At 15:07 1/08/97 +0200, Piotr Kolodziej wrote:
>Hello,
>
>I want to verify an opinion that number of
>clauses in access - list can dramatically affect
>performance of filtering (screening) router.
>Especially it was told about Cisco routers
>by someone who pretends to be an authority.
Piotr,
First note that my E-mail is probably biased ;-)
ACL parsing for all and every packet has of course
a performance impact... but, in most case it
is not visible and even measurable :-)
On high end router, you can even turn on
a feature called NetFlow switching which use a kind
of cache (indexed by IP addresses and TCP/UDP ports).
With Netflow, only the first packet goes through the ACL,
the following packets are not more checked against ACL.
Now about the 'established' keyword. Right, Cisco
router has had a bug in some particuliar config which
is solved for a long time now :-)
You can also expect a better and safer implementation
via the use of 'reflexive ACL' to be shipped in 11.3
(in the very coming months).
Hope this helps
-eric
Eric Vyncke
Technical Consultant Cisco Systems Belgium SA/NV
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: evyncke @
cisco .
com Mobile: +32-75-312.458
|
|
