We have a Cisco 7204 VXR which acts as a border router. The Cisco 7204 VXR has two ATM interface from the internet for 45 Mbps, and one gigabit ethernet for out network. The gigabit ethernet is connected to Cisco 6509. One thing that happens on the border router is that the load is always high (around 30% without utilitizing turbo ACL, or around 21% by utilizing turbo ACL). That border router has around 25 -30 access lists.
The access lists mostly are used to : 1. Block the non routable IP address (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8). 2. Clean the incoming traffic 3. Protect the networks to common exploit, for example port 515, 110, etc. But the thing that is weird is when the ACL is moved to the CIsco 6509 which serves completely ethernet environment, the load on that Cisco 6509 just stays cool at 6%. What is the reason this thing happen ? is it because Cisco 6509 has better processing power then 7204 VXR, or because the 7204 VXR needs to convert cells (ATM) to frames (gigabit ethernet), look inside it, forward it, etc. etc. ? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36643&t=36643 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]