Fermilab Computing Division

CS Document 1260-v4

CHEP06: Effect of dynamic ACL (access control list) loading on performance of Cisco routers.

Document #:
Document type:
Submitted by:
Andrey Bobyshev
Updated by:
Andrey Bobyshev
Document Created:
11 Nov 2005, 16:34
Contents Revised:
09 Feb 2006, 11:19
Metadata Revised:
09 Feb 2006, 11:19
Viewable by:
  • Public document
Modifiable by:
  • Same as Viewable by

Quick Links:
Latest Version

Other Versions:
09 Feb 2006, 11:18
08 Feb 2006, 11:56
11 Nov 2005, 16:34
An ACL (access control list) is one of a few tools that network administrators often use to restrict access to various network objects. ACLs can also be used to control forwarding of traffic, facilitating so-called “policy based routing”. There is a current need to update ACLs dynamically by programmable tools with as low latency as possible.
At Fermilab we have approximately four years of experience in the area of dynamic reconfiguration of network infrastructure. However, dynamic updates also introduce significant challenges for performance of networking devices. This paper introduces the results of our research, as well as practical experience in dynamic configuration of network infrastructure by using various types of ACLs. The questions that we seek to answer include what is the maximum size of the ACL, how frequently it can be downloaded without significant impact on router CPU utilization and forwarding capabilities, updating of active versus passiv
Associated with Events:
CHEP2006 held from 13 Feb 2006 to 17 Feb 2006 in Mumbai, India
DocDB Home ]  [ Search ] [ Authors ] [ Events ] [ Topics ]

DocDB Version 8.8.10, contact Document Database Administrators