From 845a982cdd297df7736e789a4797c4cb8cb47a58 Mon Sep 17 00:00:00 2001 From: Erfi Anugrah Date: Fri, 1 Nov 2024 08:36:46 +0000 Subject: [PATCH 1/7] Clarifying CIDR block usage for Address Maps in MT w/ L7 guide --- .../magic-transit-with-cdn.mdx | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index 372e8a427475be..0bd556db5a0705 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -11,7 +11,7 @@ import { Details, Example, TabItem, Tabs, GlossaryTooltip } from "~/components"; [Magic Transit](/magic-transit/) customers using BYOIP can also benefit from the performance, reliability, and security that Cloudflare offers for HTTP-based applications. -This documentation covers using the Cloudflare API to configure [service bindings](/byoip/service-bindings/) within Cloudflare's IP Address Management framework. Service bindings allow BYOIP customers to selectively route traffic on a per-IP address basis to the CDN pipeline (which includes [Cache](/cache/), [Web Application Firewal (WAF)](/waf/), and more). +This documentation covers using the Cloudflare API to configure [service bindings](/byoip/service-bindings/) within Cloudflare's IP Address Management framework. Service bindings allow BYOIP customers to selectively route traffic on a per-IP address basis to the CDN pipeline (which includes [Cache](/cache/), [Web Application Firewall (WAF)](/waf/), and more). It is also possible to define service bindings to route traffic to the Spectrum pipeline selectively. However, this is not in the scope of this guide. @@ -19,7 +19,7 @@ It is important to note that traffic routed to the CDN pipeline is protected at ## Before you begin -Efficiency is paramount when planning how you will implement service bindings. Implementing service bindings through an aggregated CIDR block is strongly recommended. +Even though it is possible to add discrete bindings for non-contiguous CIDR blocks (having to use different prefixes might necessitate this), implementing service bindings through an **aggregated** CIDR block is **strongly** recommended.
@@ -27,16 +27,16 @@ Efficiency is paramount when planning how you will implement service bindings. I **IPs to upgrade to the CDN:** - `203.0.113.16` - `203.0.113.17` - `203.0.113.18` - `203.0.113.19` - `203.0.113.20` - `203.0.113.21` - `203.0.113.22` + `203.0.113.16`
+ `203.0.113.17`
+ `203.0.113.18`
+ `203.0.113.19`
+ `203.0.113.20`
+ `203.0.113.21`
+ `203.0.113.22`
`203.0.113.23` - **Best practice:** Add one discrete CDN service binding for `203.0.113.16` with a `/29` netmask. + Add one discrete CDN service binding for `203.0.113.16` with a `/29` netmask.
From a105c7d61719308a271b7f8838a97aff4e11f390 Mon Sep 17 00:00:00 2001 From: Erfi Anugrah Date: Fri, 1 Nov 2024 09:41:15 +0000 Subject: [PATCH 2/7] Clarifying CIDR block usage for Address Maps in MT w/ L7 guide - add note for prefix delegations --- .../byoip/service-bindings/magic-transit-with-cdn.mdx | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index 0bd556db5a0705..95ca869bc5b8a4 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -7,7 +7,7 @@ sidebar: --- -import { Details, Example, TabItem, Tabs, GlossaryTooltip } from "~/components"; +import { Details, Example, TabItem, Tabs, GlossaryTooltip, Aside} from "~/components"; [Magic Transit](/magic-transit/) customers using BYOIP can also benefit from the performance, reliability, and security that Cloudflare offers for HTTP-based applications. @@ -40,8 +40,11 @@ Even though it is possible to add discrete bindings for non-contiguous CIDR bloc -Once a service binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's global network. Services for the IP addresses in scope will likely be disrupted during this window. +Once a service binding is created (or deleted), it will take **four** to **six** hours to propagate across Cloudflare's global network. Services for the IP addresses in scope will likely be disrupted during this window. +:::note +This assumes that the prefix is tied to an account that has both Magic Transit and CDN properties. If not refer to [Prefix Delegations](/byoip/concepts/prefix-delegations/). The [Edge Service Bindings](#2-create-service-binding) will need to be done on the parent account as well. +::: ## 1. Get account information @@ -199,9 +202,9 @@ At this point, if an address map for a zone `example.com` specifies that Cloudfl 4. As the HTTP response egresses the Cloudflare network back to the client side, the source IP address of the response becomes `203.0.113.100` (the IP address that the HTTP request originally landed on). - +:::note Having the same IP address as ingress IP (defined in the address map) and origin IP (listed in the DNS record) will not cause any loops. - +:::
