From: Howard C. Berkowitz (hcb@gettcomm.com)
Date: Tue Jun 07 2005 - 20:11:31 GMT-3
At 5:59 PM -0400 6/7/05, istong@stong.org wrote:
>It is platform dependant and also depends on what you
>consider acceptable. As you add more acls you reach a point
>where the throughput drops drastically. Also some platforms
>support Turbo ACL which compiles the ACL and allows you more
>entries per ACL.
>
>Unless you are exceeding 1000 limes you should be ok on the
>mid level routers. More along the lines of
>400 or so for lower end routers as a rough estimate.
>
These are good points, and, by platform dependent, it's not just a
question of RAM, but of specialized storage like TCAMs. TCAMs have
very specific limits of Access Control Entries (ACE) as well as
routes and other data structures. IIRC, some of the newer GSR line
cards use TCAMs.
In large ISP operations, there's an interesting problem with an
interesting workaround. Some routers had sufficiently long access
lists that the configuration containing them would not fit in NVRAM.
You _always_ had to boot these routers from TFTP.
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3