Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
4
Helpful
4
Replies

Turbo (compiled) access lists

Go to solution
scott.bradley
Level 1
Level 1

‎09-18-2003 07:10 AM - edited ‎03-09-2019 04:51 AM

hi all,

Can anyone tell me how compiled access lists make the descision on how they segment the access lists into the first level lookup tables

I am not looking for a PhD thesis on how it works but a general overview of how it decides and tabulates.

regards

Scott

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
scoclayton
Level 7
Level 7
In response to scott.bradley

‎09-19-2003 07:11 AM

Scott,

OK, definetly a 10,000 foot view here as reading the spec made my brain hurt ;)

Essentially, what we do with Turbo ACL's is we take the internal set of access-lists and build a set of data tables. Each ACE in the ACl gets an "index" value assigned to it. This index value is computed based on an algorithm that looks at the source IP, dest IP, protocol, L4 port, etc... When a packet comes into a PIX that has turbo ACL's configured, this same "indexing" occurs and a value is determined. We then use that value that is computed for the new packet and compare it to the values assigned to the individual ACE's in the data tables to find the ACE that the new packet would match and then process the packet accordingly.

This lookup process has been shown to be MUCH faster than the standard linear lookup used with a linked list ACL (normal).

Anyway, that is more or less the crux of it. Hope this helps shed some light.

Scott

View solution in original post

0 Helpful
4 Replies 4

Go to solution
jmia
Level 7
Level 7

‎09-18-2003 08:01 AM

Hi Scott -

Might be of help on TACLs (Turbo ACLs):

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dttacl.htm

Thanks - Jay.

Go to solution
scott.bradley
Level 1
Level 1
In response to jmia

‎09-18-2003 08:30 AM

Thanks Jay,

Unfortunately I had already looked over that one and all it seems to tell me is that the access lists are compiled. It doesn't cover how it tabulates or how it matches the packets as them come in.

I am assuming that it summarises the lists into a table but is that it? Is it that each ACL is tabulated and that looing up the table is faster then sequentially going through the list?

It's not life or death I am just curious really.

Scott

0 Helpful

Go to solution
rcarskadden
Level 1
Level 1
In response to scott.bradley

‎09-18-2003 09:43 AM

I second this request, and actually, I am looking for the phd version. Any technical information would be greatly appreciated.

0 Helpful

Go to solution
scoclayton
Level 7
Level 7
In response to scott.bradley

‎09-19-2003 07:11 AM

Scott,

OK, definetly a 10,000 foot view here as reading the spec made my brain hurt ;)

Essentially, what we do with Turbo ACL's is we take the internal set of access-lists and build a set of data tables. Each ACE in the ACl gets an "index" value assigned to it. This index value is computed based on an algorithm that looks at the source IP, dest IP, protocol, L4 port, etc... When a packet comes into a PIX that has turbo ACL's configured, this same "indexing" occurs and a value is determined. We then use that value that is computed for the new packet and compare it to the values assigned to the individual ACE's in the data tables to find the ACE that the new packet would match and then process the packet accordingly.

This lookup process has been shown to be MUCH faster than the standard linear lookup used with a linked list ACL (normal).

Anyway, that is more or less the crux of it. Hope this helps shed some light.

Scott

0 Helpful
Customers Also Viewed These Support Documents