[Agenda] [Examples] [Network Partitioning] [Concepts] [Policy] [Process] [Organization] [HW-SW] [Cases studies] [Conclusion] [Resources]
[first slide] Performance issues associated with Network Partitioning (3/4) [previous slide] [next slide]

* Filters size *


* IP filter size is an issue today in policy definition & filter generation tools
o Limited optimization in the generation -> long ACLs
o Difficulties to optimize in some cases
o Optimization must be different for each device or flow

* IP filter size is an issue today in network devices
o Minimum amount of memory
o Limited filtering language capabilities
   - for grouping IP adresses & subnets
   - for grouping services
   - for exceptions : all, except

*********************************************************************
HSC ® © Hervé Schauer Consultants December 1999 - 142, rue de Rivoli - F-75001 Paris - France
Phone: +33 141 409 700 - Fax: +33 141 409 709 - Email: <secretariat@hsc.fr>
- Page 24 -