[Dshield] ACL impact on router performance

John Hardin johnh at aproposretail.com
Fri Feb 20 15:48:43 GMT 2004

On Thu, 2004-02-19 at 22:28, Al Reust wrote:
> If I enter a Class B and what has to happen in RAM the 
> Processor and IOS. It had to expand the 65+ thousand addresses and check 
> each one for and exact match before the next ACL entry.

You've *got* to be kidding! If that's true, my respect for Cisco's
coders just went negative. Haven't they heard of applying the netmask to
the target address before doing the comparison??

