Performance Impact of ACLs

ACLs can degrade a router's performance. The effect of processing ACLs on a busy router can be significant.

Here are some of the rules you should keep in mind while implementing ACLs on a router so as to minimize their impact on performance:

  • ACLs are processed in a top-down manner. The packets are inspected first against the topmost entry in the access list, and then the access list is worked downward until a hit is made. (If no hit is made on an ACE in the access list, the implicit deny ACE at the end gets hit.) The ACL processing stops as soon as this occurs. Therefore, whenever possible, it is advisable to keep the entries most likely to be hit near the top of the access list.

  • As a general rule, a router's performance ...

Get Network Security Principles and Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial