Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating a Network Policy—Juniper Networks Contrail

    The Contrail Controller makes creating network traffic policies very simple. You work from the self-service user interface to define a policy, then define a rule or rules to be applied in that policy. You can define such things as the type and direction of traffic for the rule, the source and destination of that traffic, traffic originating from or destined for specific ports, the sequence in which to apply a rule, and so on. The following procedure shows how to create a network policy when using Juniper Networks Contrail.

    1. In the Contrail module, start at Configure > Networking > Policies to display the Network Policy screen; see Figure 1.

      Figure 1: Network Policy

      Network Policy
    2. Click the Create button at the upper right.

      The Create Policy window appears; see Figure 2.

      Figure 2: Create Policy

      Create Policy
    3. Complete the fields in the Create Policy window, using the guidelines in Table 1.

      Table 1: Create Policy Fields

      Field

      Description

      Policy Name

      Enter a name for the policy you are creating.

      Associate Networks

      Click this field to select from a list of available networks the networks to be associated with this policy. Click one network at a time to add one or more networks to the field. The selected networks are listed in the field. To remove any selected network, click the X to the right of the network.

      Policy Rules

      Use this area to define the rules for the policy you are creating. Click the + (plus sign) to open up the fields for defining the rules. Click the - (minus sign) to delete any rule. Multiple rules can be added to a policy. Each policy rule field is described in the following table rows.

      Action

      Define the action to take with traffic that matches the current rule. Select from a list: Pass, Deny.

      Protocol

      Define the protocol associated with traffic for this policy rule. Select from a list of available protocols (or ANY): ANY, TCP, UDP, ICMP.

      Source Network

      Select the source network for traffic associated with this policy rule. Choose ANY or select from a list of all sources available displayed in the drop-down, in the form: domain-name:project-name:network-name.

      Source Ports

      Use this field to specify that traffic from particular source port(s) are associated with this policy rule. Identify traffic from any port or enter a specific port, a list of ports separated with commas, or a range of ports in the form nnnn-nnnnn.

      Direction

      Define the direction of traffic to match the rule, for example, to traffic moving in and out, or only to traffic moving in one direction. Select from a list: <> (bidirectional), > (unidirectional).

      Destination Network

      Select the destination network for traffic to match this rule. Choose ANY or select from a list of all destinations available displayed in the drop-down, in the form: domain-name:project-name:network-name.

      Destination Ports

      Define the destination port for traffic to match tis rule. Enter any for any destination port, or enter a specific port, a list of ports separated with commas, or a range of ports in the form nnnn-nnnnn.

      Apply Service

      Check the box to open a field where you can select from a list of available services the services to apply to this policy. The services will be applied in the order in which they are selected. There is a restricted set of options that can be selected when applying services. For more information about services, see Service Chaining.

      Mirror to

      Check the box to open a field where you can select from the list of configured services the services that you want to mirror in this policy. You can select a maximum of two services to mirror. For more information about mirroring; see Configuring Traffic Analyzers and Packet Capture for Mirroring.

    4. When you are finished selecting the rules for this policy, click the Save button.

      The policy you just defined displays in the Network Policy column.

    Next you can associate the policy to a network, see Associating a Network to a Policy—Juniper Networks Contrail.

    Modified: 2015-09-02