance is to simply
>DISABLE fast switching on all interfaces to which an IP access list
>is applied. For example, to disable fast switching on interface ethernet
>0,
>issue the following configuration commands:
>
> interface ethernet 0
> no ip route-cache
>
> A mailing will be sent to this list indicating when the next 8.1
>maintenance is available to fix this problem.
>
>
>Thank you,
>
> Joel Bion
> Manager, cisco Customer Engineering
>
></posting>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>MADMAN
>Sent: Thursday, October 24, 2002 11:05 AM
>To: Volkov, Dmitry (Toronto - BCE)
>Cc: 'dmadlan@qwest.com'; 'ccielab@groupstudy.com'
>Subject: Re: access-list switching
>
> I did a quick unsuccessful search so no I don't have a link but I know
>years ago access-lists were fast switched. Most new featues like NAT or
>policy routing start out process switched and then are upgraded to fast
>switching which both NAT and policy routing are also.
>
> Dave
>
>"Volkov, Dmitry (Toronto - BCE)" wrote:
>>
>> David,
>>
>> Do You know any link confirming fast switching of access-lists.
>>
>> Dmitry Volkov
>> CCIE # 10292
>>
>> > -----Original Message-----
>> > From: MADMAN [mailto:dave@interprise.com]
>> > Sent: Thursday, October 24, 2002 12:03 PM
>> > To: Volkov, Dmitry (Toronto - BCE)
>> > Cc: 'ccielab@groupstudy.com'
>> > Subject: Re: access-list switching
>> >
>> >
>> >
>> > access-lists have been at least fast switched for quite
>> > some time but
>> > your right that differant platforms perform differantly. I
>> > would think
>> > there would be a table somewhere that shows this but I don't
>> > know where
>> > it is!!
>> >
>> > Dave
>> >
>> > "Volkov, Dmitry (Toronto - BCE)" wrote:
>> > >
>> > > Hello group,
>> > >
>> > > Does somebody know where can I find how packets passing
>> > access-list are
>> > > switched ?
>> > > As far as I understand they are process switched usually
>> > > However, I remember, I read somewhere that they are CEF
>> > switched on some
>> > > platforms...
>> > > I guess this depends on platform and IOS.
>> > >
>> > > Couldn't find it at CCO.
>> > >
>> > > Thank You,
> > > >
>> > > Dmitry
>> >
>> > --
>> > David Madland
>> > CCIE# 2016
>> > Sr. Network Engineer
>> > Qwest Communications
>> > 612-664-3367
>> >
>> > "You don't make the poor richer by making the rich poorer."
>--Winston
>> > Churchill
>
>--
>David Madland
>CCIE# 2016
>Sr. Network Engineer
>Qwest Communications
>612-664-3367
>
>"You don't make the poor richer by making the rich poorer." --Winston
>Churchill

• Next message: Peter van Oene: "Re: good practices at the lab"
• Previous message: MADMAN: "Re: ISDN ppp multilink question"
• Maybe in reply to: Volkov, Dmitry (Toronto - BCE): "access-list switching"
• Next in thread: Brian Dennis: "RE: access-list switching"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:56 GMT-3