Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cisco ACL Processing Time

Posted on 2006-11-01
3
484 Views
Last Modified: 2012-06-27
Hi,

Is their any evidence to suggest that the longer a Cisco ACL is, the greater the time from packet source to destination? Also, is their any evidence to suggest that the location of an ACL entry within the ACL also determines this time? Any links to evidence would be fantastic.

Mike
0
Comment
Question by:Barnardos_2LS
  • 2
3 Comments
 
LVL 12

Expert Comment

by:pjtemplin
ID: 17852241
There's tons of evidence and recommendations that you optimize your ACLs to put the most-hit clauses as close to the top as your policy will allow.  Long ACLs don't necessarily mean more latency or CPU utilization, but long ACLs where packets match very far down in the ACL (i.e. a final permit ip any any after 2000 lines) do mean more latency and CPU utilization.

On high-end routers, Cisco offers "turbo ACLs" which do not increase CPU load or latency based on ACL length.  That alone is evidence that ACL length (with respect to where in the ACL most packets match) matters.
0
 
LVL 1

Author Comment

by:Barnardos_2LS
ID: 17856471
Have you any links for these recommendations?

Mike
0
 
LVL 12

Accepted Solution

by:
pjtemplin earned 250 total points
ID: 17857566
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question