Decreasing access control list processed in hardware

Authors:
Takumichi Ishikawa;Noriaki Yoshiura
Affiliations:
Department of Information and Computer Science, Saitama University, Saitama City, Saitama Prefecture, Japan;Department of Information and Computer Science, Saitama University, Saitama City, Saitama Prefecture, Japan
Venue:
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
Year:
2009

Citing 1
Cited 0

Real-time optimisation of access control lists for efficient Internet packet filtering

Journal of Heuristics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Access control list (ACL) is one of the most important things in computer network security. While cheap router or PC processes ACL by software, network equipment such as Layer 2 or 3 switch processes ACL by hardware because there is a speed limit in software process ability. The hardware process of ACL can handle high speed network packet, however, this capability limits ACL configuration such as the limit of the number of rules in ACL. This paper proposes the software that decreases the number of rules in ACL to satisfy the limit of hardware. This paper also evaluates this software by experiment in which this software is applied to practical ACL.