Quanah Gibson-Mount wrote:As a curiosity, servers matched by the first rules are about 5 or 6 times faster to response than servers matched by last rules. I thought that the ACL evaluation time will be uniform because the whole set of rules would be evaluated. this makes sense to someone?
This give me an extra advantage because I can sort the most important servers first to grant a fast response to critical apps.ACL evaluation results are stored in the idl cache, so the more a given rule is exercised, the quicker the result sets to that rule should be, if you have a good idl cache setting.No they are not. Index lookups are cached by the IDL cache; that has nothing to do with ACL evaluation.
Ah, sigh... Some confusion on my part there. ;)
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger than ever in the present religio-political climate. They often focus on fantasy and sf books, which foster that deadly enemy to bigotry and blind faith, the imagination." -- Ursula K. Le Guin