A typical cloud data center environment includes many interconnected servers that provide computing (e.g., compute nodes) and/or storage capacity to run various applications. For example, a data center typically includes one or more facilities that hosts applications and services for subscribers, i.e., customers of the data center. The data center, for example, hosts servers for executing the customer applications and includes infrastructure equipment, such as networking and storage systems, redundant power supplies, and environmental controls. In a typical data center, clusters of storage systems and application servers are interconnected via high-speed switch fabric provided by one or more tiers of physical network switches and routers. More sophisticated data centers provide infrastructure spread throughout the world with subscriber support equipment located in various physical hosting facilities.
Some such data center environments may provide virtual overlay networks that provide enhanced traffic engineering and network security, allowing different clients to use separate virtual networks across a set of common infrastructure equipment (e.g., shared servers, storage systems, networking equipment). However, the increasing deployments of such cloud data centers present increasing challenges for network security. It may be technically challenging to provide security measures within cloud data centers that can mitigate security vulnerabilities within virtual overlay networks.