Solved: 3000 ACLs on a Cisco 6500 SUP 720

saimbt · ‎05-21-2009

Hi Gurus,

I need to add app 3000 ACLs on a Cisco 6500 SUP 720. Will the device take it and would there be any performance degrdation?

-Sai.

Jon Marshall · ‎05-21-2009

Sai

Okay, then see previous answer.

Jon

View solution in original post

Jon Marshall · ‎05-21-2009

Sai

Do you mean an acl with 3000 entries or 3000 separate acl's ?

Either way the 6500 with sup720 supports up to 32k of security acl's - see the sup720 datasheet for full details of what acl's are supported and how many -

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856.html

ACL processing is done in hardware by the PFC so you should not notice any real degredation, the more likely scenario is you start to run out of TCAM resources. Also it is important to note that under some circumstances ACL processing is done in software and here you would certainly notice a performance hit. Attached is a white paper on acl processing on the 6500, pay particular attention to what acl entries mean the 6500 has to process in software and also the TCAM merge optimisations -

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00800c9470.shtml

Jon

saimbt · ‎05-21-2009

Jon,

I meant 3000 entries which would be constantly accessed and processed.

-Sai.

Jon Marshall · ‎05-21-2009

Sai

Okay, then see previous answer.

Jon