Service node selection by an inline service switch

The invention claimed is: 1. A non-transitory machine readable medium storing a program for sending data messages originating at a source compute node (SCN) to a group of service nodes (SNs), the SCN and the program for execution by at least one processor of a host computer, the program comprising sets of instructions for: on the egress datapath of the SCN along which data messages originating at the SCN are sent out of the host computer, identifying a data message originating at and transmitted by the SCN and determining whether a service action has to be performed on the data message; when a service action has to be performed on the data message, identifying a particular SN in the SN group that should receive the data message, said SN group comprising a plurality of SNs for performing the same service action and connected to the host computer by a tunnel; from a plurality of tunnels between the host computer and the plurality of SNs, identifying a tunnel connecting the host computer to the identified particular SN; and sending the data message to the particular SN along the identified tunnel that connects the host computer with the particular SN. 2. The non-transitory machine readable medium of claim 1 , wherein the data message is associated with a data message flow; and the set of instructions for sending the data message along the identified tunnel comprises a set of instructions for using a unique tunnel key for the data message's flow, because the identified tunnel is used to send other data message flows with other tunnel keys to the particular SN. 3. The non-transitory machine readable medium of claim 2 , wherein the SCN executes on the host computer with a plurality of other SCNs and with a software forwarding element; the identified tunnel is for use by at least two SCNs executing on the host computer to send data messages to the particular SN; the particular SN uses the tunnel key in a reply data message that the particular SN sends back; and the program further comprises a set of instructions for using the tunnel key to associate the reply data message to the data message sent to the particular SN. 4. The non-transitory machine readable medium of claim 1 , wherein the set of instructions for identifying an SN comprises a set of instructions for performing a load balancing operation that selects an SN from the group of SNs. 5. The non-transitory machine readable medium of claim 4 , wherein the load balancing operation is based on a set of load balancing criteria that specifies a particular manner for spreading the data message load for the service across the SNs of the SN group. 6. The non-transitory machine readable medium of claim 1 , wherein the set of instructions for determining whether the service action has to be performed on the data message comprises a set of instructions for identifying a service rule in a service rule storage for the data message. 7. The non-transitory machine readable medium of claim 6 , wherein the set of instructions for identifying the service rule in the service rule storage comprises a set of instructions for matching a set of header parameters of the data message to a rule identifier of the service rule, each of a plurality of service rules in the service rule storage having a rule identifier specified in terms of a set of data-message header parameters. 8. The non-transitory machine readable medium of claim 7 , wherein the header parameters of the data message and the matching rule identifier include a virtual IP (Internet Protocol) address (VIP), said service rule storage storing at least one service rule associated with a set of one or more service actions associated with the VIP. 9. The non-transitory machine readable medium of claim 7 , wherein the header parameters of the data message and the matching rule identifier include one or more Layer 3 (L3) or Layer 4 (L4) packet header values, wherein at least two rule identifiers of two rules are defined by two different sets of L3/L4 parameters. 10. The non-transitory machine readable medium of claim 6 , wherein the SN group is a first SN group that performs a first service action, the identified tunnel is a first tunnel, and the service rule specifies at least two service actions for the data message, the program further comprising sets of instructions for: receiving a reply data message from the particular SN through the first tunnel; identifying an SN in a second SN group comprising a plurality of SNs for performing a second same service action for the identified data message; and sending a data message to the identified second-group SN along a second tunnel connecting the host computer with the second-group SN for the second group SN to perform the second service action. 11. The non-transitory machine readable medium of claim 10 , wherein the data message that is sent to the second SN is one of: the identified data message, a data message that is generated from the identified data message based on the reply data message, the reply data message, and a data message that is generated from the reply data message. 12. The non-transitory machine readable medium of claim 1 , wherein the program further comprises sets of instructions for: receiving a reply data message from the particular SN through the identified tunnel; and based on the reply data message, sending a data message to a destination associated with the identified data message. 13. The non-transitory machine readable medium of claim 12 , wherein the SCN executes on the host computer with a software forwarding element (SFE); and the set of instructions for sending the data message to the destination comprises a set of instructions for supplying the data message to the SFE in order to have the SFE forward the data message to the destination through a set of intermediate forwarding elements that operate outside of the host computer. 14. The non-transitory machine readable medium of claim 1 , the program further comprising a set of instructions for forwarding the identified data message to a destination that is not an SN in the SN group after determining that the service action does not have to be performed on the data message. 15. The non-transitory machine readable medium of claim 1 , wherein the program is an inline switch; and the inline switch is deployed on the egress datapath of the SCN along which the data messages that are transmitted by the SCN are sent out of the host computer. 16. The non-transitory machine readable medium of claim 1 , wherein the SCN is not configured to send data messages to an SN in the SN group; and the set of instructions for determining that the service has to be performed on the data message comprises a set of instructions for identifying for the data message a service rule in a service rule storage by matching a set of header parameters of the data message to a rule identifier of the service rule, each of a plurality of service rules in the service rule storage having a rule identifier specified in terms of a set of data message header parameters. 17. The non-transitory machine readable medium of claim 1 , wherein the SN group is a first SN group that performs a first service action, and the tunnel is a first tunnel; and the program further comprises sets of instructions for: determining whether a second service action should be performed on the identified data message by an SN of a second SN group; and when the second service action has to be performed, identifying an SN in the second SN group, identifying a second tunnel from a plurality of tunn