Links Explaining How ACLs Are Processed?

[RookThis]

Does anyone have any information explaing how ACLs are processed. I have a reflexive access list that I've applied to a particular subnet and the users are complaining that it's slower than when they work off machines that are not restricted. With that in mind I am thinking it's possibly the ACL that is slowing them down. I want to understand how the ACLs are handled when flows are received by the router, and to see if I can tune something to make things faster.

This is on a 6500 SupII/MSFC2 12.1.8b.E15

Thanks,

 

[BuckWeet]

Since its reflexive, it might be getting process switched..

whereas the other devices are hardware switched...

why do you need reflexive ACLs?

 

[RookThis]

Thanks for the response.

I selected reflexive because they wanted to only allow traffic back in from devices that they were allowed to access and deny everything else for one. Another reason is because by using reflexive the filter can be timed-out after a certain period of time, instead of having that connection constantly available. I hope this makes sense. How can I determine when it's process switched as opposed to hardware switched.

 

[BuckWeet]

you could do 'show int statistics'

that won't tell you exactly what ip is processed switched..

but for any given layer 3 interface it will tell you if/what traffic overall is being process switched.