add ipv6 range

Author: ranbel

src/content/docs/cloudflare-one/connections/connect-networks/private-net/cloudflared/connect-private-hostname.mdx

@@ -7,7 +7,7 @@ sidebar:
     text: Beta
 ---
 
-import { Render, Details } from "~/components";
+import { Render, Details, GlossaryTooltip } from "~/components";
 
 `cloudflared` can route to HTTP and non-HTTP applications on your private network using their private hostname (for example, `wiki.internal.local`). Private hostname routes are especially useful when the application has an unknown or ephemeral IP, which often occurs when infrastructure is provisioned by a third-party cloud provider.
 
@@ -31,8 +31,7 @@ Figures 1 and 2 illustrate the flow of DNS and network traffic when a user conne
 2. Based on the configured resolver policies, Gateway determines that `wiki.internal.local` should be resolved by a custom DNS resolver.
 3. Gateway does a DNS lookup for `wiki.internal.local` through Cloudflare Tunnel, and the custom DNS resolver returns the origin IP (`10.0.0.5`).
 4. Rather than responding to the DNS query with the actual origin IP, Gateway responds with a random IP address from the following CGNAT range:
-	- **IPv4**: `100.80.0.0/16`
-	- **IPv6**: `2606:4700:0cf1:4000::/64`
+	<Render file="gateway/egress-selector-cgnat-ips" />
 
 	The selected CGNAT IP is called the initial resolved IP.
 5. Gateway's network engine stores the mapping between the private hostname (`wiki.internal.local`), initial resolved IP (`100.80.0.1`), and the actual IP (`10.0.0.5`).
@@ -103,7 +102,8 @@ Configure Gateway to resolve the private hostname using your internal DNS resolv
 
 In your [device profiles](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/), [configure Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) so that the following IPs route through the WARP tunnel:
 
-- Initial resolved IP CGNAT range: `100.80.0.0/16`
+- <GlossaryTooltip term="initial resolved IP">Initial resolved IP</GlossaryTooltip> CGNAT range:
+	<Render file="gateway/egress-selector-cgnat-ips" />
 - Private network CIDR where the application is located (for example, `10.0.0.0/8`)
 - Internal DNS resolver IP
 

src/content/docs/cloudflare-one/policies/gateway/egress-policies/egress-cloudflared.mdx

@@ -7,7 +7,7 @@ sidebar:
     text: Beta
 ---
 
-import { Render, Details } from "~/components";
+import { Render, Details, GlossaryTooltip } from "~/components";
 
 <Render file="gateway/egress-selector-warp-version" />
 
@@ -63,14 +63,15 @@ To route a public hostname through Cloudflare Tunnel:
 
 If your traffic is onboarded using WARP, ensure that traffic to the following IP addresses route through the WARP tunnel to Gateway:
 
-- Initial resolved IP CGNAT range: `100.80.0.0/16`
+- <GlossaryTooltip term="initial resolved IP">Initial resolved IP</GlossaryTooltip> CGNAT range:
+	<Render file="gateway/egress-selector-cgnat-ips" />
 - Private network CIDR block
 
 ### Route initial resolved IPs
 
-When users connect to a public hostname route, Gateway will assign an initial resolved IP from the `100.80.0.0/16` range to the DNS query. The initial resolved IP is required because Gateway's network engine operates at L3/L4 and can only see IPs (not hostnames) when processing the connection. If a packet's destination IP falls within the `100.80.0.0/16`, Gateway knows that the IP maps to a public hostname route and sends the traffic down the corresponding Cloudflare Tunnel.
+When users connect to a public hostname route, Gateway will assign an <GlossaryTooltip term="initial resolved IP">initial resolved IP</GlossaryTooltip> to the DNS query. The initial resolved IP is required because Gateway's network engine operates at L3/L4 and can only see IPs (not hostnames) when processing the connection. If a packet's destination IP falls within the initial resolved IP CGNAT range, Gateway knows that the IP maps to a public hostname route and sends the traffic down the corresponding Cloudflare Tunnel.
 
-To route `100.80.0.0/16` through WARP:
+To route initial resolved IPs through WARP:
 
 <Render file="gateway/egress-selector-split-tunnels" />
 

src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx

@@ -5,7 +5,7 @@ sidebar:
   order: 5
 ---
 
-import { Render, Badge, Tabs, TabItem, Details } from "~/components";
+import { Render, Badge, Tabs, TabItem, Details, GlossaryTooltip } from "~/components";
 
 :::note
 Only available on Enterprise plans.
@@ -186,7 +186,7 @@ The [Application](#application), [Content Categories](#content-categories), [Dom
 
 <Render file="gateway/egress-selector-onramps" />
 
-When you use these selectors in an egress policy for traffic from a supported on-ramp, Gateway will assign initial resolved IPs in the `100.80.0.0/16` range to the DNS queries, then apply the correct egress IP according to the egress policy. Unsupported traffic will be resolved with your default Gateway settings. Gateway will only overwrite the DNS response when the query matches a condition in the egress policy. If you use [DNS locations](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) to send a DNS query to Gateway with IPv4, IPv6, DoT, or DoH, Gateway will not return the initial resolved IP for supported traffic nor resolve unsupported traffic.
+When you use these selectors in an egress policy for traffic from a supported on-ramp, Gateway will assign <GlossaryTooltip term="initial resolved IP">initial resolved IPs</GlossaryTooltip> to the DNS queries, then apply the correct egress IP according to the egress policy. Unsupported traffic will be resolved with your default Gateway settings. Gateway will only overwrite the DNS response when the query matches a condition in the egress policy. If you use [DNS locations](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) to send a DNS query to Gateway with IPv4, IPv6, DoT, or DoH, Gateway will not return the initial resolved IP for supported traffic nor resolve unsupported traffic.
 
 To turn on the selectors for your account, use the [Patch Zero Trust account configuration](/api/resources/zero_trust/subresources/gateway/subresources/configurations/methods/edit/) endpoint. For example:
 

src/content/partials/cloudflare-one/gateway/egress-selector-cgnat-ips.mdx

@@ -0,0 +1,7 @@
+---
+{}
+
+---
+
+- **IPv4**: `100.80.0.0/16`
+- **IPv6**: `2606:4700:0cf1:4000::/64`

src/content/partials/cloudflare-one/gateway/egress-selector-split-tunnels.mdx

@@ -2,7 +2,7 @@
 {}
 
 ---
-import { Tabs, TabItem } from "~/components"
+import { Tabs, TabItem, Render } from "~/components"
 
 In your WARP [device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/), configure your [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) depending on the mode:
 
@@ -20,6 +20,6 @@ In your WARP [device profile](/cloudflare-one/connections/connect-devices/warp/c
    </TabItem> <TabItem label="Include IPs and domains">
 
    1. Add the required [Zero Trust domains](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-domains) or [IP addresses](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-ip-addresses) to your Split Tunnel include list.
-   2. [Add a route](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route) to include the IP address `100.80.0.0/16`.
-
+   2. [Add routes](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route) to include the following IP addresses:
+	 	<Render file="gateway/egress-selector-cgnat-ips" />
    </TabItem> </Tabs>