公开(公告)号：US11038889B2

公开(公告)日：2021-06-15

申请号：US16368695

申请日：2019-03-28

Applicant: Cisco Technology, Inc.

Inventor： Parag M. Panse ,  Brian Russell Kean ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L12/46

Abstract: Present technology is directed to a system and method for implementing an offline scheme to automatically and efficiently transform a set of conventional IP-based Access Control Entries in a supplied configuration into compressed form that can then be represented as Object-Group based Access Control Entries. The compression is performed on contiguous blocks of the supplied Access Control List having a common prescribed filtering access. The compression is performed by iteratively selecting a data field with mismatching data values across the ACEs and merging the data values into a corresponding data field of the output ACE. The common values of other data fields are then imported to the corresponding data fields of the output ACE. The process is repeated in an iterative manner by assigning a different data field as the selected data field for each iteration round.

公开(公告)号：US20200162467A1

公开(公告)日：2020-05-21

申请号：US16368695

申请日：2019-03-28

Applicant: Cisco Technology, Inc.

Inventor： Parag M. Panse ,  Brian Russell Kean ,  Sanjay Kumar Hooda

IPC: H04L29/06 ,  H04L12/46

Abstract: Present technology is directed to a system and method for implementing an offline scheme to automatically and efficiently transform a set of conventional IP-based Access Control Entries in a supplied configuration into compressed form that can then be represented as Object-Group based Access Control Entries. The compression is performed on contiguous blocks of the supplied Access Control List having a common prescribed filtering access. The compression is performed by iteratively selecting a data field with mismatching data values across the ACEs and merging the data values into a corresponding data field of the output ACE. The common values of other data fields are then imported to the corresponding data fields of the output ACE. The process is repeated in an iterative manner by assigning a different data field as the selected data field for each iteration round.