Following an incident happened some times ago I supposed we had a big CPU impact due to ACL logging denied packets.
As I have a cat6509 not yet in production, I used it for tests, applying configurations suggested on the following documents
logging rate-limit 100 except errors
logging ip access-list cache interval 10
mls rate-limit unicast ip icmp unreachable acl-drop 0
logging ip access-list cache out (on the L3 interface)
ICMP Unreachables are suppressed.
Test results were:
with 20k pkts/sec about 50% CPU
with many more (more than 100M bit of small hostile packets) about 85% CPU
What I did not understand is that the CPU usage had the same result using optimized ACL or not using it (I saw in logs OACL were running correctly and matched)
Supervisor is a WS-F6K-PFC3B, gigabit boards have CFC installed.
Any idea on this odd result?