Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Grout, Vic; Davies, John N; McGinn, John
Publisher: Glyndŵr University Research Online
Languages: English
Types: Article
Subjects: Optimisation, ACLs, Packet latency, Access Control Lists, Computer Engineering
The difficulty of efficiently reordering the rules in an Access Control List is considered and the essential optimisation problem formulated. The complexity of exact and sophisticated heuristics is noted along with their unsuitability for real time implementation embedded in the hardware of the network device. A simple alternative is proposed, in which a very limited rule reordering is considered following the processing of each packet. Simulation results are given from a range of traffic types. The method is shown to achieve savings that make its use worthwhile for lists longer than a given number of rules. This number is dependent on traffic characteristics but generally around 25 for typical network conditions.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • [10] Al-Shaer, E. and Hamed, H., Modeling and Management of Firewall Policies, IEEE Transactions on Network and Service Management, Vol. 1-1, April 2004.
    • [11] Grout, V., McGinn, J. and Davies, J., Reducing Processing Latency in Network Packet Filters, Proceedings of the Fifth International Network Conference (INC 2005), Samos, Greece, July 2005, pp3-10.
    • [12] Varghese, G., Networking Algorithmics: An interdisciplinary approach to designing fast networking devices, Morgan Kaufmann, 2005.
    • [15] Suehring, S. and Ziegler, R., Linux Firewalls (3rd edition), Novell Press, 2005. John McGinn was awarded the BSc(Hons) degree in Multimedia Computing by the University of Wales in 2000 and is currently working towards the PhD degree as a Research Fellow in the Centre for Applied Internet Research (CAIR) at the University of Wales, NEWI (UK). John's research interests include network protocols and standards and distributed collaboration and visualisation. He has published and presented a number of technical papers on topics from information visualisation to ACL optimisation. He is a member of the British Computer Society (BCS) and the Institution of Engineering and Technology (IET).
  • No related research data.
  • No similar publications.

Share - Bookmark

Cite this article