In a straight comparison, doing the NULL route is handled more efficiently on the router as its just standard L3 forwarding. If you do an ACL instead, the router has to do additional processing on the packet.
If you're running something like a GSR or 7609 and the right LC where ACLs are handled in ASICs, then is probably doesn't matter which approach you use. I don't see configuration complexity being sufficiently more complicated in either case so thats a push. Depending on your network requirements and topology, ACLs might be better as you can check src and dst. The null routes will only catch the traffic based on dst. With Null routing, you can confirm the routing is operating via a show ip route and few simple pings. Doing the same sort of verification when using ACLs to block might be more difficult (depending on where you put the ACLs). Irwan Hadi wrote: > > I'm curious which one is better to use and why in case I want > to filter > some IP addresses that I don't want them to talk with my > network, > by using ACL or by null routing them? Say that I have around 50 > to 100 > IP addresses. > Remember that I just want to filter the IP addresses, so I > don't care > about extended access-list. > > Thanks > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74282&t=74267 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
