Methods are described for analyzing access list subsumption in routing
devices of a computer network and for identifying computer network
integrity violations, by producing structured data that includes stored
router names and access lists that include elements with address/mask
pairs, or patterns used to filter data into and out of a routing device,
respectively; determining whether access lists in the structured data
include elements in which a first element in the access list has a more
general or equal address/mask pair, or pattern, respectively, than a
second or subsequent element, or pattern; and storing in electronic
memory a report of elements or a list of patterns, respectively, in which
a first element or pattern is more general than or equal to a second or
subsequent element or pattern.