[128891] in North American Network Operators' Group
Re: (cisco, or any) acl *reducers* out there?
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Thu Aug 19 13:00:42 2010
In-Reply-To: <alpine.BSF.2.00.1008191155101.13945@iguana.reptiles.org>
Date: Thu, 19 Aug 2010 13:00:37 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Cat Okita <cat@reptiles.org>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Aug 19, 2010 at 11:55 AM, Cat Okita <cat@reptiles.org> wrote:
> On Thu, 19 Aug 2010, George Michaelson wrote:
>>
>> I have been looking at acl management s/w in the freecode space and I can
>> find lots of tools which manage/distribute and test ACLs in routers.
>>
>> I'm wondering if anyone has written a parser which can construct
>> rule-trees and get rid of the cruft, unusable, order-misorder and other
>> issues in a large ACL pool?
>
> Something similar to this?
>
> http://www.hpl.hp.com/techreports/2008/HPL-2008-111.pdf
>
this paper, while full of math and graphs and sh*t, doesn't make my
acl management simpler, clearer or more complete... I keep trying to
push my acls through the paper, no joy yet.
there's code or something somewhere that implements the algorithms and
graphs and sh*t that the paper shows in a pretty fashion?
-Chris
(btw, you owe me some neosporin to take care of all the paper cuts)
