A Modeling and Simulation Approach to Analyze the Workload Associated with the Growth of Network Router Access Control Lists
Date of Award
Master of Science
Department of Electrical and Computer Engineering
Gregg H. Gunsch, PhD
Organizations can no longer isolate their networks from the rest of the world and still remain competitive. An organization willing to compete in the world market must take the necessary precautions to protect its network, the systems located on those networks, and its mission critical data. There are performance issues associated with the use of access control lists (ACL); however, if ACLs are implemented properly and periodically reviewed, a secure network can be attained. This research attempts to determine how the growth of an ACL affects packet flow and router CPU consumption, and also identify the specific length of an access control list, such that overall router performance is degraded. Additionally, the packet validation model developed for this thesis will be used to provide insights on how access control lists can be optimized. To accomplish the research goals, the ACL Model was built using BONeS Designer. The ACL Model simulated the packet validation component of a network router. Simulations showed packet latency grew linearly as the length of an ACL grows. Optimization efforts showed improvements in the mean packet latency by ordering the ACLs based on a frequency analysis of the incoming data packets and the proper use of ACL terminator entries.
DTIC Accession Number
Lomsdalen, Douglas R., "A Modeling and Simulation Approach to Analyze the Workload Associated with the Growth of Network Router Access Control Lists" (1999). Theses and Dissertations. 5222.
The author's Vita page is omitted.