Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3305
Views
0
Helpful
4
Replies

ACL length limit -- 50,000 lines?

Jon Derrenbacker
Level 1
Level 1

‎05-07-2012 07:38 AM - edited ‎03-04-2019 04:16 PM

I've been looking around and can't find the answer.

I want to create an ACL that's around 50-70,000 lines to only allow a few countries to hit our internet router.
What size router can handle that? Could a low utilization 2800 series do it?

Thanks,

Jon

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎05-07-2012 07:48 AM

Jon

The impact of an access list is a combination of how long and complex the access list is and also of how much traffic must be examined by the access list. Can you give us some information about the volume of traffic that the router will examine with this access list?

HTH

Rick

HTH

Rick
0 Helpful

Jon Derrenbacker
Level 1
Level 1
In response to Richard Burts

‎05-07-2012 07:57 AM

There's not too much traffic. I would say the average is maybe 100 unique connections with the bandwidth peak being ~30megs.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎05-07-2012 10:31 AM

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

I'm sure there's some configuration limit - possibly much larger than the device can practically handle.

For software based routers, ACLs are normally processed sequentially.  Excessively long ACLs could impose much more CPU processing.  This might be mitigate by Netflow caching and/or Turbo ACL (latter only available on higher-end routers, e.g. 7200s).

For hardware based L3 switches, very long ACLs might exceed capacity of hardware resource, and then you have software based processing (which is often slower than many "slower" software based routers).

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame

‎05-07-2012 11:11 AM

I don;t think you would need so many lines to allow a few countries. Beside, you can use BGP to block destinations by AS.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card