A set of algorithms that given
(i) a blacklist containing the source IP addresses of unwanted traffic and
(ii) a constraint on the number of filters,
they construct a compact set of ranges of IP addresses that should be blocked using one filter per IP range, so as to optimize the tradeoff between the unwanted and legitimate traffic that is blocked.
It can be used as the logic for formulating a compact set of filtering rules (ACLs) in the TCAM of routers that want to block unwanted traffic.
The algorithms are computationally efficient and thus feasible at high speeds; the optimality means that we achieve the best possible use of available filters in a TCAM.
|United States Of America||Issued Patent||8,539,576||09/17/2013||2008-811|