A common datacenter setup includes numerous servers that host virtual machines or other data compute nodes, with forwarding elements (e.g., software virtual switches) in the virtualization software of the server handling packet forwarding and network security for these data compute nodes. In a private datacenter (e.g., an enterprise network), technology exists that allows the owner of the datacenter to control the hypervisors of the host servers and thereby implement their own security and packet forwarding rules.
Public datacenters provide companies with the ability to expand or move their networks out of their own private datacenters, thereby reducing the cost and other burdens of the physical servers and the regular upkeep required for them. However, public datacenters have their own owners that control the virtualization software, and may not have as robust or transparent security capabilities. As such, some companies are hesitant to move their networks into these public datacenters because of the inability to exercise direct security control.