(cisco, or any) acl *reducers* out there?
George Michaelson
ggm at apnic.net
Thu Aug 19 03:23:51 UTC 2010
On 19/08/2010, at 1:00 PM, Randy Bush wrote:
>> something which can take a couple of hundred basic and extended ACLs and tell you
>> these <ten> don't work
>> these <twenty> conflict
>> the remaining <x> have a sequence and can reduce to this basic <x-y> set
>
> maybe you could go the other direction. as opposed to trying to digest
> and correct cruft, generate the acls from something reasonable so that
> they are canonic by construction.
>
> randy
A reasonable call. Its probably where we'll be by default, because there isn't anything there and I think first principles upward is better than paring back.
Thanks for the responses (and Roland!)
I think its clear a tool like I asked doesn't exist, and very probably won't, anytime soon.
cheers
-G
More information about the NANOG
mailing list