Assuming `203.0.113.100` was also the origin IP, the DNS record would look like the following: From bd1189aa23c7b9e780600b5b08ea373d1aaf59ea Mon Sep 17 00:00:00 2001 From: Erfi Anugrah Date: Fri, 1 Nov 2024 19:47:08 +0000 Subject: [PATCH 3/7] Clarifying CIDR block usage for Address Maps in MT w/ L7 guide - fixed typos --- .../docs/byoip/service-bindings/magic-transit-with-cdn.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index 95ca869bc5b8a4..f138c441bd547c 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -132,7 +132,7 @@ You can choose between two different scopes: * Zone-level: uses the address map for all proxied DNS records within a zone. :::note -If you need to map only specific subdomains to specific IP addresses - and not all proxied DNS records -, you can use a [Subdomain setup](/dns/zone-setups/subdomain-setup/). +If you need to map only specific subdomains to specific IP addresses and not all proxied DNS records, you can use a [Subdomain setup](/dns/zone-setups/subdomain-setup/). ::: @@ -215,7 +215,7 @@ Assuming `203.0.113.100` was also the origin IP, the DNS record would look like
-## 5.(Optional) Add layer 7 functionality +## 5. (Optional) Add layer 7 functionality Leverage other features according to your needs: From 8328a441f14c8a171682470ebd0528ece2759c6b Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 5 Nov 2024 15:44:30 +0000 Subject: [PATCH 4/7] Remove Aside import and reword address maps vs subdomain setup callout --- .../docs/byoip/service-bindings/magic-transit-with-cdn.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index f138c441bd547c..d526b1f8b356f5 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -7,7 +7,7 @@ sidebar: --- -import { Details, Example, TabItem, Tabs, GlossaryTooltip, Aside} from "~/components"; +import { Details, Example, TabItem, Tabs, GlossaryTooltip } from "~/components"; [Magic Transit](/magic-transit/) customers using BYOIP can also benefit from the performance, reliability, and security that Cloudflare offers for HTTP-based applications. @@ -132,7 +132,7 @@ You can choose between two different scopes: * Zone-level: uses the address map for all proxied DNS records within a zone. :::note -If you need to map only specific subdomains to specific IP addresses and not all proxied DNS records, you can use a [Subdomain setup](/dns/zone-setups/subdomain-setup/). +If you need to map only specific subdomains (and not all proxied DNS records) to specific IP addresses, you can use a [Subdomain setup](/dns/zone-setups/subdomain-setup/). ::: From f617c134afb7b40ed26134ed9dd23fbd5eab2652 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 5 Nov 2024 16:19:19 +0000 Subject: [PATCH 5/7] Clarify note on single account vs prefix delegations --- .../docs/byoip/service-bindings/magic-transit-with-cdn.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index d526b1f8b356f5..4229aeaa6d2dd2 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -43,7 +43,7 @@ Even though it is possible to add discrete bindings for non-contiguous CIDR bloc Once a service binding is created (or deleted), it will take **four** to **six** hours to propagate across Cloudflare's global network. Services for the IP addresses in scope will likely be disrupted during this window. :::note -This assumes that the prefix is tied to an account that has both Magic Transit and CDN properties. If not refer to [Prefix Delegations](/byoip/concepts/prefix-delegations/). The [Edge Service Bindings](#2-create-service-binding) will need to be done on the parent account as well. +This guide assumes that the prefix is tied to a single Cloudflare account that has both Magic Transit and CDN properties. If you are using [prefix delegations](/byoip/concepts/prefix-delegations/), the service bindings must be [created](#2-create-service-binding) on the parent account. ::: ## 1. Get account information From f8dcd0823d48c936b7b0f6e907ed0dc4e25e10ab Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 5 Nov 2024 16:31:36 +0000 Subject: [PATCH 6/7] Text review for first paragraph in Before you begin --- .../docs/byoip/service-bindings/magic-transit-with-cdn.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index 4229aeaa6d2dd2..f7126aa4c94300 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -19,7 +19,7 @@ It is important to note that traffic routed to the CDN pipeline is protected at ## Before you begin -Even though it is possible to add discrete bindings for non-contiguous CIDR blocks (having to use different prefixes might necessitate this), implementing service bindings through an **aggregated** CIDR block is **strongly** recommended. +Although it is possible to add discrete bindings for non-contiguous CIDR blocks (if you have to use different prefixes, for example), implementing service bindings through an **aggregated** CIDR block is **strongly** recommended.
From a11a031e973b081a25dcd74c4ab6990d2f64d60e Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 5 Nov 2024 17:06:10 +0000 Subject: [PATCH 7/7] Remove parenthesis and spell out efficiency perspective --- .../docs/byoip/service-bindings/magic-transit-with-cdn.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index f7126aa4c94300..2a2b7fb0887177 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -19,7 +19,7 @@ It is important to note that traffic routed to the CDN pipeline is protected at ## Before you begin -Although it is possible to add discrete bindings for non-contiguous CIDR blocks (if you have to use different prefixes, for example), implementing service bindings through an **aggregated** CIDR block is **strongly** recommended. +Although it is possible to add discrete bindings for non-contiguous CIDR blocks, implementing service bindings through an **aggregated** CIDR block is **strongly** recommended as it is more efficient.