Systems, methods, and devices for smart mapping and VPN policy enforcement

What is claimed is: 1. One or more non-transitory computer readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to implement a mapping system that provides a single policy control point for Virtual Private Networks (VPNs), the instructions operable when executed to: program, via a northbound interface, directly into a mapping database at the mapping system (i) VPN policies including Locator/ID Separation Protocol (LISP)-based source-destination mappings between endpoint identifiers (EIDs) and corresponding routing locators (RLOCs) for routers, (ii) segment routing (SR) policies including, in an SR field of the mapping database, indications of routers to be used as intermediate path hops between source routers and destination routers in connection with a forwarding policy; (iii) network service header (NSH) policies for which at least some of the source-destination mappings include corresponding NSHs identifying service chains of service functions; and (iv) encryption policies to be applied to the VPNs; receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first tunneling router compliant with the LISP, the mapping request comprising an EID tuple that includes a source identifier and a destination identifier, wherein the source identifier is located in a first portion of the EID tuple; identify a first RLOC using a longest match algorithm based, at least in part, on the source identifier and the destination identifier of the EID tuple from the mapping database and identify an indication of an intermediate path hop from the indications of routers corresponding to the first RLOC; and transmit the first RLOC and the indication of the intermediate path hop to the first tunneling router. 2. The one or more non-transitory computer readable storage media of claim 1 , wherein the instructions are further operable when executed to render the forwarding policy based, at least in part, on the source identifier from the EID tuple. 3. The one or more non-transitory computer readable storage media of claim 2 , wherein the instructions are further operable when executed to identify the first RLOC based on the forwarding policy. 4. The one or more non-transitory computer readable storage media of claim 2 , wherein the instructions are further operable to resolve a policy associated with the source identifier into a forwarding state. 5. The one or more non-transitory computer readable storage media of claim 1 , wherein the source-destination mappings are configured as LISP-based source-destination mappings extended to include the SR field. 6. The one or more non-transitory computer readable storage media of claim 1 , wherein at least some of the source-destination mappings include corresponding network service headers (NSHs) identifying service chains of service functions, and the instructions are further operable, when executed, to receive the mapping request to include an NSH identifying a service chain, use the NSH in the mapping request as a key to identify a next hop in the service chain, and transmit to the first tunneling router information identifying the next hop in the service chain. 7. The one or more non-transitory computer readable storage media of claim 6 , wherein the source-destination mappings are configured as LISP-based source-destination mappings extended to include the corresponding NSHs. 8. The one or more non-transitory computer readable storage media of claim 6 , wherein the corresponding NSHs each includes a service path identifier (SPI) and a service index (SI). 9. One or more non-transitory computer readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to implement a mapping system that provides a single policy control point for Virtual Private Networks (VPNs), the instructions operable when executed to: program, via a northbound interface, directly into a mapping database at the mapping system (i) VPN policies including Locator/ID Separation Protocol (LISP)-based source-destination mappings between endpoint identifiers (EIDs) and corresponding routing locators (RLOCs) for routers, (ii) segment routing (SR) policies including, in an SR field of the mapping database, indications of routers to be used as intermediate path hops between source routers and destination routers in connection with a forwarding policy; (iii) network service header (NSH) policies for which at least some of the source-destination mappings include corresponding NSHs identifying service chains of service functions; and (iv) encryption policies to be applied to the VPNs; receive, from a first tunneling router associated with a first virtual network, a mapping request to a second virtual network, the first tunneling router compliant with the LISP, the mapping request comprising an RLOC tuple that includes a source identifier and a destination identifier, wherein the source identifier is located in a first portion of the RLOC tuple; identify a first endpoint identifier for a destination using a longest match algorithm based, at least in part, on the source identifier and the destination identifier of the RLOC tuple, and identify an indication of an intermediate path hop from the indications of routers corresponding to the first endpoint identifier; and transmit the first endpoint identifier and the indication of the intermediate path hop to the first tunneling router. 10. The one or more non-transitory computer readable storage media of claim 9 , wherein the instructions are further operable when executed to render the forwarding policy based, at least in part, on the source identifier from the RLOC tuple. 11. The one or more non-transitory computer readable storage media of claim 10 , wherein the instructions are further operable when executed to identify the first endpoint identifier based on the forwarding policy. 12. The one or more non-transitory computer readable storage media of claim 10 , wherein the instructions are further operable to resolve a policy associated with the source identifier into a forwarding state. 13. The one or more non-transitory computer readable storage media of claim 9 , wherein the source-destination mappings are configured as LISP-based source-destination mappings extended to include the SR field. 14. The one or more non-transitory computer readable storage media of claim 9 , wherein the instructions are further operable, when executed, to receive the mapping request to include an NSH identifying a service chain, use the NSH in the mapping request as a key to identify a next hop in the service chain, and transmit to the first tunneling router information identifying the next hop in the service chain. 15. The one or more non-transitory computer readable storage media of claim 14 , wherein the source-destination mappings are configured as LISP-based source-destination mappings extended to include the corresponding NSHs. 16. The one or more non-transitory computer readable storage media of claim 14 , wherein the corresponding NSHs each includes a service path identifier (SPI) and a service index (SI). 17. A method comprising: implementing a mapping system that provides a single policy control point for Virtual Private Networks (VPNs), the implementing including programming, via a northbound interface, directly into a mapping database at the mapping system (i) VPN policies including Locator/ID Separation Protocol (LISP)-based source-destination mappings