Debugging Network Reachability with Blocked Paths

Sam Bayless, John D. Backes, Dan DaCosta, Benjamin F. Jones, Nate Launchbury, Patrick Trentin, Kelsey Jewell, Sagar Joshi, Michael Q. Zeng, Nandita Mathews

Published: 2021, Last Modified: 06 Jan 2026CAV (2) 2021EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: In this industrial case study we describe a new network troubleshooting analysis used by VPC Reachability Analyzer, an SMT-based network reachability analysis and debugging tool. Our troubleshooting analysis uses a formal model of AWS Virtual Private Cloud (VPC) semantics to identify whether a destination is reachable from a source in a given VPC configuration. In the case where there is no feasible path, our analysis derives a blocked path: an infeasible but otherwise complete path that would be feasible if a corresponding set of VPC configuration settings were adjusted.

External IDs:dblp:conf/cav/BaylessBDJLTJJZ20