[128866] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: (cisco, or any) acl reducers out there?

daemon@ATHENA.MIT.EDU (Randy Bush)
Wed Aug 18 23:01:04 2010

Date: Thu, 19 Aug 2010 12:00:48 +0900
From: Randy Bush <randy@psg.com>
To: George Michaelson <ggm@apnic.net>
In-Reply-To: <5F0D0E5F-2BB3-43EB-B56A-F622763D78C3@apnic.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

> something which can take a couple of hundred basic and extended ACLs and tell you
>  these <ten> don't work
>  these <twenty> conflict
>  the remaining <x> have a sequence and can reduce to this basic <x-y> set

maybe you could go the other direction.  as opposed to trying to digest
and correct cruft, generate the acls from something reasonable so that
they are canonic by construction.

randy


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[128866] in North American Network Operators' Group

Re: (cisco, or any) acl *reducers* out there?

daemon@ATHENA.MIT.EDU (Randy Bush)Wed Aug 18 23:01:04 2010

Re: (cisco, or any) acl reducers out there?

daemon@ATHENA.MIT.EDU (Randy Bush)
Wed Aug 18 23:01:04 2010