3000 ACLs on a Cisco 6500 SUP 720

Answered Question
May 21st, 2009

Hi Gurus,

I need to add app 3000 ACLs on a Cisco 6500 SUP 720. Will the device take it and would there be any performance degrdation?

-Sai.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 8 months ago

Sai

Okay, then see previous answer.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Thu, 05/21/2009 - 00:49

Sai

Do you mean an acl with 3000 entries or 3000 separate acl's ?

Either way the 6500 with sup720 supports up to 32k of security acl's - see the sup720 datasheet for full details of what acl's are supported and how many -

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856.html

ACL processing is done in hardware by the PFC so you should not notice any real degredation, the more likely scenario is you start to run out of TCAM resources. Also it is important to note that under some circumstances ACL processing is done in software and here you would certainly notice a performance hit. Attached is a white paper on acl processing on the 6500, pay particular attention to what acl entries mean the 6500 has to process in software and also the TCAM merge optimisations -

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00800c9470.shtml

Jon

saimbt Thu, 05/21/2009 - 01:15

Jon,

I meant 3000 entries which would be constantly accessed and processed.

-Sai.

Actions

This Discussion