Skip to main content

Create a service router policy

A service router policy is a rule that authorizes which routers can be used to initiate overlay traffic to specific services. It dictates which routers are permitted to establish a secure egress connection (the terminator) to which services, thereby defining what router can be the location of the end of traffic.

This authorization step is required to establish the data plane connection that creates the secure pathway, making the service reachable from the network through the approved router.

warning

Service router policies are an advanced configuration feature. You should only configure an SRP if you have a specific requirement and fully understand its purpose and implications for your network's service routing. Most users never need to configure a service router policy.

Steps

  1. From the console, select your network from the dropdown in the left-hand menu.

  2. Click Policies from the same menu.

  3. Click the Service Router Policies tab.

  4. Click the plus icon (+) to open the Create New Service Edge Router Policy form.

  5. Fill in the required fields:

    • Service Edge Router Policy Name: Enter a unique name for the policy (e.g., web-app-hosting).

  6. Configure the policy rules:

    • Select Edge Router Attributes: Enter the attributes or direct references that define the routers authorized to host the services (e.g., #data-center-routers).
    • Select Service Attributes: Enter the attributes or direct references that define the services that can be hosted on those routers (e.g., #web-apps).

  7. Configure the policy semantic:

    • Semantic: Select the logical operator for matching multiple rules:
      • AnyOf: Matches if the attributes meet any of the defined rule sets.
      • AllOf: Matches only if the attributes meet all of the defined rule sets.

  8. (Optional) Toggle Show more options to ON to configure custom tags:

    • Custom tags: Use the Name and Value fields to attach non-functional metadata to the policy for tracking or inventory purposes.

  9. Click Save.

    After clicking Save, the console displays the created policy and the tabs showing all associated service attributes and router attributes that match the attributes you defined. This action immediately establishes the terminators, making the service ready to accept connections.