Typical physical networks often use middleboxes, such as firewalls, load balancers, network address translation, intrusion detection systems, etc., to perform specific types of packet processing. Firewalls can identify traffic that should or should not be allowed to pass between network segments, network address translation can be used to hide IP addresses behind virtual IPs, and load balancers provide dynamic packet routing decisions, among other functions.
In virtualized networks, these various middleboxes do not lose their functionality. However, when logical forwarding element processing (e.g., for logical switches, logical routers) is performed entirely at the first hop, it is inefficient to send packets to centralized middlebox appliances for processing in between processing at the first hop virtualization software. However, distributing a logical middleboxes creates various problems that must be solved, including how to handle state sharing between the distributed middlebox elements that each implement the same logical middlebox on different host machines.