Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1456
Views
6
Helpful
6
Replies

Fast switching with ACL logging

francisco_1
Level 7
Level 7

‎09-08-2010 10:08 AM - edited ‎03-06-2019 12:53 PM

Guys,

I am trying to understanding how fast-switching respond to ACL logging. Does the ACL logging affect fast switching? The platform is 2811 12.4T code.

Francisco.

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎09-08-2010 12:08 PM

Francisco

Any packet that must be processed by the CPU, such as a packet that matches an ACL statement with the log parameter is effectively process switched.

HTH

Rick

HTH

Rick

Jon Marshall
Hall of Fame
Hall of Fame
In response to Richard Burts

‎09-08-2010 12:12 PM

Sorry Rick, you jusy typed a bit faster than me

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎09-08-2010 12:19 PM

Jon

no problem. responses from various sources, sometimes overlapping because one hit enter while the other was still thinking and typing, are what make the forum so great. and I am glad that we were both taking the same basic approach in trying to answer this question.

HTH

Rick

HTH

Rick
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎09-08-2010 12:11 PM

Hi Francisco

Do you mean CEF switching ?

If a packet matches an acl entry with a log keyword then that packet is processed switched rather than switched by CEF which can obviously have a negative impact on the router performance.

Jon

0 Helpful

francisco_1
Level 7
Level 7
In response to Jon Marshall

‎09-08-2010 03:25 PM

I want to thank you both for for responses.

On the same topic i want to get you guys opinion regarding the command the command "ip access-list logging interval" my understanding is this command should help in enviroments like mine where we have thousands of ACL's logging enable to limits the effects of ACL logging–induced process switching by providing a rate limit for process-switched packets. The interval configured in the command should allow only one packet per interval to be process switched no matter how many log-enabled ACEs exist. Would you recommend this?

Also This functionality requires Cisco Express Forwarding and my concern is we have some platforms with fast-switching enable. any thought guys?

Francisco.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to francisco_1

‎09-09-2010 03:56 AM

Francisco

To get a really authoritative answer to this question would need someone from Cisco who has access to the code and can say what the software is really doing. The rest of us can only answer based on what we think the code is doing - but we can not be sure. So here is what I think:

I believe that the effect of the logging interval is to save some overhead in CPU processing by not producing a log record for each individual time that the access list statement is matched. With the first match you get a log record but within the logging interval all other matches do not produce individual log records and you get 1 log record for the interval. So if there were an additional 10 hits you produce 1 log record instead of 10 log records (looks like 90% saving in CPU).

But I do not believe that this has any effect on the process switching of the packets. When there is a match in the access list with the log parameter the packet must still be processed by the CPU to determine whether it is time to create a log record. So the savings is related to producing the actual log records not in processing the packet.

Anyone from Cisco able to respond about this?

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card