guri@oakhill.UUCP (Gurvinder Singh Ahluwalia) (06/05/90)
At what stage is ACL verification done for a session? [Of course, it is done when a session is established]. I wouldn't like to think that every packet has to be ACL-verified. Does that sound right? If so, how are packets decided "go/no-go" across cisco ONCE a session has been established? How does the cisco relate to the concept of a session (for subsequent packets) AFTER a session has been authenticated at ACLs? Doing a per packet ACL-verification sounds like tremendous overhead. Secondly, what kind of search algorithm is implemented on ciscos for an optimum and effective ACL search? Gurvinder Ahluwalia Phone : 512/891-3310 Internet : guri@apogee.sps.mot.com (PREFERRED) UUCP : ...!oakhill!apogee@cs.utexas.edu
ssw@cica.cica.indiana.edu (Steve Wallace) (06/05/90)
In <3362@apogee.oakhill.UUCP> guri@oakhill.UUCP (Gurvinder Singh Ahluwalia) writes: >At what stage is ACL verification done for a session? >[Of course, it is done when a session is established]. IMHO, the cisco should have no notion of a session. When it's talking IP, everything is connectionless. The cisco has to examine every packet to decide where to route it. Doesn't seem like too much more overhead to check an ACL at the same time. One would assume that they have some-sort-of hash table. Of course, in the European OSI world things are different. Steven Wallace Indiana University wallaces@ucs.indiana.edu