Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL length limit -- 50,000 lines?

I've been looking around and can't find the answer.

I want to create an ACL that's around 50-70,000 lines to only allow a few countries to hit our internet router.
What size router can handle that? Could a low utilization 2800 series do it?

Thanks,

Jon

Everyone's tags (3)
4 REPLIES
Hall of Fame Super Silver

ACL length limit -- 50,000 lines?

Jon

The impact of an access list is a combination of how long and complex the access list is and also of how much traffic must be examined by the access list. Can you give us some information about the volume of traffic that the router will examine with this access list?

HTH

Rick

New Member

ACL length limit -- 50,000 lines?

There's not too much traffic. I would say the average is maybe 100 unique connections with the bandwidth peak being ~30megs.

Super Bronze

ACL length limit -- 50,000 lines?

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

I'm sure there's some configuration limit - possibly much larger than the device can practically handle.

For software based routers, ACLs are normally processed sequentially.  Excessively long ACLs could impose much more CPU processing.  This might be mitigate by Netflow caching and/or Turbo ACL (latter only available on higher-end routers, e.g. 7200s).

For hardware based L3 switches, very long ACLs might exceed capacity of hardware resource, and then you have software based processing (which is often slower than many "slower" software based routers).

Hall of Fame Super Gold

ACL length limit -- 50,000 lines?

I don;t think you would need so many lines to allow a few countries. Beside, you can use BGP to block destinations by AS.

1199
Views
0
Helpful
4
Replies