You know your GSRs :). Yea I'm running almost all ISE LCs. For example on a particular one at PAIX that averages about a half or a Gig during peak on almost all of my interfaces I have at least some type of acl in both directions. I only see about 8% cpu useage, hardly any of which is the ACL (mostly bgp).
-Karsten On Friday 04 April 2003 03:49 am, bergenpeak wrote: > Not sure what engine line cards you're running on your GSRs, but I've > run into several a problems with ACLs on the GSR platform. It's not > until you get to the E3 ISE or better LC where ACLs are handled > reasonably. > > Three problems from memory: > > * E0 line cards run the ACLs off the LC CPU and not ASICs. Thus you > need > to monitor the LC CPU to make sure you're ACL processing isn't impacting > forwarding performance. > > * E2 3xGE "trident" LC. At the IOS rev we had, the LC could only do > ACLs in > one direction on the LC (I think inbound). If you wanted to do an > outbound > ACL, the ACL was actually copied and executed on all other LCs. This > of > course caused problems (bug) on another LC. > > * Pre E3 LC, pick one: ACLs or netflow. > > I'd avoid ACLs if you can null route it. > > Karsten wrote: > > I'll clarify. On lower end cisco routers not running > > bgp, yes, it will save you some cpu cycles. But most > > of the routers I'm working on a day to day basis(12Ks, 10Ks, 7200s) > > are running full table and hardly get slowed by by acls. > > Not to mention the problems a null route (for the purpose > > of bit-bucketing) can do when your're using null routes for bgp. > > > > -Karsten > > > > On Thursday 03 April 2003 10:53 am, MADMAN wrote: > > > Sloppy!? why?? > > > > > > Dave > > > > > > Karsten wrote: > > > > Either a sloppy way to drop traffic for a /24, or bgp > > > > summarization using null routing. > > > > > > > > -Karsten > > > > > > > > On Thursday 03 April 2003 07:40 am, Anil Gupte wrote: > > > >>I am trying to understand some IP route commands on our router. > > Several > > > > >> of them go to Null0 - what does that mean? > > > >> > > > >>For example, I have > > > >>ip route xxx.xxx.xxx.0 255.255.255.0 Null0 200 > > > >> > > > >>What is this doing? > > > >> > > > >>I need to add another block of class Cs from the same provider. Do I > > need > > > > >>a similar statement to the above? > > > >> > > > >>Thanx for your help. > > > >>Anil Gupte > > > >>Nondisclosure violations to [EMAIL PROTECTED] > Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66882&t=66755 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
