I've been looking around and can't find the answer.
I want to create an ACL that's around 50-70,000 lines to only allow a few countries to hit our internet router.
What size router can handle that? Could a low utilization 2800 series do it?
The impact of an access list is a combination of how long and complex the access list is and also of how much traffic must be examined by the access list. Can you give us some information about the volume of traffic that the router will examine with this access list?
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
I'm sure there's some configuration limit - possibly much larger than the device can practically handle.
For software based routers, ACLs are normally processed sequentially. Excessively long ACLs could impose much more CPU processing. This might be mitigate by Netflow caching and/or Turbo ACL (latter only available on higher-end routers, e.g. 7200s).
For hardware based L3 switches, very long ACLs might exceed capacity of hardware resource, and then you have software based processing (which is often slower than many "slower" software based routers).
I don;t think you would need so many lines to allow a few countries. Beside, you can use BGP to block destinations by AS.