Premium Member Database last update: Tuesday, December 18, 2018 14:03:20 GMT-0700

Network Aggregation: More efficient Security

When it comes to network security and specifically the use of Access Control Lists, Network Managers, IT Managers and those managing inbound access can have their hands full when they create ACLs containing large amounts of data. For example, if you created an ACL to allow only the US and Canada the list may contain close to 62,000 networks. This equates to 62,000 lines in your ACL. This is a large ACL.

Large ACLs can become unruly and difficult to manage. They also can be a drain on hardware and software resources, firewalls, etc.

Proper use of Network Aggregation can solve much of this problem.

Network Aggregation is not a summary of networks within your ACL. Network Aggregation is a method used to consolidate your Access Control Lists. It accomplishes this by combining contiguous networks within your Access Control Lists into as many larger network ranges as possible. After consolidation, the result is then converted into valid networks.

For example, if you had the following two networks: and you could aggregate them and the result would be

But if you only had the following two networks: and you could not aggregate them into a larger network segment.

Aggregating the US and Canadian networks would reduce the size of your Access Control Lists by nearly 75%, while still maintaining the exact same number of IP addresses.

Another excellent example of the power of aggregation is the networks assigned to Italy. As of today, June 30, 2015, Italy has 166,389 networks assigned (more if you look at network reassignments and further subnetting). Imagine working with an Access Control List containing 166,389 lines. If you aggregate these network you can reduce the size of your ACL by 98.13% or to 3,112 lines.

Country IP Blocks has an Aggregation Module included with certain licenses.

Network aggregation is a more efficient use of your Access Control Lists.