Repository landing page
Optimization of delays experienced by packets due to ACLs within a domain
Abstract
The infrastructure of large networks is broken down into areas that have a common security policy called a domain. Security within a domain is commonly implemented at all nodes however this has a negative effect on performance since it introduces a delay associated with packet filtering. Recommended techniques for network design imply that every packet should be checked at the first possible ingress points of the network. When access control lists (ACL's) are used within a router for this purpose then there can be a significant overhead associated with this process. The purpose of this paper is to consider the effect of delays when using router operating systems offering different levels of functionality. It considers factors which contribute to the delay particularly due to ACL. Using theoretical principles modified by practical calculation a model is created for packet delay for all nodes across a given path in a domain- Routing
- Domain
- Performance
- Delay through Routers
- Access Control List
- Firewalls
- Inter-Firewall Optimisation
- IP packet filtering
- Computer and Systems Architecture
- Digital Communications and Networking
- Hardware Systems
- Systems and Communications
- Routing
- Domain
- Performance
- Delay through Routers
- Access Control List
- Firewalls
- Inter-Firewall Optimisation
- IP packet filtering
- Computer and Systems Architecture
- Digital Communications and Networking
- Hardware Systems
- Systems and Communications