Real-time optimisation of access control lists for efficient Internet packet filtering

Authors:
Vic Grout;John Mcginn;John Davies
Affiliations:
Centre for Applied Internet Research (CAIR), University of Wales, Wrexham, UK LL11 2AW;Centre for Applied Internet Research (CAIR), University of Wales, Wrexham, UK LL11 2AW;Centre for Applied Internet Research (CAIR), University of Wales, Wrexham, UK LL11 2AW
Venue:
Journal of Heuristics
Year:
2007

Citing 3
Cited 2

Local Search in Combinatorial Optimization

Local Search in Combinatorial Optimization
Computers and Intractability: A Guide to the Theory of NP-Completeness

Computers and Intractability: A Guide to the Theory of NP-Completeness
Modeling and Management of Firewall Policies

IEEE Transactions on Network and Service Management

Techniques and algorithms for access control list optimization

Computers and Electrical Engineering
Decreasing access control list processed in hardware

APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper considers an optimisation problem encountered in the implementation of traffic policies on network routers, namely the ordering of rules in an access control list to minimise or reduce processing time and hence packet latency. The problem is formulated as an objective function with constraints and shown to be NP-complete by translation to a known problem. Exact and heuristic solution methods are introduced, discussed and compared and computational results given. The emphasis throughout is on practical implementation of the optimisation process, that is within the tight constraints of a production network router seeking to reduce latency, on-line, in real-time but without the overhead of significant extra computation.