Skip to main content

Create a router policy

A router policy is an explicit rule that governs access to the network data plane. This policy dictates which identities are authorized to connect to which routers to access the NetFoundry overlay network. This guide walks you through creating one.

Steps

  1. From the console, make sure the network you want is selected in the dropdown at the top of the left-hand menu.

  2. Click Policies from the same menu.

  3. Click the Router Policies tab.

  4. Click the + icon to open the Create New Edge Router Policy form.

  5. Fill in the required fields:

    • Edge Router Policy Name: Enter a unique name for the policy (e.g., public to indicate that the policy grants access to all public, platform-hosted routers, which is the necessary first step for client identities to join the network).
  6. Configure the policy rules:

    • Select Edge Router Attributes: Enter the attributes or direct router references that define the routers this policy applies to (e.g., #us-east-routers).
    • Select Identity Attributes: Enter the attributes or direct identity references that define the identities authorized to connect to those routers (e.g., #employees).
  7. Configure the policy semantic:

    • Semantic: Select the logical operator for matching multiple rules:
      • AnyOf: Matches if the attributes meet any of the defined rule sets.
      • AllOf: Matches only if the attributes meet all of the defined rule sets.
  8. (Optional) Toggle Show more options to ON to configure custom tags:

    • Custom tags: Use the Name and Value fields to attach non-functional metadata to the policy for tracking or inventory purposes.
  9. Click Save.

    After clicking Save, the console displays the created policy and the tabs showing all associated router attributes and identity attributes.