A Modeling and Simulation Approach to Analyze the Workload Associated with the Growth of Network Router Access Control Lists
Abstract
Organizations can no longer isolate their networks from the rest of the world and still remain competitive. An organization willing to compete in the world market must take the necessary precautions to protect its network, the systems located on those networks, and its mission critical data. There are performance issues associated with the use of access control lists (ACL); however, if ACLs are implemented properly and periodically reviewed, a secure network can be attained. This research attempts to determine how the growth of an ACL affects packet flow and router CPU consumption, and also identify the specific length of an access control list, such that overall router performance is degraded. Additionally, the packet validation model developed for this thesis will be used to provide insights on how access control lists can be optimized. To accomplish the research goals, the ACL Model was built using BONeS Designer. The ACL Model simulated the packet validation component of a network router. Simulations showed packet latency grew linearly as the length of an ACL grows. Optimization efforts showed improvements in the mean packet latency by ordering the ACLs based on a frequency analysis of the incoming data packets and the proper use of ACL terminator entries.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 1999
- Accession Number
- ADA361754
Entities
People
- Douglas R. Lomsdalen
Organizations
- Air Force Institute of Technology