ACL configuration management faces challenges including ambiguous intent interpretation, labor-intensive rule conflict detection, and poor scalability during deployment—exacerbated by current approaches’ heavy reliance on manual intervention, leading to errors and inefficiency. This paper proposes the first conflict-aware, LLM-driven ACL automation framework: it employs a domain-knowledge-enhanced large language model to map natural-language operational intents end-to-end into semantically precise ACL rules; integrates context-aware reasoning with formal conflict detection algorithms to automatically identify rule conflicts and generate resolution suggestions; and optimizes deployment strategies to minimize rule增量 (i.e., incremental rule additions). Evaluated on real cloud network infrastructure, the framework achieves over 10× improvement in configuration efficiency, successfully resolves conflicts at scale (hundreds of rules), and reduces newly added rules by ~40%. It significantly enhances ACL configuration accuracy, scalability, and maintainability.

ACL configuration is essential for managing network flow reachability, yet its complexity grows significantly with topologies and pre-existing rules. To carry out ACL configuration, the operator needs to (1) understand the new configuration policies or intents and translate them into concrete ACL rules, (2) check and resolve any conflicts between the new and existing rules, and (3) deploy them across the network. Existing systems rely heavily on manual efforts for these tasks, especially for the first two, which are tedious, error-prone, and impractical to scale. We propose Xumi to tackle this problem. Leveraging LLMs with domain knowledge of the target network, Xumi automatically and accurately translates the natural language intents into complete ACL rules to reduce operators' manual efforts. Xumi then detects all potential conflicts between new and existing rules and generates resolved intents for deployment with operators' guidance, and finally identifies the best deployment plan that minimizes the rule additions while satisfying all intents. Evaluation shows that Xumi accelerates the entire configuration pipeline by over 10x compared to current practices, addresses O(100) conflicting ACLs and reduces rule additions by ~40% in modern cloud network.