Title :
A Simplified Method for Optimising Sequentially Processed Access Control Lists
Author :
Grout, Vic ; Davies, John N.
Author_Institution :
Centre for Appl. Internet Res. (CAIR), Glyndwr Univ., Wrexham, UK
Abstract :
Among the various options for implementing Internet packet filters in the form of Access Control Lists (ACLs), is the intuitive - but potentially crude - method of processing the ACL rules in sequential order. Although such an approach leads to variable processing times for each packet matched against the ACL, it also offers the opportunity to reduce this time by reordering its rules in response to changing traffic characteristics. A number of heuristics exist for optimising rule order in sequentially processed ACLs and the most efficient of these can be shown to have a beneficial effect in a majority of cases and for ACLs with relatively small numbers of rules. This paper presents an enhancement to this algorithm by reducing part of its complexity. Although the simplification involved leads to an instantaneous lack of accuracy, the long-term trade-off between processing speed and performance can be seen, through experimentation, to be positive. This improvement, though small, is consistent and worthwhile and can be observed in the majority of cases.
Keywords :
Internet; optimisation; telecommunication traffic; ACL rules; Internet packet filters; complexity reduction; rule order optimision; sequentially processed access control list optimisation; traffic characteristics; Access control; Communication system traffic control; Filters; Information filtering; Internet; Optimization methods; Switches; TCPIP; Traffic control; World Wide Web; ACL optimisatio; Access control lists; Internet traffic; Packet classification; d-opt; e-opt;
Conference_Titel :
Telecommunications (AICT), 2010 Sixth Advanced International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-1-4244-6748-8
DOI :
10.1109/AICT.2010.8
