Performance impact of a large ACL list.
Jeremy C. Reed
jreed at isc.org
Tue Feb 5 01:01:38 UTC 2013
On Mon, 4 Feb 2013, Augie Schwer wrote:
> Does anyone have any experience using a large ( 1k ) entry ACL list?
> Was there any performance degradation?
>
> I haven't implemented my ACL yet, but it has quickly ballooned up, and I am
> hoping to get some advice from others in a similar situation.
It has been a few years since I researched this. (I should re-add this
to my existing performance and resource usage tests.)
BIND 9.5 had various ACL improvements including support for O(1) ACL
processing, based on radix tree code. As one example, with 20,000 to
100,000 ACLs some of my tests for 9.4 only has around 80 to 400 qps,
while the new version has around 21,000 qps.
More information about the bind-users
mailing list