Path analysis service for identifying network configuration settings that block paths in virtual private clouds (VPCs)

Assignee

• AMAZON TECHNOLOGIES, INC. · US

Inventors

• Samuel Bayless · Vancouver, CA
• John David Backes · Minneapolis, US
• Daniel William Dacosta · Saint Paul, US
• Benjamin Jones · Seattle, US
• Patrick Trentin · Minneapolis, US
• Nathan Launchbury · Seattle, US
• Sagar Chintamani Joshi · Redmond, US
• Nandita Mathews · Seattle, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L43/0852
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

This disclosure describes techniques for identifying blocked paths and network configuration settings that block paths in networks, such as network paths in a virtual private cloud (VPC). The configuration of virtual networks depends on the correct configuration of many networking resources, such as firewalls, security groups, routing lists, access control lists (ACLs), and the like. In some cases, an analysis that uses formal methods can be performed to determine a network configuration of a virtual network. Using the network configuration information, network paths that are blocked and network configuration settings that may be blocking one or more of the network paths can be determined. The PAS can provide an explanation of what is blocking the network paths. For example, the PAS may identify that a configuration setting of a firewall, router, network gateway, an access control list (ACL), and the like may be blocking a network path.