Hmm, that's more than I had expected... Thanks,
Ole ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.RouterChief.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Need a Job? http://www.OleDrews.com/job ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----Original Message----- From: Marc Thach Xuan Ky [mailto:[EMAIL PROTECTED]] Sent: Monday, April 22, 2002 10:00 AM To: Ole Drews Jensen Cc: [EMAIL PROTECTED] Subject: Re: ACL - Let's put some numbers on... [7:41738] Some time ago I was messing about with a 3640 and IIRC I measured about 70k pps (unidirectional traffic) with no acls. An acl where the traffic was permitted on the first line dropped it to about 55k pps. Pushing the permit acl lines down the list dropped another approx 1% throughput for each line processed. The IOS was probably 11.2. rgds Marc Ole Drews Jensen wrote: > > My first line of defence is a 3620, and I am using and ACL on the outside > interface for incoming traffic, trying to stop some of 'bad' traffic before > it continue to my firewall. I know how to design the access-list so the most > often received traffic is checked first, and so on, and I know that I should > keep it as simple as possible and not creating a huge access-list with 100's > of lines. > > However, it got me wondering. How much does it slow down the incoming > traffic everytime I add a new line to my access-list. This is a very hard > question to answer though, because if created well, most traffic should be > filtered out before halfway through the access-list, and I guess it also > depends on the speed of the processor. > > If we look at the 3620, it has an 80Mhz RISC processor, so if can someone > give me a result here? > > If we have a full T1 fully loaded with incoming traffic. How long delay > would there be per line-to-be-checked in an ingoing extended ACL? > > Thanks for your comments... > > Ole > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Ole Drews Jensen > Systems Network Manager > CCNP, MCSE, MCP+I > RWR Enterprises, Inc. > [EMAIL PROTECTED] > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > http://www.RouterChief.com > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Need a Job? > http://www.OleDrews.com/job > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42978&t=41738 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
