Identifying configuration inconsistency in edge-based software defined networks (SDN)

We claim: 1. A system for identifying state inconsistency in edge-based software defined networks, comprising: a verification system comprising at least one hardware processor, the verification system connected to a controller of an edge-based software defined network (SDN), the verification system further connected to at least one end-host of the SDN, the end-host of the SDN comprising at least one hardware device that acts as at least one of a virtual switch and a router, the verification system comprising a data collection subsystem operable to receive controller network configuration data from the controller of an edge-based software defined network (SDN), the data collection subsystem further operable to receive end-host network configuration data from the end-host of the SDN, the verification system further comprising a state parsing subsystem operable to parse the controller network configuration data into a network state representation, the state parsing subsystem further operable to parse the end-host network configuration data into the network state representation, the verification system further comprising a state verification subsystem operable to compare the network state representation of the controller network configuration data and the end-host network configuration data to identify state inconsistency in the SDN, and responsive to identifying the state inconsistency, the state verification subsystem further operable to generate and transmit an alert signal to an administrator user interface. 2. The system of claim 1 , wherein the state verification subsystem further comprises a reporting subsystem operable to generate and present a report of the state inconsistency on the administrator user interface. 3. The system of claim 1 , wherein the data collection subsystem is operable to query a database storing the controller network configuration data that define network services specified by the controller for implementing at the end-host, and the data collection subsystem is operable to receive the end-host network configuration data from a plurality of agents that execute commands on the end-host to extract the end-host network configuration data. 4. The system method of claim 1 , wherein the controller network configuration data and the end-host network configuration data comprise L1, L2, L3, and L4 network layer configuration states, and wherein the network state representation comprises a mapping between a MAC address of a VM's vNIC and an L2 network, a mapping of IP layer reachability between VMs, and a mapping of IP layer reachability between a VM and a public network. 5. The system of claim 1 , wherein the network state representation further comprises a binary decision diagram describing ingress and egress packet filtering rules for each of the VMs, wherein the state verification subsystem compares the network state representation associated with the L4 network layer of the controller network configuration data and the end-host network configuration data by first comparing the rules at a string level, and only if there is a mismatch, generating the binary decision diagram for further comparison. 6. The system of claim 1 , wherein the controller network configuration data comprises a moving window of a sequence of controller state snapshots and the end-host network configuration data comprises the moving window of a sequence of end-host state snapshots. 7. A non-transitory computer readable storage medium storing a program of instructions executable by a machine to perform a method of identifying state inconsistency in edge-based software defined networks, the method comprising: receiving by a verification server, controller network configuration data from a controller of an edge-based software defined network (SDN); receiving by the verification server, end-host network configuration data from at least one end-host of the SDN, the end-host of the SDN comprising at least one hardware device that acts as at least one of a virtual switch and a router; parsing by the verification server, the controller network configuration data into a network state representation; parsing by the verification server, the end-host network configuration data into the network state representation; comparing the network state representation of the controller network configuration data and the end-host network configuration data to identify state inconsistency in the SDN; and responsive to identifying the state inconsistency, generating and transmitting an alert signal to an administrator user interface. 8. The non-transitory computer readable storage medium of claim 7 , wherein the generating and transmitting an alert signal responsive to identifying the state inconsistency comprises generating and presenting a report of the state inconsistency on the administrator user interface. 9. The non-transitory computer readable storage medium of claim 7 , wherein the controller network configuration data and the end-host network configuration data comprise L1, L2, L3, and L4 network layer configuration states. 10. The non-transitory computer readable storage medium of claim 7 , wherein the network state representation comprises a mapping between a MAC address of a VM's vNIC and an L2 network, a mapping of IP layer reachability between VMs, a mapping of IP layer reachability between a VM and a public network, and a binary decision diagram describing ingress and egress packet filtering rules for each of the VMs.