Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNA) > Discussions

_Communities

449 Views 1 Reply Latest reply: May 5, 2012 4:01 PM by Elvin Arias RSS

Currently Being Moderated

CBAC vs RACL Performances

May 5, 2012 2:45 PM

Jeremie 3 posts since
May 5, 2012

Hello,

 

It has already been discussed in several posts of this forum what can CBAC and RACL respectivel do and cannot do.

However something that i've been curious about is their respective memory and cpu cost.

CBAC memory usage is stated to be aroun 600 bytes per connection but i cannot find that information about RACL.

 

This question is derived from another wich is:

"In a system where we have access to both and where we actually need both (ftp will require CBAC and the possibility of replies comming by multiple interfaces require RACL)... for the traffic that could be controled by both (ex: http with no special limitations)... which one should one prefer?"

 

Thank you for your help in the matter.

  • Elvin Arias 1,859 posts since
    Mar 12, 2010
    Currently Being Moderated
    1. May 5, 2012 4:01 PM (in response to Jeremie)
    Re: CBAC vs RACL Performances

    CBAC consume more resources by nature. A RACL can't do stateful inspection, but CBAC does enable an internal stateful engine that requires more memory and CPU than normal ACLs. If you have more sessions the router inspecting the traffic will increase the amount of session entries. Cisco's sort of optimized the CBAC entries by creating a hashing-based mechanism in order to internally identify and organized the stateful table. You can certainly limit the amount of sessions or even the amount of the table size.

     

    Elvin

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)