When it comes to network security and specifically the use of Access Control Lists, Network Managers, IT Managers and those managing inbound access can have their hands full when they create ACLs containing large amounts of data. For example, if you created an ACL to allow only the US and Canada the list may contain close to 80,000 networks. This requires 80,000 lines in your ACL.
Large ACLs may become unruly, cumbersome and difficult to manage. They also can be a drain on hardware and software resources, taxing memory while overloading some firewalls. Aggregation is the solution.
Aggregating these IP ranges offers an excellent remedy to this problem. Aggregation is an excellent solution to reducing the size of large Access Control Lists.
Network Aggregation is not a summary of networks within your ACL. Network Aggregation is a method used to consolidate your Access Control Lists. It accomplishes this by combining contiguous networks within your Access Control Lists into as many larger network ranges as possible. After consolidation, the result is then converted into valid IP networks.
For example, if you had the following two networks: 192.168.0.0/24 and 192.168.1.0/24 you could aggregate them and the result would be 192.168.0.0/23.
Aggregating the US and Canadian networks currently reduces the size of your Access Control Lists by 71%, while still maintaining the exact same number of IP addresses.
Another excellent example of the power of aggregation is the networks assigned to Italy. As of today, April 10, 2019, Italy has 171,995 networks assigned (more if you look at network reassignments and further subnetting). Imagine working with an Access Control List containing this many lines. If you aggregate these networks you can reduce the size of your ACL by 96.9% or to 5,325 lines. An incredible improvement.
Make your network security more efficient by using aggregation.