| 摘要 |
Systems and methods consistent with the present invention provide better scheme for updating access control list (ACL) rule entries in a ternary content addressable memory (TCAM). In a firewall, ACL rules are scanned for each packet arriving in a router or switch to determine if a match exists between the packet and any of the patterns. Depending on the pattern matched, the corresponding action may be either to accept or to deny the packet. These rules are stored in a TCAM, and new or updated rules may be added to the TCAM. Systems and methods consistent with the present invention determine whether the new or updated rule has a dependency conflict with existing rules in the TCAM. If not, the rule can be inserted anywhere in the TCAM. Accordingly, the TCAM associated with a firewall's ACL can be updated more quickly and efficiently.
|
