Overlay network encapsulation to forward data message flows through multiple public cloud datacenters

We claim: 1. A method of forwarding data message flows through at least two public cloud datacenters of at least two different public cloud providers, the method comprising: at an ingress forwarding element in a first public cloud datacenter; receiving, from a first external machine outside of the public cloud datacenters, a data message addressed to a second external machine outside of the public cloud datacenters, said second external machine reachable through an egress forwarding element that is in a second public cloud datacenter; encapsulating the data message with a first header that includes network addresses for the ingress and egress forwarding elements as source and destination addresses; and encapsulating the data message with a second header that specifies source and destination network addresses as the network address of the ingress forwarding element and a network address of a next hop forwarding element that is in a public cloud datacenter and that is a next hop on a path to the egress forwarding element. 2. The method of claim 1 , wherein the next hop forwarding element is in a third public cloud datacenter. 3. The method of claim 2 , wherein the first, second, and third public cloud datacenters belong to three different public cloud providers. 4. The method of claim 2 , wherein the first and second public cloud datacenter belong to a first public cloud provider, while the third public cloud datacenter belongs to a different, second public cloud provider. 5. The method of claim 2 , wherein the first and second public cloud datacenters belong to two different public cloud providers, while the third public cloud datacenter belongs to the public cloud provider of the first public cloud datacenter or the second public cloud datacenter. 6. The method of claim 2 , wherein: the next hop forwarding element is a first next hop forwarding element; and the first next hop forwarding element identifies a second next hop forwarding element along the path as a next hop for the data message and in the second header specifies source and destination network addresses as the network addresses of the first next hop forwarding element and the second next hop forwarding element. 7. The method of claim 6 , wherein the second next hop forwarding element is the egress forwarding element. 8. The method of claim 7 , wherein after receiving the encapsulated data message, the egress forwarding element determines from the destination network address in the first header that the encapsulated data message is addressed to the egress forwarding element, removes the first and second headers from the data message, and forwards the data message to the second external machine. 9. The method of claim 6 , wherein the second next hop forwarding element is a fourth forwarding element that is different than the egress forwarding element. 10. The method of claim 1 , wherein the next hop forwarding element is the egress forwarding element. 11. The method of claim 1 further comprising: processing at the ingress and egress forwarding elements data messages belonging to different tenants of a virtual network provider that defines different virtual networks over public cloud datacenters for the different tenants; in the encapsulating first header of the received message, storing a tenant identifier that identifies the tenant associated with the first and second external machines. 12. The method of claim 11 , wherein the encapsulation of the data message with the first and second headers defines, for a first tenant, an overlay virtual network that spans a group of networks of a group public cloud datacenters including the first and second public cloud datacenters. 13. The method of claim 12 , wherein the tenants are corporations and the virtual networks are corporate wide area networks (WANs). 14. The method of claim 1 , wherein the first external machine is one of a machine in a first branch office, a machine in a private first datacenter, or a remote machine, and the second external machine is a machine in a second branch office or a machine in a private second datacenter. 15. A non-transitory machine readable medium storing a program for an ingress forwarding element, the program for execution by at least one processing unit, the program comprising sets of instructions for: at the ingress forwarding element in a first public cloud datacenter of the first public cloud provider, the ingress forwarding element for forwarding data message flows of an entity through a virtual network spanning across at least the first public cloud datacenter of the first public cloud provider and a second public cloud datacenter of a second public cloud provider different than the first public cloud provider to connect external machines of the entity: receiving, from a first external machine of the entity a data message addressed to a second external machine of the entity, wherein the first and second external machines are outside of any public cloud datacenter and the second external machine is reachable through an egress forwarding element that is in the second public cloud datacenter; encapsulating the data message with a first header that includes network addresses for the ingress and egress forwarding elements as source and destination addresses; and encapsulating the data message with a second header that specifies source and destination network addresses as the network address of the ingress forwarding element and a network address of a next hop forwarding element that is in a public cloud datacenter and that is a next hop on a path to the egress forwarding element; and forwarding the data message with the encapsulating first and second headers to the next hop forwarding element to forward along the virtual network to the second external machine. 16. The non-transitory machine readable medium of claim 15 , wherein the first and second encapsulating headers allow the data message to traverse along the virtual network that is defined over the public cloud datacenter infrastructure. 17. The non-transitory machine readable medium of claim 15 , wherein the next hop forwarding element is in a third public cloud datacenter of a third public cloud provider different than the first and second public cloud providers. 18. The non-transitory machine readable medium of claim 15 , wherein: the next hop forwarding element is a first next hop forwarding element; and the first next hop forwarding element identifies a second next hop forwarding element along the path as a next hop for the data message and in the second header specifies source and destination network addresses as the network addresses of the first next hop forwarding element and the second next hop forwarding element. 19. The non-transitory machine readable medium of claim 15 , wherein the data message is a first data message, the virtual network is a first virtual network and the entity is a first entity, the program further comprising sets of instructions for: at the ingress forwarding element in the first public cloud datacenter; receiving a second data message from a first external machine of a second entity for which a second virtual network is defined over the public cloud datacenter infrastructure of the first and second public cloud datacenters; encapsulating the second data message with first and second encapsulating headers to allow the second data message to traverse the second virtual network to an egress forwarding element that forwards the second data message to a second external machine of the second