Maximum Length of a QoS ACL

Unanswered Question
Sep 30th, 2010

We are using a standard setup which matches a QoS policy-map against Class-Maps using an ACL for certain types of traffic. We then DSCP mark this traffic on Egress and use WRED and CBWFQ.

for example:

access-list 101 permit tcp any any eq 3200
access-list 101 permit tcp any any eq 3600
access-list 101 permit udp any any eq 3200
access-list 101 permit udp any any eq 3600
access-list 101 permit udp any any eq 3299
access-list 101 permit tcp any 10.1.2.0 0.0.0.127 eq 1494
access-list 101 permit tcp any 10.1.2.0 0.0.0.127 eq 2598
access-list 101 permit tcp any 10.1.2.0 0.0.0.127 eq 22
access-list 101 permit tcp any 10.2.2.0 0.0.0.255 eq 1494
access-list 101 permit tcp any 10.2.2.0 0.0.0.255 eq 22
access-list 101 permit tcp any any eq 514
access-list 101 permit udp any any eq 514

Is there an accepted value for the maximum length of such an Access List before serious peformance issues might occur?

Can we use 20 lines?  50 lines? 100 lines?

We are using 2800, 2900, 3800, ISR Routers with 12.4T IOS.

Thanks in advance of your help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Calin Chiorean Fri, 10/01/2010 - 02:10

Hello Ray,

I didn't found a document to specify how many rules can you add in an ACL, but remember that the more rules you have the more processing time your device need and this will increase your latency over network. Due to the fact that devices process an ACL from Top to Bottom, you can imagine the difference in time and resources needed to process a 5 line ACL than a 100 one.

I will keep searching for a document with best practice and I'll post it here if I find such thing.

Calin

Actions

This Discussion