Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating a Network Policy—OpenStack Contrail

    Contrail makes creating network traffic policies very simple. You work from the self-service user interface to define a policy, then define a rule or rules to be applied in that policy. You can define such things as the type and direction of traffic for the rule, the source and destination of that traffic, traffic originating from or destined for specific ports, the sequence in which to apply a rule, and so on. The following procedure shows how to create a network policy when using OpenStack.

    1. On the OpenStack dashboard, make sure your project is displayed in the Current Project box, click Networking, and then click the Network Policy tab to display the Network Policy screen; see Figure 1.

      Figure 1: Network Policy

      Network Policy
    2. Click the Create Policy button at the upper right.

      The Create Network Policy window appears; see Figure 2.

      Figure 2: Create Network Policy

      Create Network Policy
    3. Enter a name and a description for this policy. Names cannot include spaces.
    4. When finished, click the Create Policy button on the lower right.

      Your policy is created and it appears on the Network Policy screen; see Figure 3.

      Figure 3: Network Policy

      Network Policy
    5. On the Network Policy window, click the check box for your new policy, then click the Edit Rules button for that policy.

      The Edit Policy Rules window appears; see Figure 4.

      Figure 4: Edit Policy Rules

      Edit Policy Rules
    6. Define the rules for your policy, using the guidelines in Table 1.

      Table 1: Edit Policy Rules Fields

      Field

      Description

      Policy Rules Details

      This section of the window displays any rules that have already been created for this policy.

      Id

      Displays a sequential number identifier for each rule within a policy.

      Rule Details

      Displays a description of the rule on this line.

      Actions

      Available actions for the rule on this line appear in this column. Currently you can use the Delete button in this column to delete a rule.

      Sequence Id

      This field lets you define the order in which to apply the current rule. Select from a list: Last Rule, First Rule, After Rule.

      Action

      Define the action to take with traffic that matches the current rule. Select from a list: Pass, Deny.

      Direction

      Define the direction in which to apply the rule, for example, to traffic moving in and out, or only to traffic moving in one direction. Select from a list: Bidirectional, Unidirectional.

      IP Protocol

      Select from a list of available protocols (or ANY): ANY, TCP, UDP, ICMP,

      Source Net

      Select the source network for this rule. Choose Local (any network to which this policy is associated), Any (all networks created under the current project) or select from a list of all sources available displayed in the drop-down list, in the form: domain-name:project-name:network-name.

      Source Ports

      Accept traffic from any port or enter a specific port, a list of ports separated with commas, or a range of ports in the form nnnn-nnnnn.

      Destination Net

      Select the destination network for this rule. Choose Local (any network to which this policy is associated), Any (all networks created under the current project) or select from a list of all destinations available displayed in the drop-down list, in the form: domain-name:project-name:network-name.

      Destination Ports

      Send traffic to any port or enter a specific port, a list of ports separated with commas, or a range of ports in the form nnnn-nnnnn.

    7. When you are finished selecting the rules for this policy, click the Add Rule button on the lower right of the Edit Policy Rules window.

    Next you can associate the policy to a network, see Associating a Network to a Policy—OpenStack Contrail.

    Modified: 2015-09-02