Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

memory/cpu usage by accesslists

Greetings & appreciations in advance,

I want to know as to how much memory or/and cpu usage is utilised by access-lists.

suppose i have configured 4 named access lists with 4 subcommands in them along with my other some 20 acls , is it under any way effect my cpu usage and if so , will it be too much as to create trouble in future.i have 3660 with ospf and bgp config with 64mb ram and 3 4T slots consumed



New Member

Re: memory/cpu usage by accesslists


The basic job of the router can be summarized as "...packets in, check the table, packets out...." Anything above and beyond that WILL increase CPU utilization, and more importantly, DRAM consumption. Remember that the router doesn't have a hard drive like a PC does, so when it needs additional memory because traffic is high, or it has lots of processes (not just routing) going on, it can't create a swap file--all it can do is drop packets and/or kill off processes and restart them when things slow back down.

Hard, mathematical calculations of how much DRAM and/or CPU are utilized by access-lists vary from platform to platform, and with the complexity and number of access-lists. The only real way to test is to check DRAM and CPU utilization without them and compare it to the statistics when they are in place. The best router configuration designs keep it to one access-list, unless the others are triggering some other functions like NAT, policy routing or dial-on-demand routing. (Remember that multiple lines starting "access-list 101..." are still considered one access-list.)

As for a 3660 with only 64 megs of DRAM--if it were me, I think I would have advised that you get more DRAM up front. Full BGP tables from the Internet typically take 80 megs of DRAM just for the tables themselves, not including any room for the BGP processing itself or for routing. If DRAM fills up and parts of the table have to be retransmitted from upstream, that will keep CPU utilization up, as well as the obvious DRAM consumption. The 3 NM-4Ts might be of concern, as well, depending on your version and feature pack of IOS. There is a memory calculator on the customer side of at that it might not hurt for you to take a look at. Keep in mind that the numbers you get from there are based around a simple config of "...packets in, check the table, packets out...." If you're doing NAT or access-lists or routing protocols or IPX--anything above the basics--you should consider generously upgrading DRAM. Just like with a PC, increasing DRAM gets you far more performance for the $$$ than anything else.

CreatePlease login to create content