Hi, could someone please tell me the best (most efficient way) of implementing ACL's to filter IP by L3/L4 on the 6500 Platform.
Specifically we are using 6509/720-3b's and have a requirement to filter traffic upto Layer 4, logging exception entries to a syslog server for security purposes.
I have been reading on the relative merits of RACL/VACL/PACL. It sounds like VACL will do a job for me - but will there be any performance benefit over using standard RACL ??
ACL's are processed in hardware on the 6500 with exceptions (there are always exceptions). See the attached link for details on how the 6500 handles ACL's and when ACL processing is done in software as opposed to hardware.
If you are logging exceptions you should also consider OAL (Optimised ACL logging) which is also covered in the attached link.