Looking at the documentation, there are two types of edge router policies, those for services and those for identities. The latter are referred to as ‘service edge router policies’, but the former simply ‘edge router policies’.
Has it been considered to name them ‘identity edge router policies’ for easier differentiating?
Btw, I’m just reading the docs and noting things that make my brain itch a little bit.
Thank you for the feedback. Yes, we considered renaming all the policies to include the two linked entities (e.g., Service Identity Policy instead of just Service Policy) when adding Service Edge Router Policy (the first one that didn’t include Identity). You can make a good case that it would be clearer to be more explicit here, but we didn’t think it was worth the disruption at the time (and the names becoming such mouthfuls that people would start using acronyms and ultimately make the terms less clear). The other consideration is that Service Edge Router Policies are the least used policy (most systems are set as #all/#all and never change)
1 Like
It’s also likely that service edge router polices will morph into just ‘router policies’ at some point, which would define which routers services are allowed to use. That would be routers for the entire circuit, not just where traffic enters and exits the mesh. There hasn’t been much interested in managing edge policy based on services, but there have been requests to manage allowed routers for the entire circuit based on service. Not sure when we’ll get there, though.
-Paul
1 Like