Software release 6.2 introduced a new feature called turbo ACLs . Turbo ACLs decrease the time it takes to scan through large access lists. Large access lists take longer to process because every entry might need to be scanned for a possible match. The longer it takes to scan the access list, the slower your traffic will be. Turbo ACLs create a compiled index against large access lists that contain 19 or more entries. This index is similar to a database index or an index in a book. The PIX scans the index for a match instead of the list itself. This reduces the time it takes to search for possible matches in an ACL, making your throughput faster. Some of the requirements needed for turbo ACLs are as follows :
Turbo ACLs speed things up but are very memory intensive , requiring 2.1MB of free memory. Therefore, smaller PIX firewalls such as the 501 cannot use turbo ACLs because they don't have enough free memory in flash.
The turbo ACLs command is access-list compile , and the following is an example of compiling all your access lists: Pixfirewall(config)# access-list compiled You can also be selective on which access lists you compile by placing the name of the ACL in the command, as shown here: Pixfirewall(config)# access-list Let-Peter-In compiled To view turbo ACLs, you use the show access-list command; to delete a compiled access list, you use the no access-list compiled .
|