Abstract
Access Control Lists (ACLs) are an essential security component in network routers. ACLs can be geometrically modeled as a two-dimensional black and white grid; our interest is in the most efficient way to represent such a grid. The more general problem is that of Rectangle Rule Lists (RRLs), which is finding the least number of rectangles needed to generate a given pattern. The scope of this paper focuses on a restricted version of RRLs in which only rectangles that span the length or width of the grid are considered. Applegate et al.’s paper “Compressing Rectilinear Pictures and Minimizing Access Control Lists" gives an algorithm for finding an optimal solutions for strip-rule RRLs in \(O(n^3)\) time, where n is the total number of rows and columns in the grid. Following the structure of Applegate et al.’s algorithm, we simplify the solution, remove redundancies in data structures, and exploit overlapping sub-problems in order to achieve an optimal solution for strip-rule RRLs in \(O(n^2 \) log n) time.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Applegate, D., Călinescu, G., Johnson, D.S., Karloff, H.J., Ligett, K., Wang, J.: Compressing rectilinear pictures and minimizing access control lists. In: Bansal, N., Pruhs, K., Stein, C. (eds.) Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2007, New Orleans, Louisiana, USA, 7–9 January 2007, pp. 1066–1075. SIAM (2007)
de Berg, M., van Kreveld, M., Overmars, M., Schwarzkopf, O.: Computational Geometry, 2nd edn. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-662-04245-8
Comerford, P., Davies, J.N., Grout, V.: Reducing packet delay through filter merging. In: Proceedings of the 9th International Conference on Utility and Cloud Computing, UCC 2016, pp. 358–363. ACM, New York (2016). https://doi.org/10.1145/2996890.3007854
Daly, J., Liu, A.X., Torng, E.: A difference resolution approach to compressing access control lists. IEEE/ACM Trans. Netw. 24(1), 610–623 (2016). https://doi.org/10.1109/TNET.2015.2397393
Gouda, M.G., Liu, A.X.: Structured firewall design. Comput. Netw. 51(4), 1106–1120 (2007). https://doi.org/10.1016/j.comnet.2006.06.015
Kang, N., Liu, Z., Rexford, J., Walker, D.: Optimizing the “One Big Switch” abstraction in software-defined networks. In: Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies, CoNEXT 2013, pp. 13–24. ACM, New York (2013). https://doi.org/10.1145/2535372.2535373
Kang, N., Reich, J., Rexford, J., Walker, D.: Policy transformation in software defined networks. In: Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM 2012, pp. 309–310. ACM, New York (2012). https://doi.org/10.1145/2342356.2342424
Kogan, K., Nikolenko, S., Culhane, W., Eugster, P., Ruan, E.: Towards efficient implementation of packet classifiers in SDN/OpenFlow. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, HotSDN 2013, pp. 153–154. ACM, New York (2013). https://doi.org/10.1145/2491185.2491219
Liu, A.X., Meiners, C.R., Torng, E.: TCAM Razor: a systematic approach towards minimizing packet classifiers in TCAMs. IEEE/ACM Trans. Netw. 18(2), 490–500 (2010). https://doi.org/10.1109/TNET.2009.2030188
Norige, E., Liu, A.X., Torng, E.: A ternary unification framework for optimizing TCAM-based packet classification systems. In: Proceedings of the Ninth ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2013, pp. 95–104. IEEE Press, Piscataway (2013)
Norige, E., Liu, A.X., Torng, E.: A ternary unification framework for optimizing TCAM-based packet classification systems. IEEE/ACM Trans. Netw. 26(2), 657–670 (2018). https://doi.org/10.1109/TNET.2018.2809583
Pao, D., Lu, Z.: A multi-pipeline architecture for high-speed packet classification. Comput. Commun. 54(C), 84–96 (2014). https://doi.org/10.1016/j.comcom.2014.08.004
Sun, Y., Kim, M.S.: Bidirectional range extension for TCAM-based packet classification. In: Crovella, M., Feeney, L.M., Rubenstein, D., Raghavan, S.V. (eds.) NETWORKING 2010. LNCS, vol. 6091, pp. 351–361. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12963-6_28
Sun, Y., Kim, M.S.: Tree-based minimization of TCAM entries for packet classification. In: Proceedings of the 7th IEEE Conference on Consumer Communications and Networking Conference, CCNC 2010, pp. 827–831. IEEE Press, Piscataway (2010)
Zhang, Y., Natarajan, S., Huang, X., Beheshti, N., Manghirmalani, R.: A compressive method for maintaining forwarding states in SDN controller. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN 2014, pp. 139–144. ACM, New York (2014). https://doi.org/10.1145/2620728.2620759
Acknowledgments
Ian’s research was done while at Illinois Institute of Technology, and supported by the Brazil Scientific Mobility Program. Gruia’s and Nathan’s work was done while at Illinois Institute of Technology, and supported by the National Science Foundation under awards NSF-1461260 (REU).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Da Silva, I.A.R., Calinescu, G., De Graaf, N. (2018). Faster Compression of Patterns to Rectangle Rule Lists. In: Tang, S., Du, DZ., Woodruff, D., Butenko, S. (eds) Algorithmic Aspects in Information and Management. AAIM 2018. Lecture Notes in Computer Science(), vol 11343. Springer, Cham. https://doi.org/10.1007/978-3-030-04618-7_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-04618-7_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04617-0
Online ISBN: 978-3-030-04618-7
eBook Packages: Computer ScienceComputer Science (R0)