IMPLEMENTATION OF REFLEXIVE ACCESS CONTROL LISTS ON DISTRIBUTED PLATFORMS

摘要

Systems and methods are provided to facilitate the filtering of data packets without substantially interrupting traffic flow in distributed systems. In one implementation, a network device includes a first line card associated with a first interface and adapted to maintain a first access control list. The network device further includes a second line card associated with a second interface and adapted to maintain a second access control list. A service card of the network device is adapted to maintain a reflexive access control list, wherein the reflexive access control list is referenced by an entry of the first access control list and by an entry of the second access control list. Outbound and inbound data packets matching the entries of the first or second access control lists may be forwarded to the service card for processing while unmatching data packets may be passed between networks or dropped as appropriate.