Create Network Policy

A network policy is a set of access control rules that can be attached to virtual networks. A network policy determines what traffic that is allowed or denied on the network.

Procedure

Follow these steps to create a network policy by using the Contrail Command UI.

  1. Navigate to Overlay>Network Policies.

    The Network Policies page is displayed.

  2. Click Create.

    The Network Policy tab of the Create Network Policy page is displayed.

  3. Enter a name for the policy in the Policy Name field.
  4. Enter the following information as given in Table 33 to define a policy rule.

    You can define more than one rule for a policy.

    Table 33: Define Policy Rule

     

    Field

    Action

    Action

    To allow traffic to pass through the network, select Pass. To deny traffic, select Deny.

    Protocol

    Select a protocol you want to associate with traffic. Any is selected by default.

    Source Type

    Select the source type for this policy rule.

    Source

    Select the traffic source based on the source type you have selected.

    For example, if you select CIDR as the Source Type, enter the source subnet in the Source field.

    Source Port

    Leave the default option, Any, as is.

    Direction

    Determine the direction of traffic flow that you want to apply this policy rule.

    You can select < > or >.

    Destination Type

    Select the destination type for this policy rule.

    Destination

    Select the traffic destination based on the destination type you have selected.

    For example, if you select CIDR as the Destination Type, enter the destination subnet in the Destination field.

    Destination Ports

    Leave the default option, Any, as is.

    Advanced Options

    Select this check box to view more options that you can configure for this policy rule.

    Services

    Select the network services you want to apply to this policy rule.

    QoS

    Select the QoS you want to apply to this policy rule.

    Log

    Select this check box to log traffic pattern.

    Mirror

    Select this check box to mirror traffic pattern.

  5. (Optional) Click +Add to add another policy rule.
  6. Click Create to create the network policy.

    The Network Policies page is displayed. All policies that you created are displayed in the Network Policies page.