From: Ian Stong (istong@stong.org)
Date: Mon Jan 31 2005 - 08:29:10 GMT-3
The order of the acls does not matter for the speed of lookups - unlike the
standard sequential lookups but the order still matters for your logic of
the filtering process (which traffic you filter first over other traffic).
Let me know if you have further questions,
Ian
http://www.ccie4u.com
CCIE Lab Rack Rentals starting at only $20
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Danshtr
Sent: Monday, January 31, 2005 4:59 AM
To: istong@stong.org
Cc: CCIE - GS
Subject: Re: Turbo ACL
Thanks, but I was more looking for how is it implemented.
Do the order of the acl matters?
Is it similar to skip states of OpenBSD PF?
On Sun, 30 Jan 2005 20:36:11 -0500, Ian Stong <istong@stong.org> wrote:
> Here are some links for the 7000 series platform. Note the PIX supports
> turbo acls as well which is fun to play with.
>
>
http://cisco.com/en/US/partner/products/sw/iosswrel/ps1834/products_feature_
> guide09186a0080080374.html
>
>
http://cisco.com/en/US/partner/products/sw/iosswrel/ps1838/products_feature_
> guide09186a008009f52c.html
>
> Features in a nutshell:
>
> Lookups performed via table versus sequential lookups for faster lookup
> times and lower cpu load
>
> If I remember correctly it doesn't work with named ACL's and time entries
at
> least in 12.0, 12.1 etc
>
> Gotchas:
>
> The entire acl is recompiled each time a change is made
>
> Doesn't work with named acl's and certain other acl's
>
> A 10,000 line acl on a 7500 with RSP4's and VIP2-40's will crash with it
> enabled - but less of a problem if VIP2-50's with 128MB or greater VIPs
>
> Very buggy in certain IOS versions such as 12.1(14)E
>
> Ian
> http://www.ccie4u.com
> Rack Rentals and Lab Scenarios staring at only $20
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Danshtr
>
> Sent: Sunday, January 30, 2005 4:59 PM
> To: istong@stong.org
> Cc: CCIE - GS
> Subject: Re: Turbo ACL
>
> Thanks,
>
> The platforms I am looking at are:
> 7500
> 7400
> 7200
>
> and 3800 if compiled ACL is supported.
>
> On Sun, 30 Jan 2005 16:36:16 -0500, Ian Stong <istong@stong.org> wrote:
> > Hi,
> >
> > I know of a few documents but which I send you depends on the platform
you
> > are asking about. It's a little different on various models. Please
let
> us
> > know which if any model you are interested in using or understanding
this
> > feature on.
> >
> > Thanks,
> >
> > Ian
> > www.ccie4u.com
> > Rack Rentals and Lab Scenarios staring at only $20
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Danshtr
> > Sent: Sunday, January 30, 2005 9:51 AM
> > To: CCIE - GS
> > Subject: Turbo ACL
> >
> > Hello all,
> >
> > Could someone point me to a document describing how TurboACL (compiled
> > ACL) really work?
> >
> > --
> > Best regards,
> > Dan
> >
> > <a
href="http://www.spreadfirefox.com/?q=affiliates&id=0&t=1">Get
> > Firefox!</a>
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
>
> --
> Best regards,
> Dan
>
> <a href="http://www.spreadfirefox.com/?q=affiliates&id=0&t=1">Get
> Firefox!</a>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
-- Best regards, Dan<a href="http://www.spreadfirefox.com/?q=affiliates&id=0&t=1">Get Firefox!</a>
This archive was generated by hypermail 2.1.4 : Wed Feb 02 2005 - 22:10:27 GMT-3