Techniques and algorithms for access control list optimization

Access control lists are core features of today’s internetwork routers. They serve several purposes, most notably in filtering network traffic and securing critical networked resources. However, the addition of access control lists increases packet latency due to the overhead of extra computations involved. This paper presents simple techniques and algorithms for optimizing access control lists that can reduce significantly expected packet latencies without sacrificing security requirements. The emphasis throughout the paper is in providing a modular approach that can be implemented either fully or partially, both online and offline, based on the amount of overhead allowed. It also shows empirically and analytically where and why the greatest potential for optimization lies.