Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
991
Views
0
Helpful
2
Replies

IOS XR(6.0.2) IPv6 acl best practice

kokomiya
Cisco Employee
Cisco Employee

‎07-06-2017 05:37 PM

Hi,

 

My customer is using 6.0.2 with ASR 9010 (RSP-880) and considering setting IPv6 acl for the first time.

Please tell me the best practices of IPv6 acl.

 

Thanks,

Kota Komiya

Labels:
0 Helpful
2 Replies 2

Aleksandar Vidakovic
Cisco Employee
Cisco Employee

‎07-07-2017 06:00 AM

Hi Kota,

there is nothing specific to IPv6 access lists, except that they are using different TCAM Logical Table because IPV6 access list entries are longer than IPv4.

If your customer is planning on using very high scale IPv6 access lists, use "sh prm server tcam summary all all detail all location <location>" to see how much TCAM space is available. For IPv6 access-lists, look for NP_APP_ID_ACL in TCAM_LT_ODS8 table. If required, you can change the ODS2 (used by IPv4 access lists) to ODS8 (used by IPv6 access lists) ratio using this command:

RP/0/RSP0/CPU0:our9001(admin-config)#hw-module profile tcam ?
  default          Default tcam partitions ods2:ods8 to 60:40
  tcam-part-30-70  Set tcam partitions ods2:ods8 to 30:70
  tcam-part-40-60  Set tcam partitions ods2:ods8 to 40:60
  tcam-part-50-50  Set tcam partitions ods2:ods8 to 50:50
  tcam-part-70-30  Set tcam partitions ods2:ods8 to 70:30

Hope this helps,

/Aleksandar

0 Helpful

sbhadrav@cisco.com
Level 5
Level 5

‎05-30-2018 12:50 AM

In Cisco IOS XR software, ACL counters are maintained both in hardware and software. Hardware counters are used for packet filtering applications such as when an access group is applied on an interface. Software counters are used by all the applications mainly involving software packet processing.

Packet filtering makes use of 64-bit hardware counters per ACE. If the same access group is applied on interfaces that are on the same line card in a given direction, the hardware counters for the ACL are shared between two interfaces.

To display the hardware counters for a given access group, use the show access-lists ipv4 [access-list-name hardware {ingress | egress} [interface type interface-path-id] {location node-id}] command in EXEC mode.

To clear the hardware counters, use the clear access-list ipv4 access-list-name [hardware {ingress | egress} [interface type interface-path-id] {location node-id}] command in EXEC mode.

Hardware counting is not enabled by default for IPv4 ACLs because of a small performance penalty. To enable hardware counting, use the ipv4 access-group access-list-name {ingress | egress} [hardware-count] command in interface configuration mode. This command can be used as desired, and counting is enabled only on the specified interface.

0 Helpful
Customers Also Viewed These Support Documents