OK, OK, I see what you mean, but suppose that s1, s2, s4 and s5 are
point-to-point links to stub networks, but s3 is a connection to the core,
or to the Internet, or anywhere else such that the majority of the traffic
entering the router on any other interface leaves through s3. In this case,
nearly all the traffic entering the router gets passed through the access
list as opposed to the traffic from a single interface (s2).
I would strongly avoid saying that outbound lists are generally less
processor intensive, but instead you might say that in certian
configurations they can be... I think that "IN GENERAL", most access lists
are processor intensive, and placement of the access list, inbound or
outbound, should be evaluated on a case-by-case basis to determine which
approach is most efficient.
It all comes back to: "What is the problem you are trying to solve?"
It's really starting to sink in... Thanks Howard!
Dale
[=`)
>From: "Atif Awan" <[EMAIL PROTECTED]>
>
>they say that outbound access lists are less processor intensive because
>the
>router has only to process those packets destined for the destination you
>are trying to affect. When you apply it inbound then the router has to
>match
>each packet coming into that interface even though that packet might not be
>relevant to the access list. The scenario presented is just a simple one
>and
>in this case it does not matter where you place the access list but think
>of
>two more serial interfaces in addition to S3. if you apply the access list
>inbound then packets destined for S4 and S5 will also have to be processed
>through the list even though they have nothing to do with the S3 interface.
>
>So the conclusion is that "Outbound access lists are IN GENERAL less
>processor intensive than in bound access lists" ... remember IN GENERAL ...
>there can be exceptions
>
>Regards
>Atif
>
>-----Original Message-----
>From: Dale Holmes <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
><[EMAIL PROTECTED]>
>Date: Wednesday, August 23, 2000 8:04 PM
>Subject: Re: accesslists outbounds?
>
>
> >Hard to imagine that it would be more efficient outbound on s3 rather
>than
> >inbound on s2. The router would have to go to all the trouble of
>determining
> >the path for the packet, only to drop it... seems kinda foolish.
> >
> >The process of reading the header and running down the access list
>entries
> >for a match is processor intensive, but it should not be more or less
> >intensive in any one direction... the process is still the same, isn't
>it?
> >
> >Dale
> >[=`)
> >
> >
> >>From: "Martin Eriksson" <[EMAIL PROTECTED]>
> >>Reply-To: "Martin Eriksson" <[EMAIL PROTECTED]>
> >>To: <[EMAIL PROTECTED]>
> >>Subject: accesslists outbounds?
> >>Date: Wed, 23 Aug 2000 13:01:27 +0200
> >>
> >>Hi!
> >>
> >>Found a little something in the CCNA Router and Switching Study Guide
> >>(http://www.rkingma.com/cisco/TestHome.htm).
> >>that I can't really recall reading anywhere else..
> >>
> >>A simple scenario...
> >>
> >>s1 10.10.10.102
> >> |
> >> |---------------routerA---------s3 10.10.20.1
> >> |
> >>s2 10.10.10.101
> >>
> >>Access-list 1 permit 10.10.10.101
> >>Access-list 1 deny 10.10.10.0 0.0.0.255
> >>
> >>According to the text: " We could apply it as an inbound filter on
>Router
> >>A's interface to network 10.10.10.0, or as an outbound filter on Router
>A's
> >>interface to network 10.10.20.0. Outbound filters are less processor
> >>intensive for the router, so let's apply it outbound.".
> >>
> >>It's the last part I get confused with, "outbound filters are less
> >>processor intensive".
> >>I thought it was the opposite that it's better to stop the packets at
>the
> >>entry instead of the exit.
> >>
> >>I'm sure someone can sort things up for me..
> >>
> >>best regards!
> >>Martin, E
> >>
> >>
> >
> >________________________________________________________________________
> >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> >___________________________________
> >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> >FAQ, list archives, and subscription info: http://www.groupstudy.com
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
