In computing environments, virtual switches may be used that comprise software modules capable of providing a communication platform for one or more virtual nodes in the computing environment. These virtual switches may provide switching operations, routing operations, distributed firewall operations, and the like, and may be used to intelligently direct communication on the network by inspecting packets before passing them to other computing nodes (both real and virtual). For example, packets may be inspected to determine the source and destination internet protocol (IP) addresses to determine if the communication is permitted to be delivered to the destination computing node. In some implementations, software defined networks may be designed with packet forwarding configurations that indicate actions to be taken against each communicated packet. The packet forwarding configurations may identify specific attributes, such as IP addresses, media access control (MAC) addresses, and the like within the data packet and, when identified, provide a set of actions to be asserted against the data packet. These actions may include modifications to the data packet, and forwarding rules for the data packet, amongst other possible operations.
In some implementations, to provide the virtual switching operations, the virtual switch may be required to transfer and receive packets for the virtual nodes over a physical network interface of the host computing system. To support the communication of these packets over the physical network interface, the host may be capable of configuring the physical network interface to maintain a quality of service for packets destined for the virtual nodes. However, difficulties arise in identifying currently executing nodes on the host. In particular, traditional configuration operations for physical network interfaces are incapable of identifying secondary virtual nodes nested within a primary virtual node, and may further have difficulties identifying packets within overlay network headers. As a result, traditional filtering configurations may be incapable of classifying data packets for the nested virtual nodes as well as packets nested within an overlay header.