Not sure what engine line cards you're running on your GSRs, but I've run into several a problems with ACLs on the GSR platform. It's not until you get to the E3 ISE or better LC where ACLs are handled reasonably.
Three problems from memory: * E0 line cards run the ACLs off the LC CPU and not ASICs. Thus you need to monitor the LC CPU to make sure you're ACL processing isn't impacting forwarding performance. * E2 3xGE "trident" LC. At the IOS rev we had, the LC could only do ACLs in one direction on the LC (I think inbound). If you wanted to do an outbound ACL, the ACL was actually copied and executed on all other LCs. This of course caused problems (bug) on another LC. * Pre E3 LC, pick one: ACLs or netflow. I'd avoid ACLs if you can null route it. Karsten wrote: > > I'll clarify. On lower end cisco routers not running > bgp, yes, it will save you some cpu cycles. But most > of the routers I'm working on a day to day basis(12Ks, 10Ks, 7200s) > are running full table and hardly get slowed by by acls. > Not to mention the problems a null route (for the purpose > of bit-bucketing) can do when your're using null routes for bgp. > > -Karsten > > On Thursday 03 April 2003 10:53 am, MADMAN wrote: > > Sloppy!? why?? > > > > Dave > > > > Karsten wrote: > > > Either a sloppy way to drop traffic for a /24, or bgp > > > summarization using null routing. > > > > > > -Karsten > > > > > > On Thursday 03 April 2003 07:40 am, Anil Gupte wrote: > > >>I am trying to understand some IP route commands on our router. Several > > >> of them go to Null0 - what does that mean? > > >> > > >>For example, I have > > >>ip route xxx.xxx.xxx.0 255.255.255.0 Null0 200 > > >> > > >>What is this doing? > > >> > > >>I need to add another block of class Cs from the same provider. Do I need > > >>a similar statement to the above? > > >> > > >>Thanx for your help. > > >>Anil Gupte > > >>Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66832&t=66755 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
