Hard to imagine that it would be more efficient outbound on s3 rather than
inbound on s2. The router would have to go to all the trouble of determining
the path for the packet, only to drop it... seems kinda foolish.
The process of reading the header and running down the access list entries
for a match is processor intensive, but it should not be more or less
intensive in any one direction... the process is still the same, isn't it?
Dale
[=`)
>From: "Martin Eriksson" <[EMAIL PROTECTED]>
>Reply-To: "Martin Eriksson" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: accesslists outbounds?
>Date: Wed, 23 Aug 2000 13:01:27 +0200
>
>Hi!
>
>Found a little something in the CCNA Router and Switching Study Guide
>(http://www.rkingma.com/cisco/TestHome.htm).
>that I can't really recall reading anywhere else..
>
>A simple scenario...
>
>s1 10.10.10.102
> |
> |---------------routerA---------s3 10.10.20.1
> |
>s2 10.10.10.101
>
>Access-list 1 permit 10.10.10.101
>Access-list 1 deny 10.10.10.0 0.0.0.255
>
>According to the text: " We could apply it as an inbound filter on Router
>A's interface to network 10.10.10.0, or as an outbound filter on Router A's
>interface to network 10.10.20.0. Outbound filters are less processor
>intensive for the router, so let's apply it outbound.".
>
>It's the last part I get confused with, "outbound filters are less
>processor intensive".
>I thought it was the opposite that it's better to stop the packets at the
>entry instead of the exit.
>
>I'm sure someone can sort things up for me..
>
>best regards!
>Martin, E
>
>
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
