From 0af9730f05388f1364f101452a92a7075db5ca1c Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 23 Sep 2024 10:48:31 +0100 Subject: [PATCH 01/10] Create new service-bindings section and adjust ordering --- src/content/docs/byoip/glossary.mdx | 3 +- .../docs/byoip/route-leak-detection.mdx | 2 +- .../docs/byoip/service-bindings/index.mdx | 36 +++++++++++++++++++ src/content/docs/byoip/troubleshooting.mdx | 2 +- 4 files changed, 40 insertions(+), 3 deletions(-) create mode 100644 src/content/docs/byoip/service-bindings/index.mdx diff --git a/src/content/docs/byoip/glossary.mdx b/src/content/docs/byoip/glossary.mdx index dd6cfe74e26d55..4180259f8d6231 100644 --- a/src/content/docs/byoip/glossary.mdx +++ b/src/content/docs/byoip/glossary.mdx @@ -1,7 +1,8 @@ --- title: Glossary pcx_content_type: glossary - +sidebar: + order: 12 --- import { Glossary } from "~/components" diff --git a/src/content/docs/byoip/route-leak-detection.mdx b/src/content/docs/byoip/route-leak-detection.mdx index 2328294967dcf7..41002bee519f7b 100644 --- a/src/content/docs/byoip/route-leak-detection.mdx +++ b/src/content/docs/byoip/route-leak-detection.mdx @@ -2,7 +2,7 @@ title: Route Leak Detection pcx_content_type: how-to sidebar: - order: 6 + order: 8 --- diff --git a/src/content/docs/byoip/service-bindings/index.mdx b/src/content/docs/byoip/service-bindings/index.mdx new file mode 100644 index 00000000000000..0fb62fe0327d86 --- /dev/null +++ b/src/content/docs/byoip/service-bindings/index.mdx @@ -0,0 +1,36 @@ +--- +title: IP address service bindings +pcx_content_type: concept +sidebar: + order: 6 + label: About + group: + label: Service bindings + +--- + +Within IP address management, service binding refers to the association of an IP (or a range of IPs) to specific Cloudflare services. + +## Scope + +Currently, if you have BYOIP configured with [Magic Transit](/magic-transit/), you can use the [service binding](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoints to add CDN or Spectrum capabilities on top of Magic Transit. + +### CDN (Cache) + +Adding the CDN service binding ensures that any HTTP requests received via designated IPs are directed into the CDN pipeline for [Layer 7 processing](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy) as they land on the Cloudflare network. + +Refer to [Use BYOIP with Magic Transit and CDN](/byoip/service-bindings/magic-transit-with-cdn/) to learn how to set this up. + +### Spectrum + +Adding [Spectrum](/spectrum/) allows you benefit from Cloudflare security and performance for Layer 4 traffic. + +## API + +Service binding operations are currently only available via API. You can find all endpoints and their specifications in the [Cloudflare API documentation](/api/operations/ip-address-management-service-bindings-list-service-bindings). + +## Limitations + +- It is currently not possible to use both Spectrum and CDN together with the Magic Transit service. You must choose one or the other when upgrading your IPs. +- You must keep Magic Transit as a common base service, spanning all addresses in your prefix. +- Once a service binding is created, its propagation across the Cloudflare network will take four to six hours to complete. \ No newline at end of file diff --git a/src/content/docs/byoip/troubleshooting.mdx b/src/content/docs/byoip/troubleshooting.mdx index 490daf888f9611..88cd51e8581e5a 100644 --- a/src/content/docs/byoip/troubleshooting.mdx +++ b/src/content/docs/byoip/troubleshooting.mdx @@ -2,7 +2,7 @@ pcx_content_type: troubleshooting title: Troubleshooting sidebar: - order: 7 + order: 10 --- From 2191b10676ed02278edba4c9e01a43616654e8ec Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 23 Sep 2024 11:20:14 +0100 Subject: [PATCH 02/10] Recreate how-to in .mdx and add to new branch --- .../magic-transit-with-cdn.mdx | 205 ++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx new file mode 100644 index 00000000000000..a158fc6a1cbfea --- /dev/null +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -0,0 +1,205 @@ +--- +title: Use BYOIP with Magic Transit and CDN +pcx_content_type: how-to +sidebar: + order: 3 + label: Magic Transit with CDN + +--- + +import { Details, Example, TabItem, Tabs, GlossaryTooltip } from "~/components"; + +[Magic Transit](/magic-transit/) customers using [BYOIP](/byoip/) can also benefit from the performance, reliability, and security that Cloudflare offers for HTTP-based applications. + +This configuration will use the [IP address management service bindings](/byoip/service-bindings/) to enable Cloudflare [CDN services (Cache)](/cache/) on top of Magic Transit, on individual IP addresses or on a subnet. + +## Before you begin + +- Consider the service bindings [scope and limitations](/byoip/service-bindings/). +- Plan for what IP addresses you want to configure. If you want to add CDN to multiple contiguous IP addresses, specifying a CIDR block that incorporates all IPs is more efficient. + +
+ + **Magic Transit protected prefix:** `203.0.113.100/24` + + **IPs to upgrade to the CDN:** + + `203.0.113.16` + `203.0.113.17` + `203.0.113.18` + `203.0.113.19` + `203.0.113.20` + `203.0.113.21` + `203.0.113.22` + `203.0.113.23` + + **Best practice:** Add one discrete CDN Service Binding for `203.0.113.16` with a `/29` netmask. + +
+ +- Note that a transitional state will take place for four to six hours after you create the service binding. During this time, traffic destined to your origins will slowly transition from the Magic Transit pipeline to the CDN pipeline. + +## 1. Get account information + +1. Log in to your Cloudflare account and get your [account ID](/fundamentals/setup/find-account-and-zone-ids/) and [API token](/fundamentals/api/get-started/create-token/). The token permissions should include `Account` - `IP Prefixes` - `Edit`. +2. Make a `GET` request to the [List Services](/api/operations/ip-address-management-service-bindings-list-services) endpoint and take note of the `id` associated with the CDN service. +3. Use the [List Prefixes](/api/operations/ip-address-management-prefixes-list-prefixes) endpoint and take note of the `id` associated with the prefix (`cidr`) you will configure. + + + +At this point, continuing the example mentioned above, you should have a mapping similar to the following: + +| Variables | Description | +|-------------------------------|----------------------------------------------------| +| `{service_id}` | The ID of the CDN service within Cloudflare.

