Bruno Fernandes wrote: > > Nop the issue is related with netflow switching as you now the > logic here is "route one switch many" this is done using MLSP wich > is protocol used between the MSFC (L3 engine) and in your case Sup 1A > (L2 engine), as soon as a flow is edentified the packet's belonging to > that FLOW are switched, so the problem is, as you apply L3 ACL it would > "destroy flow-switching" because you would need to inspect all the > packet's and would always to take the packet to the L3 engine. BUT in > your configuration you have a PFC (Policy Feature Card) wich permit's > you to apply ACL at the L2 stage, so the ACL are processed at the PFC > card without performance issue that's one of the main reasons for having > a PFC.
Our performance concern is with CPU utilization. While layer two switching may improve overall throughput, it would seem to have little impact on the main CPU utilitization assuming the ACLs are processed in hardware. True? -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
