The infrastructure of large networks is broken down into areas that have a common security policy called a domain. Security within a domain is commonly implemented at all nodes however this has a negative effect on performance since it introduces a delay associated with packet filtering. Recommended techniques for network design imply that every packet should be checked at the first possible ingress points of the network. When access control lists (ACL's) are used within a router for this purpose then there can be a significant overhead associated with this process. The purpose of this paper is to consider the effect of delays when using router operating systems offering different levels of functionality. It considers factors which contribute to the delay particularly due to ACL. Using theoretical principles modified by practical calculation a model is created for packet delay for all nodes across a given path in a domain.
Computer and Systems Architecture | Digital Communications and Networking | Hardware Systems | Systems and Communications
Davies, J.N, Comerford, P. and Grout, V. (2011) Optimization of delays experienced by packets due to ACLs within a domain” [Paper presented to The 4th International Conference on Internet Technologies and Applications, Glyndwr University held at Glyndŵr University, 6-9th September, 2011]. Published in the Conference Proceedings pp. 277-284.
Digital Commons Citation
Davies, John N.; Comerford, Paul; and Grout, Vic, "Optimization of delays experienced by packets due to ACLs within a domain" (2011). Computing. Paper 83.