Example: `969xxxxxxxx000xxx0000000x00001bf` | +| `{prefix_id}` | The ID of the Magic Transit protected prefix (`203.0.113.100/24`) you want to configure

Example: `6b25xxxxxxx000xxx0000000x0000cfc` | + + + +4. To confirm you currently only have a Magic Transit service binding and that it spans across your entire prefix, make a `GET` request to the [List Service Bindings](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoint. Replace the `{prefix_id}` in the URI path by the actual prefix ID you got from the previous step. + + + +```bash +curl https://api.cloudflare.com/client/v4/accounts/{account_id}/addressing/prefixes/{prefix_id}/bindings \ +--header "Authorization: Bearer " +``` + + + +## 2. Create service binding + +:::caution +Once this step is completed, a four to six-hour propagation state will initiate. Only after the service binding reaches an **active** state, all traffic will be processed through the CDN pipeline. +::: + +1. Make a `POST` request to the [Create Service Binding](/api/operations/ip-address-management-service-bindings-create-service-binding/) endpoint, indicating the IP address you want to bind to the CDN. Don't forget to specify the **corresponding network mask**. + + + +Continuing the example, `203.0.113.100/32` designates an IP address that is within the Magic Transit protected prefix `203.0.113.0/24`. + +Replace the `{prefix_id}` in the URI with your prefix ID from previous steps. Within the request body, the `cidr` value should correspond to the IP address or subnet that you are configuring for use with CDN. + +```bash + +curl https://api.cloudflare.com/client/v4/accounts/{account_id}/addressing/prefixes/{prefix_id}/bindings \ +--header "Authorization: Bearer " \ +--header "Content-Type: application/json" \ +--data '{ + "cidr": "203.0.113.100/32", + "service_id": +}' +``` + +In the response body, the initial provisioning state should be `provisioning`. + +```json +{ + "errors": [], + "messages": [], + "success": true, + "result": { + "cidr": "203.0.113.100/32", + "id": , + "provisioning": { + "state": "provisioning" + }, + "service_id": , + "service_name": "CDN" + } +} +``` + + +2. (Optional) Through the four to six hours that your change will take to propagate, you can use the [List Service Bindings](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoint to programmatically check for the `active` provisioning state. + +## 3. Create address maps + +Once you have configured your IPs to have CDN service, you can use address maps to specify which IPs should be used by Cloudflare in DNS responses when a record is [proxied](/dns/manage-dns-records/reference/proxied-dns-records/#proxied-records). + +You can choose between two different scopes: + +* Account-level: uses the address map for all proxied DNS records across all of the zones within an account. + +* Zone-level: uses the address map for all proxied DNS records within a zone. + +:::note +If you need to map only specific subdomains to specific IP addresses - and not all proxied DNS records -, you can use a [Subdomain setup](/dns/zone-setups/subdomain-setup/). +::: + + + + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account. +2. Go to **IP Addresses** > **Address Maps**. +3. Select **Create an address map**. +4. Choose the scope of the address map. +5. Add the zones and IP addresses that you want to map. +6. Name your address map. +7. Review the information and select **Save and Deploy**. + + + + +Use the [Create Address Map](/api/operations/ip-address-management-address-maps-create-address-map) endpoint. + +Make sure you have the correct Key/Token and permissions. + + + + +## 4. Create DNS records + + + + +To create a DNS record in the dashboard: + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select an account and domain. +2. Go to **DNS** > **Records**. +3. Select **Add record**. +4. Choose an address (`A`/`AAAA`) record [**Type**](/dns/manage-dns-records/reference/dns-record-types/). +5. Complete the required fields, indicating an IP address that has CDN service binding and setting the proxy status to **proxied**. +6. Select **Save**. + + + + + +To create records with the API, use a [POST request](/api/operations/dns-records-for-a-zone-create-dns-record). For field definitions, select a record type under the request body specification. + + + + +:::note +As you create the necessary DNS records, [Total TLS](/ssl/edge-certificates/additional-options/total-tls/) can help making sure that you have SSL/TLS certificates in place for all your hostnames. +::: + +While the DNS record proxy status and address map will determine how Cloudflare's authoritative DNS responds to requests for your hostnames, the IP addresses specified in `A`/`AAAA` records will determine [how Cloudflare reaches the configured origin](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy). + +
