On Thu, 22 May 2003 16:30:52 EDT, Gary Flynn <flynngnat_private> said: > I'm not sure what to say about the problems with > router performance. Other access control implementations > could probably be designed to improve the efficiency of > this process using (better?) hardware support for the > filtering function. The more modern Cisco boxes can handle fairly extensive ACLs at line speed, and you can optimize it a lot by realizing that 95% or more customer ports will have the "default" config and can share an ACL. And the Juniper and Fore gear has always done well in that area. However, there's a *LOT* of mom-n-pop ISPs out there who are running old Cisco boxes they bought on E-Bay ("Networking and Telecom > Routers, switches" currently has 12,205 items listed) - and when a 7206 is running $8K, and you can pick up a 2610 for $375, the 7206's added CPU to deal with ACL's better be able to save you some $7,500 for it to make business sense...
This archive was generated by hypermail 2b30 : Sun May 25 2003 - 21:41:14 PDT