diff --git a/docs/index.md b/docs/index.md
index fca748a4ed..ee2d1868c1 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -38,6 +38,7 @@ Topic guides go more in-depth on a particular topic.
 topic/config.md
 topic/hub-templates.md
 topic/storage-layer.md
+topic/network.md
 topic/terraform.md
 topic/cluster-design.md
 topic/secrets.md
diff --git a/docs/topic/network.md b/docs/topic/network.md
new file mode 100644
index 0000000000..8b4cb21247
--- /dev/null
+++ b/docs/topic/network.md
@@ -0,0 +1,5 @@
+# Network Policy
+
+2i2c-managed hubs have a permissive network policy for the user servers that allows all outbound access to the internet, but restricts traffic within the cluster.
+
+The policy is [defined in the `basehub` chart](https://github.com/2i2c-org/infrastructure/blob/master/hub-templates/basehub/values.yaml#L153) and is inherited by the `daskhub` chart.