Scalable tenant networks

What is claimed is: 1. A computerized system comprising: one or more computer processors; and computer memory storing computer-useable instructions that, when used by the one or more computer processors, cause the one or more computer processors to perform operations comprising: allocating, by a central controller, a policy for a tenant network; receiving, at the central controller and from a local controller associated with the tenant network, a declaration of a number of containers hosted by one or more nodes or one or more virtual machines of the tenant network; and sending, from the central controller to the local controller and based at least in part on the declaration, a policy template associated with the policy for the tenant network. 2. The system of claim 1 , the operations further comprising: calculating, by the local controller, a network virtualization policy based at least in part on the policy template; and distributing the network virtualization policy to the one or more nodes or the one or more virtual machines of the tenant network. 3. The system of claim 1 , wherein the tenant network comprises at least one of a routing domain identifier (RDID) or a host domain. 4. The system of claim 1 , wherein the policy template indicates a change to one or more configurable policy elements. 5. The system of claim 4 , wherein the one or more configurable policy elements comprise one or more of: Internet Protocol (IP) addresses, Media Access Control (MAC) addresses, port numbers, or customer addresses (CAs) for one or more routing domain identifiers (RDIDs). 6. The system of claim 4 , wherein the one or more configurable policy elements comprise load balancer virtual Internet Protocol (VIP) address to dynamic Internet Protocol (DIP) address mappings. 7. The system of claim 4 , wherein: the one or more configurable policy elements comprise constraints for service chain configuration; the service chain configuration comprises a path of service chain elements a data packet traverses during communication to or from a destination in a datacenter; and an individual service chain element comprises a load balancer, an anti-virus scanner, a firewall, or a packet inspection server. 8. The system of claim 4 , wherein the one or more configurable policy elements comprise local forwarding tables that include a destination with which a node or a virtual machine is able to communicate, wherein the local forwarding tables include encapsulate/decapsulate rules, network address translation rules, or a range of IP addresses that are reachable by the node or the virtual machine. 9. One or more computer-storage media having computer-executable instructions embodied thereon that, when executed by a computing system having a processor and memory, cause the processor to perform operations comprising: allocating, by a central controller, a policy for a tenant network; receiving, at the central controller and from a local controller associated with the tenant network, a declaration of a number of containers hosted by one or more nodes or one or more virtual machines of the tenant network; and sending, from the central controller to the local controller and based at least in part on the declaration, a policy template associated with the policy for the tenant network. 10. The media of claim 9 , the operations further comprising: calculating, by the local controller, a network virtualization policy based at least in part on the policy template; and distributing the network virtualization policy to the one or more nodes or the one or more virtual machines of the tenant network. 11. The media of claim 9 , wherein the tenant network comprises at least one of a routing domain identifier (RDID) or a host domain. 12. The media of claim 9 , wherein the policy template indicates a change to one or more configurable policy elements. 13. The media of claim 12 , wherein the one or more configurable policy elements comprise one or more of: Internet Protocol (IP) addresses, Media Access Control (MAC) addresses, port numbers, or customer addresses (CAs) for one or more routing domain identifiers (RDIDs). 14. The media of claim 12 , wherein the one or more configurable policy elements comprise load balancer virtual Internet Protocol (VIP) address to dynamic Internet Protocol (DIP) address mappings. 15. The media of claim 12 , wherein: the one or more configurable policy elements comprise constraints for service chain configuration; the service chain configuration comprises a path of service chain elements a data packet traverses during communication to or from a destination in a datacenter; and an individual service chain element comprises a load balancer, an anti-virus scanner, a firewall, or a packet inspection server. 16. The media of claim 12 , wherein the one or more configurable policy elements comprise local forwarding tables that include a destination with which a node or a virtual machine is able to communicate, wherein the local forwarding tables include encapsulate/decapsulate rules, network address translation rules, or a range of IP addresses that are reachable by the node or the virtual machine. 17. A computer-implemented method, the method comprising: allocating, by a central controller, a policy for a tenant network; receiving, at the central controller and from a local controller associated with the tenant network, a declaration of a number of containers hosted by one or more nodes or one or more virtual machines of the tenant network; and sending, from the central controller to the local controller and based at least in part on the declaration, a policy template associated with the policy for the tenant network. 18. The method of claim 17 , the operations further comprising: calculating, by the local controller, a network virtualization policy based at least in part on the policy template; and distributing the network virtualization policy to the one or more nodes or the one or more virtual machines of the tenant network. 19. The method of claim 17 , wherein the tenant network comprises at least one of a routing domain identifier (RDID) or a host domain. 20. The method of claim 17 , wherein the policy template indicates a change to one or more configurable policy elements.