To minimize the impact that access lists have on network latency, network
engineers should optimize existing access lists. Using the show ip
access-list command shows information on which access list elements
are being heavily used and which ones are not. Using this information, they can
then re-write the access list such that the most heavily used elements are
nearest the top. Figures
and
show
this process for a simple access list.
Consider an access list which
must permit hosts 1-5 and 7-20 access to remote web servers, but block access
to that remote service for hosts 6 and 21-31.Changing the order of the access
list elements in this access list without regard to the overall reason of the
order would break the access list.
To optimize complex access lists, the
network administrator must identify groups of access list elements by purpose
or intention. These groups can then be ordered such that the most heavily-used
group of elements is nearest the top.