×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Performance on Cisco 3945 running IOS 15.3(3)

Unanswered Question

I have a very simple scenario with Cisco 3945 running IOS c3900-universalk9-mz.SPA.153-3.M.bin with two interfaces g0/0 (external) and g0/1 (internal).


I setup NAT on the router as follows:


ip cef


interface g0/0

  ip address 1.1.1.1 255.255.255.252

  ip nat outside


interface g0/1

  ip address 192.168.1.254 255.255.255.0

  ip nat inside


ip access-list extended nat

  permit ip 192.168.190.0 0.0.0.255 any


ip nat inside source list nat interface g0/0 overload


then I have a linux host with ip address 192.168.1.254 behind g0/1 with the gateway of the router 192.168.1.254.  I am able to push 950Mbps through the router without any issues.  So far so good.


No I decide to create an ACL and apply this ACL on interfage g0/0:


ip access-list extended External

  permit ip any any log


interface g0/0

  ip access-group External in



When I apply the ACL on the External interface, the throughput on the router goes from 950Mbps down to 160Mbps, an 80% drop in performance.  Why?


Anyone knows how to improve this?


Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lei Tian Sat, 10/05/2013 - 04:51
User Badges:
  • Cisco Employee,

Hi,


Is the log keyword. Log will force the packet being process switched, so performance will drop.


HTH,

Lei Tian

Joseph W. Doherty Sat, 10/05/2013 - 06:15
User Badges:
  • Super Bronze, 10000 points or more

Disclaimer


The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.


Liability Disclaimer


In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.


Posting


The ASR is a different architecture, it has hardware forwarding.  (Note: the ASR 1K series, seems to be somewhat like the earlier 7300 series with NSE-100 or -150 or the 7200 series with NSE-1.)


Additionally, the prior 7200s, but not ISRs, had a "compiled ACL" feature that would improve performance for lengthy ACLs - don't know if the ASR 1K has that too.


Non-technically, 3945 vs. ASR 1002 is comparing apples to oranges. 

Actions

This Discussion