From: Chris Wedgwood
On Tue, Aug 07, 2001 at 10:36:51AM +1200, Mark Davies wrote:
We had the cpu running at 100% on our border router till we tuned the access-lists to deal with traffic to port 80 early.
Ouch... what kind of router? Where was all the CPU being spent?
A cisco 2600 with a rather ugly set of access-lists having to deal with the probes for an entire Class B net. I was somewhat surprised that it couldn't deal with it as it was only about 100 probes a second (this was last Friday). Tweaking the access-lists got the load down to about 40-50%. cheers mark --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, Aug 07, 2001 at 11:09:51AM +1200, Mark Davies wrote: A cisco 2600 with a rather ugly set of access-lists having to deal with the probes for an entire Class B net. I was somewhat surprised that it couldn't deal with it as it was only about 100 probes a second (this was last Friday). Tweaking the access-lists got the load down to about 40-50%. What IOS version? Are you running compiled ACLs? That seems to help a fair bit if your CPU bound due to access-list activity. Also, you can try "show access-list blah" and reorder the most frequent terms to nearer the top. --cw --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (2)
-
Chris Wedgwood
-
Mark Davies