A Simplified Method for Optimising Sequentially Processed Access Control Lists

Grout, Vic and Davies, John N (2010) A Simplified Method for Optimising Sequentially Processed Access Control Lists. In: UNSPECIFIED.

[img]
Preview
PDF
fulltext.pdf

Download (462kB) | Preview

Abstract

Among the various options for implementing Internet packet filters in the form of Access Control Lists (ACLs), is the intuitive – but potentially crude – method of processing the ACL rules in sequential order. Although such an approach leads to variable processing times for each packet matched against the ACL, it also offers the opportunity to reduce this time by reordering its rules in response to changing traffic characteristics. A number of heuristics exist for optimising rule order in sequentially processed ACLs and the most efficient of these can be shown to have a beneficial effect in a majority of cases and for ACLs with relatively small numbers of rules. This paper presents an enhancement to this algorithm by reducing part of its complexity. Although the simplification involved leads to an instantaneous lack of accuracy, the long-term trade-off between processing speed and performance can be seen, through experimentation, to be positive. This improvement, though small, is consistent and worthwhile and can be observed in the majority of cases.

Item Type: Conference or Workshop Item
Additional Information: Copyright © 2010 IEEE. This is a reprint of a paper that was presented at the Sixth Advanced International Conference on Telecommunications AICT 2010 9-15 May, held in Barcelona, Spain. It was published by the IEEE computer society and details of the published paper are available at http://doi.ieeecomputersociety.org/10.1109/AICT.2010.8 This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Glyndwr University's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org
Keywords: internet traffic, access control, lists, packet, classification, ACL, optimisation, δ-opt, ε-opt
Divisions: ?? GlyndwrUniversity ??
Depositing User: ULCC Admin
Date Deposited: 05 Oct 2011 09:13
Last Modified: 11 Dec 2017 20:06
URI: http://glyndwr.repository.guildhe.ac.uk/id/eprint/209

Actions (login required)

Edit Item Edit Item