· Optimum Switching The default switching method for Cisco's 7500 and 7200 routers is called Optimum Switching. It is almost identical to Fast Switching. Optimum Switching is guaranteed to take place in four cycles, and the most recent entries are kept on the top of the table.

· Distributed Switching This technique takes advantage of the local VIP2 processors in the Cisco 7513. VIP2 cards are installed, one per slot, providing more potential CPU cycles than would be available on the main processor, the RSP (Route Switch Processor). With Distributed Switching, the local processor on the VIP2 still has to copy the packet into the main processor memory, so there is some reliance on the RSP. ACLs cannot use Distributed Switching.

· Cisco Express Forwarding CEF is the fastest type of switching available on the Cisco platform. This switching model requires a specific model VIP2 card (VIP2-50), which has a faster CPU and more memory than the standard VIP2. The additional memory is necessary as the whole routing table is distributed to each VIP2 card. The VIP2 card has all the information it requires to forward the packet, without having to touch the main CPU. Cisco's 8510 offers a similar technique, however: Its switching is accomplished via ASICs built into each line card. ACLs cannot use CEF either.

Our ongoing tests have proved that there are significant performance penalties once you enable ACLs, especially long ones such as the 200-line list that we used in our tests, because an access list cannot always take advantage of the fastest switching technique that might otherwise be available on the router.

Fortunately, there is another switching method that boosts the performance of access lists. This scheme, known as NetFlow Switching, has the added benefit of providing detailed accounting statistics, which can be invaluable for tracking down the source of security breaches. NetFlow Switching is available on both the 7200 and 7500 platforms, as well as on some of Cisco's lower-end units.