Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Create Network Policy

 

A network policy is a set of access control rules that can be attached to virtual networks. A network policy determines what traffic that is allowed or denied on the network.

Follow these steps to create a network policy by using the Contrail Command UI.

  1. Navigate to Overlay>Network Policies.

    The Network Policies page is displayed.

  2. Click Create.

    The Network Policy tab of the Create Network Policy page is displayed.

  3. Enter a name for the policy in the Policy Name field.
  4. Enter the following information as given in Table 1 to define a policy rule.

    You can define more than one rule for a policy.

    Table 1: Define Policy Rule

    Field

    Action

    Action

    To allow traffic to pass through the network, select Pass. To deny traffic, select Deny.

    Protocol

    Select a protocol you want to associate with traffic. Any is selected by default.

    Source Type

    Select the source type for this policy rule.

    Source

    Select the traffic source based on the source type you have selected.

    For example, if you select CIDR as the Source Type, enter the source subnet in the Source field.

    Source Port

    Leave the default option, Any, as is.

    Direction

    Determine the direction of traffic flow that you want to apply this policy rule.

    You can select < > or >.

    Destination Type

    Select the destination type for this policy rule.

    Destination

    Select the traffic destination based on the destination type you have selected.

    For example, if you select CIDR as the Destination Type, enter the destination subnet in the Destination field.

    Destination Ports

    Leave the default option, Any, as is.

    Advanced Options

    Select this check box to view more options that you can configure for this policy rule.

    Services

    Select the network services you want to apply to this policy rule.

    QoS

    Select the QoS you want to apply to this policy rule.

    Log

    Select this check box to log traffic pattern.

    Mirror

    Select this check box to mirror traffic pattern.

  5. (Optional) Click +Add to add another policy rule.
  6. Click Create to create the network policy.

    The Network Policies page is displayed. All policies that you created are displayed in the Network Policies page.

(Optional) Attach a network policy to a virtual network.

  1. Navigate to Overlay>Virtual Networks.

    The All networks page is displayed.

  2. To select the virtual network you want to add the policy to, select the check box next to the name of the virtual network. Then click the Edit icon at the end of the row.

    The Edit Virtual Network page is displayed.

  3. Select the network policy from the Network Policies list and click Save.

    The policy is now added and the All networks page is displayed.