A computer network may typically a collection of two or more computing nodes, which may be communicatively coupled via a transmission medium and utilized for transmitting information. Most computer networks may adhere to the layered approach provided by the open systems interconnect (OSI) reference model. The OSI reference may provide a seven (7) layer approach. This approach may include an application layer, (Layer 7), a presentation layer (layer 6), a session layer (Layer 5), a transport layer (Layer 4), a network layer (Layer 3), a data link layer (Layer 2) and a physical layer (Layer 1). Layer 7 through layer 5 inclusive may comprise upper layer protocols, while layer 4 through layer 1 may comprise lower layer protocols. Some computer networks may utilize only a subset of the 7 OSI layers. For example, the TCP/IP model, or Internet Reference model generally may utilize a 5 layer model. The TCP/IP model may comprise an application layer, (Layer 7), a transport layer (Layer 4), a network layer (Layer 3), a data link layer (Layer 2) and a physical layer (Layer 1). Each layer may include a set of responsibilities or services provided as well as typical systems and devices that provide those services. For example, a switch can be a Layer 2 device.
Increasingly, these systems and devices have been virtualized in cloud computing platforms to form virtualized components of a computer network that are connected to virtual machines that may also be resident in the cloud computing platform. Cloud computing may refer to the on-demand provisioning and use of computational resources (e.g. data, software and the like) via a computer network, rather than from a local computer. These ‘virtualized networks’ can be connected to virtual machines residing in one or more hosts. Such virtual machines may use virtual network interface cards (vNICs) to communicate over one or more virtualized networks. Consolidating virtualized network services into a cloud-computing platform may generate several issues such the scaling of system resources and/or isolation of the virtualized nodes (e.g. the virtual machines). For example, a cloud computing platform may assign a virtual machine one or more virtual network interfaces (vNICs) on three common types of networks—a ‘public’ network interface to communicate with an external network such as the Internet, a ‘private’ network interface to securely communicate with other virtual machines for the same ‘tenant’ organization or application, and/or a ‘hybrid’ network interface to communicate, for example, to fixed legacy infrastructure (e.g., legacy database servers or network storage devices). Notwithstanding the foregoing, there may also be additional types of virtualized and physical networks in a cloud computing platform. In the following discussions it should be understood that virtual machines and physical machines may commonly communicate using virtual network interfaces and physical network interfaces, respectively, and such interfaces are the source and destination of data packets communicated over networks.
It may be desired that these virtual interfaces provide complete isolation from a security perspective from other ‘tenants’ (e.g. other virtual machines) sharing the same physical infrastructure (e.g. physical hosts)in which the cloud computing platform resides. It may also be desired that these interfaces provide scalability, such that the Layer 2 switching infrastructure is not overwhelmed with broadcasts due to flooding for unknown MAC addresses and due to broadcast discovery protocols such as Address Resolution Protocol(ARP). For example, a scalability problem may occur since each virtual network interface (vNIC) is assigned a virtual media access control (virtual MAC or vMAC) address. As there may be many virtual machines per physical host, each with one or more vNICs, the resulting number of MAC addresses in the infrastructure can be an order of magnitude (or more) larger than would occur if there were no vNICs and vMACs. As a result, the number of broadcasts due to floods caused by limited capacity of switch forwarding tables used for MAC ‘learning’, and also due to address resolution protocol (ARP) request broadcasts, may increase by an order of magnitude (or more). This may dramatically increase the network bandwidth waste and the processor cycles wasted on hosts to filter out irrelevant traffic.