QoS ACL- Maximum Length?

[NettableWalker]

Hi,

We are using a standard setup which matches a QoS policy-map against Class-Maps using an ACL for certain types of traffic. We then DSCP mark this traffic on Egress and use WRED and CBWFQ.

for example:

access-list 101 permit tcp any any eq 3200
access-list 101 permit tcp any any eq 3600
access-list 101 permit udp any any eq 3200
access-list 101 permit udp any any eq 3600
access-list 101 permit udp any any eq 3299
access-list 101 permit tcp any 10.1.2.0 0.0.0.127 eq 1494
access-list 101 permit tcp any 10.1.2.0 0.0.0.127 eq 2598
access-list 101 permit tcp any 10.1.2.0 0.0.0.127 eq 22
access-list 101 permit tcp any 10.2.2.0 0.0.0.255 eq 1494
access-list 101 permit tcp any 10.2.2.0 0.0.0.255 eq 22
access-list 101 permit tcp any any eq 514
access-list 101 permit udp any any eq 514

Is there an accepted value for the maximum length of such an Access List before serious peformance issues might occur?

Can we use 20 lines? 50 lines? 100 lines?

We are using 2800, 2900, 3800, ISR Routers with 12.4T IOS.

Thanks in advance of your help.

 

[vipergg]

I don't know of any limitations . If you know which entries will get hit the most put those at the top of the list. Wouldn't think you should need 100 lines for a policy though.