Flow generation from second level controller to first level controller to managed switching element

We claim: 1. A network control system comprising: a first set of network controllers for (i) receiving a definition of a logical forwarding element to which both a first plurality of machines in a first domain and a second plurality of machines in a second domain are logically coupled, (ii) translating the definition of the logical forwarding element into a first set of rules in a first logical layer, and (iii) translating the first set of rules into a second set of rules in a second logical layer; and a second set of network controllers in the first domain for (i) receiving a portion of the second set of rules from the first set of network controllers and (ii) translating the portion of the second set of rules into a third set of rules that are for distribution to a plurality of physical forwarding elements in the first domain that are managed by the second set of network controllers and to which the first plurality of machines couple, for the plurality of physical forwarding elements to implement the logical forwarding element for packets sent to and from the first plurality of machines. 2. The network control system of claim 1 , wherein the portion of the second set of rules is a first portion of the second set of rules and the plurality of physical forwarding elements is a first plurality of physical forwarding elements, the network control system further comprising a third set of network controllers for (i) receiving a second portion of the second set of rules from the first set of network controllers and (ii) translating the second portion of the second set of rules into a fourth set of rules that are for distribution to a second plurality of physical forwarding elements in the second domain that are managed by the third set of network controllers and to which the second plurality of machines couple, for the second plurality of physical forwarding elements to implement the logical forwarding element for packets sent to and from the second plurality of machines. 3. The network control system of claim 1 , wherein the first set of network controllers comprises a plurality of controller instances acting as a distributed controller cluster. 4. The network control system of claim 1 , wherein the first set of network controllers comprises a single controller instance. 5. The network control system of claim 4 , wherein the single controller instance is a controller computer that executes: a user interface for receiving the definition of the logical forwarding element; a virtualization application for translating the definition of the logical forwarding element into the first set of rules; and a control application for translating the first set of rules into the second set of rules. 6. The network control system of claim 5 , wherein: the control application uses a first rules engine to translate the definition of the logical forwarding element into the first set of rules; and the virtualization application uses a second rules engine to translate the first set of rules into the second set of rules. 7. The network control system of claim 6 , wherein the first and second rules engines are the same rules engine. 8. The network control system of claim 1 , wherein (i) the definition of the logical forwarding element, (ii) the first set of rules, and (iii) the second set of rules are each represented as different sets of nLog tables at the first set of network controllers. 9. The network control system of claim 1 , wherein a machine with a particular address is coupled to a particular logical port of the logical forwarding element, wherein the first set of rules comprises a first rule for logically forwarding a packet with a destination address that matches the particular address to the particular logical port. 10. The network control system of claim 9 , wherein the second set of rules comprises a second rule for logically forwarding a packet that (i) is associated with the logical forwarding element and (ii) has a destination address matching the particular address, wherein the association of the packet with the logical forwarding element is based on a physical port at which a physical forwarding element receives the packet. 11. The network control system of claim 10 , wherein: the logical forwarding element is a first logical forwarding element; the third set of rules comprises a third rule for logically forwarding a packet that (i) is associated with a second logical forwarding element and the first logical forwarding element and (ii) has a destination address matching the particular address; the association of the packet with the second logical forwarding element is based on the physical port at which the physical forwarding element receives the packet; and the association of the packet with the first logical forwarding element is based on a logical port of the second logical forwarding element that corresponds to the physical port and to which a particular port of the first logical forwarding element corresponds. 12. The network control system of claim 11 , wherein the second logical forwarding element logically couples to (i) the first plurality of machines in the first domain and (ii) the second domain. 13. The network control system of claim 1 , wherein: the definition of the logical forwarding element is a logical control plane definition; the first set of rules are a first set of flow entries in a first logical forwarding plane layer; the second set of rules are a second set of flow entries in a second logical forwarding plane layer; and the third set of rules are a third set of flow entries in a physical control plane layer. 14. The network control system of claim 1 , wherein the logical forwarding element is a first logical switch having a plurality of logical ports to which the machines in the first and second sets of machines couple. 15. The network control system of claim 14 , wherein: a second logical switch defined for the first domain has a first set of logical ports to which the machines in the first plurality of machines couple; and a third logical switch defined for the second domain has a second set of logical ports to which the machines in the second plurality of machines couple. 16. The network control system of claim 15 , wherein: a first logical port in the first set of logical ports couples to the third logical switch; and a second logical port in the second set of logical ports couples to the second logical switch. 17. The network control system of claim 1 , wherein the first domain is located in a first datacenter and the second domain is located in a second, different datacenter. 18. The network control system of claim 17 , wherein the first and second sets of network controllers are both located in the first datacenter. 19. The network control system of claim 17 , wherein the second set of network controllers is located in the first datacenter and the first set of network controllers is located external to both the first and second datacenters. 20. The network control system of claim 1 , wherein the first and second domains are both located in a same datacenter.