公开(公告)号：US11206175B1

公开(公告)日：2021-12-21

申请号：US17117930

申请日：2020-12-10

Applicant: Amazon Technologies, Inc.

Inventor： Samuel Bayless ,  John David Backes ,  Daniel William Dacosta ,  Benjamin F Jones ,  Patrick Trentin ,  Nathan Launchbury ,  Sagar Chintamani Joshi ,  Nandita Mathews

IPC: G06F15/177 ,  H04L12/24 ,  H04L12/26

Abstract: This disclosure describes techniques for identifying blocked paths and network configuration settings that block paths in networks, such as network paths in a virtual private cloud (VPC). The configuration of virtual networks depends on the correct configuration of many networking resources, such as firewalls, security groups, routing lists, access control lists (ACLs), and the like. In some cases, an analysis that uses formal methods can be performed to determine a network configuration of a virtual network. Using the network configuration information, network paths that are blocked and network configuration settings that may be blocking one or more of the network paths can be determined. The PAS can provide an explanation of what is blocking the network paths. For example, the PAS may identify that a configuration setting of a firewall, router, network gateway, an access control list (ACL), and the like may be blocking a network path.