Jon Marshall Thu, 05/21/2009 - 00:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sai


Do you mean an acl with 3000 entries or 3000 separate acl's ?


Either way the 6500 with sup720 supports up to 32k of security acl's - see the sup720 datasheet for full details of what acl's are supported and how many -


http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856.html


ACL processing is done in hardware by the PFC so you should not notice any real degredation, the more likely scenario is you start to run out of TCAM resources. Also it is important to note that under some circumstances ACL processing is done in software and here you would certainly notice a performance hit. Attached is a white paper on acl processing on the 6500, pay particular attention to what acl entries mean the 6500 has to process in software and also the TCAM merge optimisations -


http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00800c9470.shtml


Jon

saimbt Thu, 05/21/2009 - 01:15
User Badges:

Jon,


I meant 3000 entries which would be constantly accessed and processed.


-Sai.

Correct Answer
Jon Marshall Thu, 05/21/2009 - 01:20
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sai


Okay, then see previous answer.


Jon

Actions

This Discussion