Performing ingress side control through egress side limits on forwarding elements

The invention claimed is: 1. A method for enforcing a level of service for ingress side data message traffic to a computer in a datacenter, the datacenter comprising a plurality of hardware forwarding elements (HFEs), the method comprising: receiving, from the HFEs, egress side statistics relating to data messages forwarded to the computer by the HFEs; aggregating and analyzing the received statistics to determine whether the data message traffic has exceeded a first threshold level for ingress side data message traffic to the computer; when the first threshold has been exceeded, distributing to the HFEs a set of secondary threshold levels to reduce the data message traffic from the HFEs to the computer; wherein the receiving, aggregating, and distributing are performed by a set of controllers that enforces the service level for ingress side data message traffic to the computer through egress side limits on the HFEs. 2. The method of claim 1 , wherein the set of secondary threshold levels includes an identical second threshold level distributed to all HFEs. 3. The method of claim 1 , wherein the set of secondary threshold levels includes at least two different second threshold levels distributed to at least two different HFEs. 4. The method of claim 1 , wherein based on the distributed set of secondary threshold levels an HFE drops or delays data messages when data message traffic from the HFE to the computer reaches a secondary threshold level. 5. The method of claim 1 further comprising: before receiving the egress side statistics, distributing to the HFEs an earlier set of primary threshold levels to define a limit on data message traffic from each HFE to the computer. 6. The method of claim 5 , wherein the set of primary threshold levels includes an identical primary threshold level distributed to all HFEs. 7. The method of claim 5 , wherein the set of primary threshold levels includes at least two different primary threshold levels distributed to at least two different HFEs. 8. The method of claim 1 , wherein the data message traffic comprises data message traffic associated with a particular group identifier specifying a group of two or more data message flows. 9. The method of claim 1 , wherein the data message traffic comprises data message traffic associated with a particular slice identifier associated with a network slice in a network. 10. The method of claim 9 , wherein the computer executes a machine associated with the network slice. 11. A non-transitory machine readable medium storing a program for executing by at least one processing unit, the program for enforcing a level of service for ingress side data message traffic to a computer in a datacenter, the datacenter comprising a plurality of hardware forwarding elements (HFEs), the program comprising sets of instructions for: receiving, from the HFEs, egress side statistics relating to data messages forwarded to the computer by the HFEs; aggregating and analyzing the received statistics to determine whether the data message traffic has exceeded a first threshold level for ingress side data message traffic to the computer; when the first threshold has been exceeded, distributing to the HFEs a set of secondary threshold levels to reduce the data message traffic from the HFEs to the computer; the program is a controller of a set of controllers that enforces the service level for ingress side data message traffic to the computer through egress side limits on the HFEs. 12. The non-transitory machine readable medium of claim 11 , wherein the set of secondary threshold levels includes an identical second threshold level distributed to all HFEs. 13. The non-transitory machine readable medium of claim 11 , wherein the set of secondary threshold levels includes at least two different second threshold levels distributed to at least two different HFEs. 14. The non-transitory machine readable medium of claim 11 , wherein based on the distributed set of secondary threshold levels an HFE drops or delays data messages when data message traffic from the HFE to the computer reaches a secondary threshold level. 15. The non-transitory machine readable medium of claim 11 , wherein the program further comprises a set of instructions for distributing, before receiving the egress side statistics, an earlier set of primary threshold levels to the HFEs to define a limit on data message traffic from each HFE to the computer. 16. The non-transitory machine readable medium of claim 15 , wherein the set of primary threshold levels includes an identical primary threshold level distributed to all HFEs. 17. The non-transitory machine readable medium of claim 15 , wherein the set of primary threshold levels includes at least two different primary threshold levels distributed to at least two different HFEs. 18. The non-transitory machine readable medium of claim 11 , wherein the data message traffic comprises data message traffic associated with a particular group identifier specifying a group of two or more data message flows. 19. The non-transitory machine readable medium of claim 11 , wherein the data message traffic comprises data message traffic associated with a particular slice identifier associated with a network slice in a network. 20. The non-transitory machine readable medium of claim 19 , wherein the computer executes a machine associated with the network slice.