updates for c2c policies across spaces[#165267472]

Author: ljarzynski

deploy-apps/cf-networking.html.md.erb

@@ -58,16 +58,16 @@ This topic describes how to configure the Container-to-Container Networking feat
 ## <a name="create-policies"></a> Create and Manage Networking Policies
 
 This section describes how to create and modify Container-to-Container Networking policies using the Cloud Foundry Command Line Interface (cf CLI).
-The cf CLI only supports configuring policies for apps within the same space. 
-To configure policies for apps in different orgs and spaces, use the [Policy Server External API](https://github.com/cloudfoundry/cf-networking-release/blob/develop/docs/API_v0.md).
+
+<p class="note"><strong>Strong</strong>: To configure policies for apps in different orgs and spaces, ensure you have cf CLI v6.42.0 or later.</p> 
 
 <%= vars.app_man_network %>
 
 <p class='note'><strong>Note:</strong> With the NSX-T integration, container networking policies and ASGs continue to work as normal. Advanced ASG logging is not supported with NSX-T.</p>
 
 ### <a name="prereq"></a> Prerequisites
 
-* Ensure that you are using cf CLI v6.30 or higher:
+* Ensure that you are using cf CLI v6.42 or later:
 <pre class="terminal">
 $ cf version
 </pre>
@@ -112,13 +112,15 @@ To grant all Space Developers permissions to configure network policies, <%=  va
 
 To add a policy that allows direct network traffic from one app to another, run the following command:
 
-```cf add-network-policy SOURCE_APP --destination-app DESTINATION_APP --protocol (tcp | udp) --port RANGE
+```cf add-network-policy SOURCE_APP --destination-app DESTINATION_APP -s DESTINATION_SPACE_NAME -o DESTINATION_ORG_NAME --protocol (tcp | udp) --port RANGE
 ```
 
 Replace the placeholders in the above command as follows:
 
 * `SOURCE_APP` is the name of the app that sends traffic.
 * `DESTINATION_APP` is the name of the app that will receive traffic.
+* `DESTINATION_SPACE_NAME` is the space of the destination app. The default is the targeted space. 
+* `DESTINATION_ORG_NAME` is the org of the destination app. The default is the targeted org. 
 * `PROTOCOL` is one of the following: `tcp` or `udp`.
 * `RANGE` are the ports at which to connect to the destination app. The allowed range is from `1` to `65535`. You can specify a single port, such as `8080`, or a range of ports, such as `8080-8090`.
 
@@ -152,21 +154,23 @@ You can list all the policies in your space, or just the policies for which a si
     $ cf network-policies --source frontend
     Listing network policies in org my-org / space dev as admin...
 
-    source      destination   protocol   ports
-    frontend    backend       tcp        8080
+    source      destination   protocol   ports    destination space    destination org
+    frontend    backend       tcp        8080     example-space        example-org
     </pre>
 
 ### <a name="rm-policy"></a> Remove a Network Policy
 
 To remove a policy that allows direct network traffic from an app, run the following command:
 
-```cf remove-network-policy SOURCE_APP --destination-app DESTINATION_APP --protocol PROTOCOL --port RANGE
+```cf remove-network-policy SOURCE_APP --destination-app DESTINATION_APP -s DESTINATION_SPACE_NAME -o DESTINATION_ORG_NAME --protocol PROTOCOL --port RANGE
 ```
 
 Replace the placeholders in the above command to match an existing policy, as follows:
 
 * `SOURCE_APP` is the name of the app that sends traffic.
 * `DESTINATION_APP` is the name of the app that receives traffic.
+* `DESTINATION_SPACE_NAME` is the space of the destination app. The default is the targeted space. 
+* `DESTINATION_ORG_NAME` is the org of the destination app. The default is the targeted org. 
 * `PROTOCOL` is either `tcp` or `udp`.
 * `PORTS` are the ports connecting the apps. The allowed range is from `1` to `65535`. You can specify a single port, such as `8080`, or a range of ports, such as `8080-8090`.