+ +| Type | Name | IP address | Proxy status | TTL | +| --- | --- | --- | --- | --- | +| `A` | `www` | `203.0.113.150` | `Proxied` | `Auto` | + +At this point, if an address map for a zone `example.com` specifies that Cloudflare should use `203.0.113.100` for proxied records and the above record exists in the same zone, you can expect the following: + +1. Cloudflare responds to DNS requests with `203.0.113.100`. +2. Cloudflare proxies requests through the CDN and then routes the requests via [GRE](/magic-transit/reference/tunnels/#gre-and-ipsec-tunnels) or [CNI](/magic-transit/network-interconnect/) to the origin server `203.0.113.150` (Magic Transit protected prefix). +3. Depending on whether Magic Transit is implemented with [direct server return model or with Magic Transit egress](/magic-transit/how-to/configure-tunnels/#bidirectional-vs-unidirectional-health-checks), the origin server responds back to Cloudflare either: + + * Directly over the Internet in a Magic Transit in a direct server return model + * Back through the Magic GRE tunnel(s) in a Magic Transit egress model +4. As the HTTP response egresses the Cloudflare network back to the client side, the source IP address of the response becomes `203.0.113.100` (the IP address that the HTTP request originally landed on). + +
+ +## 5.(Optional) Add layer 7 functionality + +Leverage other features according to your needs: + +- [Cache](/cache/) +- [WAF custom rules](/waf/custom-rules/#custom-rules) +- [Security analytics](/waf/analytics/security-analytics/#security-analytics) \ No newline at end of file From afc4017176565607aef86f88639fd0524c410116 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 23 Sep 2024 14:21:05 +0100 Subject: [PATCH 03/10] Overall review and improve text --- src/content/docs/byoip/service-bindings/index.mdx | 4 ++-- .../byoip/service-bindings/magic-transit-with-cdn.mdx | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/content/docs/byoip/service-bindings/index.mdx b/src/content/docs/byoip/service-bindings/index.mdx index 0fb62fe0327d86..9e6f0a42f883eb 100644 --- a/src/content/docs/byoip/service-bindings/index.mdx +++ b/src/content/docs/byoip/service-bindings/index.mdx @@ -17,13 +17,13 @@ Currently, if you have BYOIP configured with [Magic Transit](/magic-transit/), y ### CDN (Cache) -Adding the CDN service binding ensures that any HTTP requests received via designated IPs are directed into the CDN pipeline for [Layer 7 processing](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy) as they land on the Cloudflare network. +When you add the CDN service binding, any HTTP requests received via designated IPs are directed into the CDN pipeline (for [Layer 7 processing](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy)) as they land on the Cloudflare network. Refer to [Use BYOIP with Magic Transit and CDN](/byoip/service-bindings/magic-transit-with-cdn/) to learn how to set this up. ### Spectrum -Adding [Spectrum](/spectrum/) allows you benefit from Cloudflare security and performance for Layer 4 traffic. +Adding [Spectrum](/spectrum/) allows you to benefit from Cloudflare security and performance for Layer 4 traffic. ## API diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index a158fc6a1cbfea..f72c7c5f69734c 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -52,7 +52,7 @@ At this point, continuing the example mentioned above, you should have a mapping | Variables | Description | |-------------------------------|----------------------------------------------------| | `{service_id}` | The ID of the CDN service within Cloudflare.

Example: `969xxxxxxxx000xxx0000000x00001bf` | -| `{prefix_id}` | The ID of the Magic Transit protected prefix (`203.0.113.100/24`) you want to configure

Example: `6b25xxxxxxx000xxx0000000x0000cfc` | +| `{prefix_id}` | The ID of the Magic Transit protected prefix (`203.0.113.100/24`) you want to configure.

Example: `6b25xxxxxxx000xxx0000000x0000cfc` | @@ -69,11 +69,11 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/addressing/prefi ## 2. Create service binding -:::caution +:::caution[Caution] Once this step is completed, a four to six-hour propagation state will initiate. Only after the service binding reaches an **active** state, all traffic will be processed through the CDN pipeline. ::: -1. