| CPC H04L 63/101 (2013.01) [H04L 63/0254 (2013.01); H04L 63/0263 (2013.01)] | 20 Claims |
|
1. A method in a network device having stored in a memory thereof a plurality of filters generated from a first plurality of access control lists (ACLs), the method comprising:
receiving a second plurality of ACLs;
producing a first list comprising ACLs that are common to both the first and second plurality of ACLs, wherein the first list is a longest common subsequence (LCS) of the ACLs between the first and second plurality of ACLs;
storing into a merged list first filters generated from ACLs in the first and second plurality of ACLs that are not listed in the first list;
producing a plurality of second lists, each second list corresponding to an ACL listed in the first list and comprising rules that are common to both an ACL in the first plurality of ACLs and an ACL in the second plurality of ACLs that are identified by the listed ACL, wherein each second list is an LCS of the rules;
storing into the merged list second filters generated from rules in the first and second plurality of ACLs that are not in any of the plurality of second lists;
for each rule listed in each of the plurality of second lists:
producing third filters from a first rule in the first plurality of ACLs and fourth filters from a second rule in the second plurality of ACLs;
computing a third list comprising filters that are common to both the third and fourth filters, wherein the third list is an LCS of the filters; and
storing each of the third and fourth filters into the merged list, including setting a version bit of the filter being stored according to whether or not the filter is in the third list; and
replacing the plurality of filters stored in the memory of the network device with filters stored in the merged list.
|