Saturday, 12 April 2008

Boost Performance of Cisco Routers

Making your routers more secure and speeding them up can be the same things sometimes as reducing the load on the processor by disabling service you’re not using also prevents these services from being a security risk to you later, simple services like the ones below are often not used and can be disabled.

no cdp run
no ip source-route
no ip classless
no service tcp-small-serv
no service udp-small-serv
no ip finger
no service finger
no ip bootp server
no ip http server
no ip name-server
no boot network
no service config

Equally interfaces have services that might not be needed as well, these changes might not make much of an impact on a small amount of traffic but when your line if highly loaded every ms second count.

interface eth0/0
description Outside interface to 14.1.0.0/16 net
no ip proxy-arp
no ip directed-broadcast
no ip unreachable
no ip redirect
ntp disable

Improvements can also be made to your access lists some Cisco router models support compiled access control lists, called “turbo ACLs”, in IOS 12.1(6), and later. Using compiled access control lists can greatly reduce the performance impact of long lists.

To enable turbo access lists on a router, use the configuration mode command access-list compiled. (If your IOS does not support compiled access lists, the command will generate an error.) Once this facility is enabled, IOS will automatically compile all suitable access lists into fast lookup tables, while preserving their matching semantics.

Once you have enabled turbo access lists, you can view statistics about them using the command show access-list compiled. If you apply access lists with more than 5 rules to any high-speed interfaces, then you should employ this feature to improve performance.

No comments: