A virtualized network is a data network that is overlaid on the top of another network, such as a physical network. Network elements in the overlaid network are connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. For example, a virtualized network is a combination of hardware and software network resources that is a single administrative entity.
One example of a virtualized network is Virtual eXtensible Local Area Network (VXLAN), where VXLAN is a layer 2 overlay over a layer 3 physical network. Each VXLAN overlay network is known as a VXLAN segment and is identified by a unique 24-bit segment ID called a VXLAN Network Identifier (VNI). Virtual machines with the same VNI are allowed to communicate with each other over the corresponding VXLAN segment. In a VXLAN segment, virtual machines are uniquely identified by the combination of Media Access Control (MAC) addresses and the VNI of that segment. A Virtual Tunnel Endpoint (VTEP) encapsulates data entering the VXLAN segment with the VNI and de-encaspulates the data traffic leaving the VXLAN segment.
An operator typically assigns the VNI to VXLAN segments in a haphazard fashion. For example, an operator may assign a VNI of 5024 for a general desktop VXLAN, a VNI of 5026 for a general server VXLAN, and a VNI of 5027 for a VXLAN that supports branch desktops. By assigning the VNIs for the different VXLAN in a haphazard fashion, it is hard to map a policy for each VXLAN segment using the VNI. A lookup table matching VNI to policy can be implemented, but this only maps the VNI to policy and does not allow for a hierarchical structure of policy assignment.