On Wed, Mar 05, 2008 at 10:21:54AM -0500, Justin M. Streiner wrote: > I don't know if it's an absolute requirement anymore, but I still do it > because it's a good idea. I'd think if the router is doing forwarding > and ACL processing in software, tuning your ACLs is still a very good > idea.
even if you forwarding/acl is done in hardware (6500/7600), there are optimizations to be made. example: although logic would dictate otherwise, using several 'eq' statements, even when a range can be used (for a sufficiently small range), can reduce LOU usage. see: http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00800c9470.shtml#wp43669 short answer to acl tuning: it's platform dependent. i've also discovered some nasty (but very cost-saving) tricks that can combine seemingly unrelated lines by using discontiguous networks/masks. you really either need to generate them from a readable source, be the only one who is reading/writing the resulting acls, or use comments and/or remarks to explain the math. -- - bill fumerola / [EMAIL PROTECTED] _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
