Virtual Private Cloud (VPC) is the main network abstraction technology used in public cloud systems. VPCs are composed of a set of network services that permit the definition of complex network reachability properties among internal and external cloud entities such as tenants' VMs or some generic internet nodes. Although hiding the underlying complexity through a comprehensible abstraction layer, manually enforcing particular reachability intents in VPC networks is still notably error-prone and complex. In this paper, we propose AutoNet, a new model for assisting cloud tenants in managing reachability-based policies in VPC networks. AutoNet is capable of safely generating incremental VPC configurations while satisfying some metric-based high-level intent defined by the tenants. To achieve this goal, we leverage a MaxSAT-based encoding of the network configuration combined with several optimizations to scale to topologies with thousands of nodes. Our results show that the developed system is capable of achieving a sub-second response time for production VPC deployments while still providing fine-grained control over the generated configurations.

翻译：虚拟私有云（VPC）是公有云系统中主要的网络抽象技术。VPC由一组网络服务组成，这些服务允许在内部和外部云实体（如租户虚拟机或通用互联网节点）之间定义复杂的网络可达性属性。尽管通过易理解的抽象层隐藏了底层复杂性，但在VPC网络中手动实施特定的可达性意图仍然容易出错且复杂。本文提出AutoNet，一种协助云租户管理VPC网络中基于可达性策略的新模型。AutoNet能够在满足租户定义的基于度量的高层意图的同时，安全地生成增量式VPC配置。为实现这一目标，我们采用基于MaxSAT的网络配置编码，并结合多项优化以扩展到包含数千个节点的拓扑结构。结果表明，所开发系统能够在生产级VPC部署中实现亚秒级响应时间，同时对生成的配置提供细粒度控制。