Real-time optimisation of access control lists for efficient Internet packet filtering

Real-time optimisation of access control lists for efficient Internet packet filtering

This paper considers an optimisation problem encountered in the implementation of traffic policies on network routers, namely the ordering of rules in an access control list to minimise or reduce processing time and hence packet latency. The problem is formulated as an objective function with constr...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of heuristics 2007-10, Vol.13 (5), p.435-454
Hauptverfasser: Grout, Vic, McGinn, John, Davies, John
Format: Artikel
Sprache:eng
Schlagworte:
Access control
Efficiency
Heuristic
Internet
Internet access
Optimization algorithms
Packet switched networks
Real time
Routers
Studies
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This paper considers an optimisation problem encountered in the implementation of traffic policies on network routers, namely the ordering of rules in an access control list to minimise or reduce processing time and hence packet latency. The problem is formulated as an objective function with constraints and shown to be NP-complete by translation to a known problem. Exact and heuristic solution methods are introduced, discussed and compared and computational results given. The emphasis throughout is on practical implementation of the optimisation process, that is within the tight constraints of a production network router seeking to reduce latency, on-line, in real-time but without the overhead of significant extra computation. [PUBLICATION ABSTRACT]
ISSN:1381-1231
1572-9397
DOI:10.1007/s10732-007-9019-1