Available memory and performance with an extensive access list on a 1700
I'm thinking of implementing a very extensive access list on a 1700 series router to block spam (our email server is getting overloaded dropping the messages). I have been able to parse the spews Level 1 list into a format that I could drop into an IOS config file.
However, before I apply it, I'd like to get some feel for what performance impact it will have on traffic passing through the router. How big can an access list get before incoming traffic starts to slow noticably? 500 lines, 1000? 5000? 10,000? 20,000? (the SPEWS list is 8000 records). Also, will this level of records be likely to fit ok in the router memory (there is very little else in the configuration).
If anyone can provide some advice in this area I would appreciate it. Thanks for your help.
Re: Available memory and performance with an extensive access li
Since access lists are processed sequentially, a very long access list can dramatically affect performance and 8000 reconds is pretty long!
You can attempt to minimise this by structuring it so that the first entries generate the most hits so that the whole of the access list does not have to be parsed every time but there will still be some performance overhead.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...