08-31-2019 06:37 PM
Hi there,
I learned from CCNA that we had better put the most frequently hit ACEs on the top of the ACL to prevent unnecessary matching before hit. However, I read some material and found that TCAM is used for ACL matching. One of the advantage of CAM/TCAM is that they provide parallel searching. Does that mean we don't really need to put the most frequently hit ACEs on the top when the switch is equipped with TCAM for ACL?
Solved! Go to Solution.
09-01-2019 02:31 PM
The advice to put the entry with the most hits at the top of the access list was based on the behavior of IOS routers which do a sequential search. As devices have gotten smarter and gotten more hardware assists, and especially as switches develop technology such as TCAM it becomes less important to have that entry at the top of the access list.
Having said that, I will say that I believe that it is still good advice to have the entry with the most hits at the top of the access list, especially if the access list is at all complicated. If that entry is first then you are sure that it will be executed. If that entry comes lower in the list then there is some possibility that an error in the logic of the access list might prevent that entry from executing.
HTH
Rick
09-01-2019 08:02 AM
09-01-2019 02:31 PM
The advice to put the entry with the most hits at the top of the access list was based on the behavior of IOS routers which do a sequential search. As devices have gotten smarter and gotten more hardware assists, and especially as switches develop technology such as TCAM it becomes less important to have that entry at the top of the access list.
Having said that, I will say that I believe that it is still good advice to have the entry with the most hits at the top of the access list, especially if the access list is at all complicated. If that entry is first then you are sure that it will be executed. If that entry comes lower in the list then there is some possibility that an error in the logic of the access list might prevent that entry from executing.
HTH
Rick
09-02-2019 10:44 AM
09-01-2019 05:09 PM
Thanks for your reply, Joseph and Rick.
09-01-2019 07:08 PM
You are quite welcome. I am glad that our comments have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This has been an interesting discussion, especially in terms of thinking about the progression of devices with process switching/sequential search to devices with hardware assist/TCAM and how advice about arranging the order of access list entries has changed/not changed. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide