[afnog] Cisco ACL

Mark Tinka mtinka at globaltransit.net
Thu May 27 16:35:07 UTC 2010


On Friday 28 May 2010 12:09:50 am Alan Whinery wrote:

> Also take special note of the effects of acl logging on
>  cpu load; if you put "log" at the end, your fast
>  switching scheme (cef, et al) can get bypassed.

Would only generally recommend logging if you're 
troubleshooting your service, and keep it off as a default, 
otherwise.

Depending on your platform, ACL logging can be done in the 
hardware path, i.e., logging does not affect your CPU, but 
is instead handled in the data plane. Of course, this is 
only supported on a few platforms (usually those that 
support hardware-based forwarding).

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://afnog.org/pipermail/afnog/attachments/20100528/6537d0ba/attachment.pgp>


More information about the afnog mailing list