Date of Award

3-1999

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Gregg H. Gunsch, PhD

Abstract

Organizations can no longer isolate their networks from the rest of the world and still remain competitive. An organization willing to compete in the world market must take the necessary precautions to protect its network, the systems located on those networks, and its mission critical data. There are performance issues associated with the use of access control lists (ACL); however, if ACLs are implemented properly and periodically reviewed, a secure network can be attained. This research attempts to determine how the growth of an ACL affects packet flow and router CPU consumption, and also identify the specific length of an access control list, such that overall router performance is degraded. Additionally, the packet validation model developed for this thesis will be used to provide insights on how access control lists can be optimized. To accomplish the research goals, the ACL Model was built using BONeS Designer. The ACL Model simulated the packet validation component of a network router. Simulations showed packet latency grew linearly as the length of an ACL grows. Optimization efforts showed improvements in the mean packet latency by ordering the ACLs based on a frequency analysis of the incoming data packets and the proper use of ACL terminator entries.

AFIT Designator

AFIT-GCS-ENG-99M-11

DTIC Accession Number

ADA361754

Comments

The author's Vita page is omitted.

Download

Share

COinS