Fill in index.mdx and create about.mdx covering how it works

Author: RebeccaTamachiro

src/content/docs/smart-shield/configuration/dedicated-egress-ips/about.mdx

@@ -0,0 +1,35 @@
+---
+title: How it works
+pcx_content_type: concept
+sidebar:
+  order: 2
+head:
+  - tag: title
+    content: How Dedicated CDN Egress IPs work
+---
+
+When you use Cloudflare [as a reverse proxy](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy), [Cloudflare's global network](https://www.cloudflare.com/network/) sits between client requests and your origin servers.
+
+```mermaid
+flowchart LR
+        accTitle: Cloudflare as a reverse proxy
+        accDescr: Diagram showing Cloudflare's network between clients and the origin server.
+        A[Client] <--> B((Cloudflare))<--> C[(Origin server)]
+```
+
+Zooming in to what happens as a request routes through Cloudflare, you can consider two parts of the process: ingress and egress.
+
+```mermaid
+flowchart LR
+        accTitle: Cloudflare as a reverse proxy
+        accDescr: Diagram showing Cloudflare's network between clients and the origin server.
+        A[Client] --ingress--> B((Cloudflare))--egress--> C[(Origin server)]
+```
+
+Ingress refers to the data center where the client request lands on, based on Internet routing. From there on, the request will be processed according to your Cloudflare configurations and, if needed, a connection to the origin will be initiated via an egress data center.
+
+Traditionally, Cloudflare maintains a very large pool of egress IPs that are used by all Cloudflare customers and are [publicly documented](https://www.cloudflare.com/ips/). With Dedicated CDN Egress IPs, Cloudflare connects to your origin using IPs that are reserved for you.
+
+:::note
+Each dedicated egress pool can consist of either IPs from a [BYOIP prefix](/byoip/) or Cloudflare-leased IPs. A single dedicated egress pool cannot contain both BYOIPs and leased IPs.
+:::

src/content/docs/smart-shield/configuration/dedicated-egress-ips/index.mdx

@@ -5,4 +5,32 @@ sidebar:
   order: 10
   group:
     label: Dedicated Egress IPs
----
+---
+
+import { GlossaryTooltip, DirectoryListing } from "~/components";
+
+Enterprise customers can leverage dedicated egress IPs (from Cloudflare to your origin) for layer 7 [WAF](/waf/) and <GlossaryTooltip term="content delivery network (CDN)">CDN</GlossaryTooltip> services, as well as [Spectrum](/spectrum/). The egress IPs are reserved exclusively for your account so that you can increase your origin security by only allowing traffic from a small list of IP addresses.
+
+:::note
+If you are interested in using Smart Shield Advanced with Dedicated CDN Egress IPs, reach out to your account team.
+:::
+
+## Benefits
+
+With dedicated egress IPs, you can:
+
+* Lock down your [network firewall](/aegis/configuration-options/network-firewall/) to only allow traffic from the your dedicated CDN egress IPs.
+* Use [Cloudflare Access](/aegis/configuration-options/access-cni/) to secure your applications without installing software or customizing code on your server.
+* Ensure only authorized [Workers](/aegis/configuration-options/workers/) can access your origin services.
+
+## Scope
+
+You can assign Dedicated CDN Egress IPs to single or multiple Cloudflare zones, and across different Cloudflare accounts.
+
+Dedicated CDN Egress IPs are included within [BGP advertisement over CNI](/network-interconnect/).
+
+Each dedicated egress pool can consist of either IPs from a [BYOIP prefix](/byoip/) or Cloudflare-leased IPs. A single dedicated egress pool cannot contain both BYOIPs and leased IPs.
+
+## Further resources
+
+<DirectoryListing />