Product V7 - Role Attributes

This article applies to NetFoundry network Products version 7 or higher.  Refer to Finding Your Network Version for detailed information on determining your Network Version.



Role attributes are represented in the web console as a #hashtags and appear on three types of resources:

  • Endpoints
  • Services
  • Edge Routers

Service authorizations and router configurations are created by matching attributes on resources and policies. A policy may also @mention a particular resource by name. There are three types of policies:

  • AppWANs
    authorize Endpoints to Services
  • Edge Router Policies
    configure Endpoints to Edge Routers
  • Service Edge Router Policies
    configure Edge Routers to Endpoint-hosted Services



  • Endpoints match AppWANs to authorize the Endpoint to dial the Services in the AppWAN.
  • Endpoints match Edge Router Policies to configure the Edge Routers that Endpoint will use to dial Services. You could add #defaultRouters to all Endpoints, Edge Routers, and Edge Router Policies if you do not have a need to configure routes.

Edge Routers

  • Edge Routers match Edge Router Policies to become available to Endpoints for dialing Services.
  • Endpoint-hosted services only: Edge Routers match Services to determine by which Edge Routers a hosted Service is dialed by Endpoints.


  • Services match AppWANs to make the Service available to Endpoints that match the same AppWAN.
  • Endpoint-hosted services only: Service field edgeRouterAttributes matches Edge Routers to configure them for this Service. This determines by which Edge Routers a hosted Service is dialed by Endpoints.

Hosted vs Terminated

A Service is either hosted or terminated. Service Router Policies are only necessary for hosted Services. A server described by a hosted Service is inside the NetFoundry network, and a server described by a terminated Service is outside the NetFoundry network.


  • Hosted: An Endpoint that is an SDK app with a built-in server may host a Service.
  • Terminated: A server that is accessed at a public IP address by an Edge Router is a terminated Service. The Edge Router terminates the Service on the edge of the NetFoundry network.


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.