Access control lists are core features of today's internetwork routers. They serve several purposes, most notably in filtering network traffic and securing critical networked resources. However, the addition of access control lists increases packet latency due to the overhead of extra computations involved. This paper presents simple techniques and algorithms for optimizing access control lists that can reduce significantly expected packet latencies without sacrificing security requirements. The emphasis throughout the paper is in providing a modular approach that can be implemented either fully or partially, both online and offline, based on the amount of overhead allowed. It also shows empirically and analytically where and why the greatest potential for optimization lies.
[1]
Faheem Bukhatwa.
High Cost Elimination Method for Best Class Permutation in Acces Lists
,
2004,
ICWI.
[2]
Avishai Wool,et al.
A quantitative study of firewall configuration errors
,
2004,
Computer.
[3]
Vic Grout,et al.
Real-time optimisation of access control lists for efficient Internet packet filtering
,
2007,
J. Heuristics.
[4]
Toby Velte,et al.
Cisco: A Beginner's Guide
,
1999
.
[5]
Scott Hazelhurst.
Algorithms for Analysing Firewall and Router Access Lists
,
2000,
ArXiv.
[6]
Ehab Al-Shaer,et al.
Firewall Policy Advisor for Anomaly Discovery and Rule Editing
,
2003,
Integrated Network Management.