Effect of dynamic ACL (access control list) loading on performance of Cisco routers.
Presented by Mr. Andrey BOBYSHEV on 15 Feb 2006 from 09:00 to 09:20
Track: Computing Facilities and Networking
An ACL (access control list) is one of a few tools that network administrators are often using to limit access to various network objects, e.g. restrict access to the certain network areas for specific traffic patterns. The ACLs are also used to control forwarding traffic, e.g. for implementing so-called policy based routing. Nowadays demand is to do update of ACLs dynamically by programmable tools with as low latency as possible. At Fermilab we have about 4 years experience in the area of dynamic reconfiguring network infrastructure. However, dynamic updates are also introduce significant challenge for performance of networking devices. This article will introduce the results of our research and practical experience in dynamic configuring of network infrastructure by using various types of ACLs. The questions that we will try to answer are what is maximum size of ACL, how frequently it can be downloaded without impact on router's CPU utilization and forwarding capabilities, updating of active vs passive ACL, updates of multiple ACLs.