An efficient scheme for SDN state consistency verification in cloud computing environment

• Published in: Concurrency and computation Vol. 32; no. 2
• Main Authors: Wang, Xiaoyan, Chen, Xingshu, Wang, Yitong, Ge, Long
• Format: Journal Article
• Language: English
• Published: Hoboken Wiley Subscription Services, Inc 25.01.2020
• Subjects: abnormal forwarding; Cloud computing; Consistency; consistency verification; OpenFlow; Program verification (computers); Real time; Software-defined networking; software‐defined networking (SDN); Virtual networks
• ISSN: 1532-0626; 1532-0634
• DOI: 10.1002/cpe.5440

Summary Software‐defined networking (SDN) decouples the control and data planes to simplify network management and function deployment. SDN provides a solution for managing large‐scale virtual networks in the cloud environment. However, in the process of SDN network update, various attacks can lead to network state inconsistency. In this paper, a comprehensive and efficient verification scheme is proposed to defend the security threats and guarantee the network state consistency in the cloud environment. The scheme verifies the consistency of network update from two stages of network update request and response. Firstly, the flow path model and the security space are ed to quickly verify whether the network request is allowed. Then, a novel forwarding path probing and verification method is designed to validate the actual forwarding path and locate the abnormal path in real time. With the two‐stage verification, the scheme can prevent the spread of illegal flow rules and ensure the correct delivery and execution of flow rules. Finally, we carry out a series of experiments in OpenStack. The results show that the proposed scheme can detect security threats and label the abnormal forwarding path in real time to ensure the network state consistency, while introducing negligible performance overhead.