Summary
Software‐defined networking (SDN) decouples the control and data planes to simplify network management and function deployment. SDN provides a solution for managing large‐scale virtual networks in the cloud environment. However, in the process of SDN network update, various attacks can lead to network state inconsistency. In this paper, a comprehensive and efficient verification scheme is proposed to defend the security threats and guarantee the network state consistency in the cloud environment. The scheme verifies the consistency of network update from two stages of network update request and response. Firstly, the flow path model and the security space are abstracted to quickly verify whether the network request is allowed. Then, a novel forwarding path probing and verification method is designed to validate the actual forwarding path and locate the abnormal path in real time. With the two‐stage verification, the scheme can prevent the spread of illegal flow rules and ensure the correct delivery and execution of flow rules. Finally, we carry out a series of experiments in OpenStack. The results show that the proposed scheme can detect security threats and label the abnormal forwarding path in real time to ensure the network state consistency, while introducing negligible performance overhead.