[DDoS Protection] MT Advanced DDoS Systems onboarding

patriciasantaana · patriciasantaana · commit 1975cdeb3730 · 2024-11-22T12:28:40.000-08:00
diff --git a/src/content/docs/ddos-protection/advanced-ddos-systems/overview/advanced-dns-protection.mdx b/src/content/docs/ddos-protection/advanced-ddos-systems/overview/advanced-dns-protection.mdx
@@ -9,8 +9,12 @@ head:
 
 ---
 
+import { Render } from "~/components"
+
 Cloudflare's Advanced DNS Protection, powered by [`flowtrackd`](https://blog.cloudflare.com/announcing-flowtrackd/), provides stateful protection against DNS-based DDoS attacks, specifically sophisticated and fully randomized DNS attacks such as [random prefix attacks](/dns/dns-firewall/random-prefix-attacks/about/).
 
+<Render file="mt-advanced-ddos-systems-onboarding" />
+
 ## How it works
 
 Cloudflare's Advanced DNS Protection works by first learning your traffic patterns and forming a baseline of the type of DNS queries you normally receive. Later, the system will be able to distinguish between legitimate and malicious queries, protecting your DNS infrastructure without impacting legitimate traffic.
diff --git a/src/content/docs/ddos-protection/advanced-ddos-systems/overview/advanced-tcp-protection.mdx b/src/content/docs/ddos-protection/advanced-ddos-systems/overview/advanced-tcp-protection.mdx
@@ -9,8 +9,12 @@ head:
 
 ---
 
+import { Render } from "~/components"
+
 Cloudflare's Advanced TCP Protection, powered by [`flowtrackd`](https://blog.cloudflare.com/announcing-flowtrackd/), is a stateful TCP inspection engine used to detect and mitigate sophisticated out-of-state TCP attacks such as randomized and spoofed ACK floods or SYN and SYN-ACK floods.
 
+<Render file="mt-advanced-ddos-systems-onboarding" />
+
 ## How it works
 
 Advanced TCP Protection can simultaneously protect against different kinds of attacks:
diff --git a/src/content/partials/ddos-protection/mt-advanced-ddos-systems-onboarding.mdx b/src/content/partials/ddos-protection/mt-advanced-ddos-systems-onboarding.mdx
@@ -0,0 +1,12 @@
+---
+{}
+
+---
+
+[Magic Transit](/magic-transit/) customers are automatically onboarded to the Advanced TCP Protection and Advanced DNS Protection systems. 
+
+Every 10 minutes, the `flowtrackd` API will look for new accounts in the conduit API. For each new account that it finds, it will add the account and its `authorized_prefixes` to the `flowtrackd` API, add default manual thresholds and rules for the TCP policer, TCP tracker, and DNS tracker—all in `monitoring` mode, and set the protection status to `Enabled` which allows `flowtrackd` to start processing your traffic.
+
+:::note
+If the `flowtrackd` API cannot find any `authorized_prefixes` for an account in the conduit API, it will wait to onboard you until the prefixes are present (up to seven days).
+:::
