The vSwitch can support multiple tunnels to provide multi-tenancy. As shown here, the creation of tunnels for each tenant in a virtual infrastructure keeps the network traffic isolated at the source of the traffic. Instead of attempting to secure the traffic in the physical network, we can use a hypervisor management tool, such as VMware vCenter, to configure the VM and the tunnel network according to security policy. This reduces the likelihood of operational misconfiguration and makes for reliable process and simple auditing.
Products like VMware vCloud Director are using overlay networks to enable the use of software-based networking appliances to replace physical firewalls, routers, and load balancers.