Automating Conflict-Aware ACL Configurations with Natural Language Intents
This addresses the tedious and error-prone manual configuration of ACLs for network operators, offering a domain-specific automation solution.
The paper tackles the problem of automating Access Control List (ACL) configuration in networks by proposing Xumi, which uses LLMs to translate natural language intents into ACL rules, detect and resolve conflicts, and optimize deployment. Evaluation shows it accelerates configuration by over 10x, handles O(100) conflicting ACLs, and reduces rule additions by ~40% in cloud networks.
ACL configuration is essential for managing network flow reachability, yet its complexity grows significantly with topologies and pre-existing rules. To carry out ACL configuration, the operator needs to (1) understand the new configuration policies or intents and translate them into concrete ACL rules, (2) check and resolve any conflicts between the new and existing rules, and (3) deploy them across the network. Existing systems rely heavily on manual efforts for these tasks, especially for the first two, which are tedious, error-prone, and impractical to scale. We propose Xumi to tackle this problem. Leveraging LLMs with domain knowledge of the target network, Xumi automatically and accurately translates the natural language intents into complete ACL rules to reduce operators' manual efforts. Xumi then detects all potential conflicts between new and existing rules and generates resolved intents for deployment with operators' guidance, and finally identifies the best deployment plan that minimizes the rule additions while satisfying all intents. Evaluation shows that Xumi accelerates the entire configuration pipeline by over 10x compared to current practices, addresses O(100) conflicting ACLs and reduces rule additions by ~40% in modern cloud network.