Segmentation of encrypted segments in networks

What is claimed is: 1. A method comprising: receiving, at a first host, a first packet from a first compute node that is being sent to a second compute node of a second host, the first packet including a first header and a payload, wherein the payload is larger than a maximum transmission unit size for sending packets to the second compute node; encapsulating the first packet with an outer header; analyzing a length of at least a portion of the outer header in determining a size of an encrypted segment of the payload to include in a plurality of packets; forming the plurality of packets, wherein each packet in the plurality of packets includes an encrypted segment of the payload, a respective encryption header for the respective encrypted segment, and a respective authentication value for the respective encrypted segment, wherein the payload of the first packet is segmented to form a plurality of encrypted segments based on the size of the encrypted segment; sending the plurality of packets to the second host using the outer header; receiving an indication that one of the plurality of packets was not received by the second compute node; and sending a second packet including the encrypted segment that was not received in the one of the plurality of the packets to the second compute node. 2. The method of claim 1 , wherein segments other than the encrypted segment that was not received are not resent to the second compute node. 3. The method of claim 1 , wherein analyzing comprises: calculating a maximum segment size based on the maximum transmission unit, the first header, and the at least the portion of the outer header; and calculating the size of the encrypted segment based on the maximum segment size, a size of the encryption header for the encrypted segment, and a size of the authentication value for the encrypted segment. 4. The method of claim 3 , further comprising: encrypting segments of the payload in the first packet based on the size of the encrypted segment to include in the plurality of packets; inserting the respective encryption header and the respective authentication value for the respective encrypted segment in the payload of the first packet; and segmenting the payload of the first packet based on the maximum segment size to form a plurality of payloads for the plurality of packets. 5. The method of claim 1 , wherein: the first compute node is a virtualized computing instance (VCI) supported by virtualization software running on the first host. 6. The method of claim 1 , further comprising: executing, with the first host, a hypervisor comprising a virtual switch; creating, with the virtual switch, a software-defined logical overlay network on which the compute node resides, the overlay network comprising: a first tunnel endpoint corresponding to the first compute node and having a first address; and a second tunnel endpoint corresponding to the second compute node and having a second address; identifying the first address and the second address with the outer header. 7. The method of claim 6 , wherein: forming the plurality of packets comprises: generating a plurality of payload segments by segmenting the payload of the first packet; encrypting, by an encryption engine of the hypervisor, each of the plurality of payload segments; adding, by the encryption engine, associated encryption headers and authentication values for the plurality of payload segments; generating, with a segmentation engine of the hypervisor, the plurality of packets from the plurality of payload segments and associated encryption headers and authentication values. 8. A non-transitory computer-readable storage medium containing instructions, that when executed, control a computer system to be configured for: receiving, at a first host, a first packet from a first compute node that is being sent to a second compute node of a second host, the first packet including a first header and a payload, wherein the payload is larger than a maximum transmission unit size for sending packets to the second compute node; encapsulating the first packet with an outer header; analyzing a length of at least a portion of the outer header in determining a size of an encrypted segment of the payload to include in a plurality of packets; forming the plurality of packets, wherein each packet in the plurality of packets includes an encrypted segment of the payload, a respective encryption header for the respective encrypted segment, and a respective authentication value for the respective encrypted segment, wherein the payload of the first packet is segmented to form a plurality of encrypted segments based on the size of the encrypted segment; sending the plurality of packets to the second host using the outer header; receiving an indication that one of the plurality of packets was not received by the second compute node; and sending a second packet including the encrypted segment that was not received in the one of the plurality of the packets to the second compute node. 9. The non-transitory computer-readable storage medium of claim 8 , wherein segments other than the encrypted segment that was not received are not resent to the second compute node. 10. The non-transitory computer-readable storage medium of claim 8 , wherein analyzing comprises: calculating a maximum segment size based on the maximum transmission unit, the first header, and the at least the portion of the outer header; and calculating the size of the encrypted segment based on the maximum segment size, a size of the encryption header for the encrypted segment, and a size of the authentication value for the encrypted segment. 11. The non-transitory computer-readable storage medium of claim 10 , further comprising: encrypting segments of the payload in the first packet based on the size of the encrypted segment to include in the plurality of packets; inserting the respective encryption header and the respective authentication value for the respective encrypted segment in the payload of the first packet; and segmenting the payload of the first packet based on the maximum segment size to form a plurality of payloads for the plurality of packets. 12. The non-transitory computer-readable storage medium of claim 8 , wherein: the first compute node is a virtualized computing instance (VCI) supported by virtualization software running on the first host. 13. The non-transitory computer-readable storage medium of claim 8 , further comprising: executing, with the first host, a hypervisor comprising a virtual switch; creating, with the virtual switch, a software-defined logical overlay network on which the compute node resides, the overlay network comprising: a first tunnel endpoint corresponding to the first compute node and having a first address; and a second tunnel endpoint corresponding to the second compute node and having a second address; identifying the first address and the second address with the outer header. 14. The non-transitory computer-readable storage medium of claim 13 , wherein: forming the plurality of packets comprises: generating a plurality of payload segments by segmenting the payload of the first packet; encrypting, by an encryption engine of the hypervisor, each of the plurality of payload segments; adding, by the encryption engine, associated encryption headers and authentication values for the plurality of payload segments; generating, with a segmentation engine of the hypervisor, the plurality of packets from the plurality of payload segments and associated encryption headers and authentication values.