Feb 13 – 17, 2006
Tata Institute of Fundamental Research
Europe/Zurich timezone

Effect of dynamic ACL (access control list) loading on performance of Cisco routers.

Feb 15, 2006, 9:00 AM
9h 10m
Tata Institute of Fundamental Research

Tata Institute of Fundamental Research

Homi Bhabha Road Mumbai 400005 India
poster Computing Facilities and Networking Poster

Speaker

Mr Andrey Bobyshev (FERMILAB)

Description

An ACL (access control list) is one of a few tools that network administrators are often using to limit access to various network objects, e.g. restrict access to the certain network areas for specific traffic patterns. The ACLs are also used to control forwarding traffic, e.g. for implementing so-called policy based routing. Nowadays demand is to do update of ACLs dynamically by programmable tools with as low latency as possible. At Fermilab we have about 4 years experience in the area of dynamic reconfiguring network infrastructure. However, dynamic updates are also introduce significant challenge for performance of networking devices. This article will introduce the results of our research and practical experience in dynamic configuring of network infrastructure by using various types of ACLs. The questions that we will try to answer are what is maximum size of ACL, how frequently it can be downloaded without impact on router's CPU utilization and forwarding capabilities, updating of active vs passive ACL, updates of multiple ACLs.

Primary authors

Mr Andrey Bobyshev (FERMILAB) Mrs Donna Lamore (Fermilab) Mr Phil Demar (FERMILAB)

Presentation materials