CS Document 1260-v4
CHEP06: Effect of dynamic ACL (access control list) loading on performance of Cisco routers.
- Public document
- Same as Viewable by
- An ACL (access control list) is one of a few tools that network administrators often use to restrict access to various network objects. ACLs can also be used to control forwarding of traffic, facilitating so-called policy based routing. There is a current need to update ACLs dynamically by programmable tools with as low latency as possible.
At Fermilab we have approximately four years of experience in the area of dynamic reconfiguration of network infrastructure. However, dynamic updates also introduce significant challenges for performance of networking devices. This paper introduces the results of our research, as well as practical experience in dynamic configuration of network infrastructure by using various types of ACLs. The questions that we seek to answer include what is the maximum size of the ACL, how frequently it can be downloaded without significant impact on router CPU utilization and forwarding capabilities, updating of active versus passiv
- Files in Document:
- CHEP06 Paper: Effect of dynamic ACL loading on performance of Cisco routers (dynamic_ACL_Paper.pdf, 468.1 kB)
- CHEP06 Poster: Effect of dynamic ACL loading on performance of Cisco routers (dynamic_ACL_Poster.pdf, 358.7 kB)
- Associated with Events:
- CHEP2006 held from 13 Feb 2006 to 17 Feb 2006 in Mumbai, India