Snipped ... >Hold on. It doesn't matter whether the ACL is host-based or >at coarser granularity. For any edge address or edge address >prefix (EID or EID prefix) that you may put in an edge ACL, >there is exactly one transit address or transit address >prefix, respectively, that you would put into an equivalent >core ACL. No need to have nightmares. > >Talking about performance: An ACL that can limit its looks to >a single place in the IP header (i.e., with translation) can >likely be more efficient that an ACL that needs to look into >an inner IP header behind a pair of LISP and UDP headers.
JD: In any map & encap scheme, won't a transit space router have to deal with a multiplicity of packet formats (e.g., both encapsulated and non-encapsulated packets) and won't it be a performance hit to figure out a packet's format and then look for the correct fields within it? > >- Christian > > > >-- >to unsubscribe send a message to [EMAIL PROTECTED] with the >word 'unsubscribe' in a single line as the message text body. >archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg > -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
