
On 1/Jul/15 17:04, Nick Hilliard wrote:
Naah, trie compilation is simple, particularly with a line oriented configuration like IOS (one of the worse offenders). Once the config is syntax-checked, a regexp will split it out trivially and the binary form of the data can be compiled. Even on Junos, that sort of config will be handled by lex/yacc, which is highly optimised.
Insertion / deletion of data in a patricia trie is ridiculously fast and there are a couple of bsd licensed implementations out there.
My experience around this was mostly when Cisco began introducing Turbo ACL's. There seemed to be a few problems around that time, but it was such a long time ago that I barely remember the details. That said, I'm not quite sure if there are specific issues Jared and others are facing around this in their networks. From my side, none that we have witnessed. But then again, our configurations are significantly smaller because we do not take data from the IRR. Mark.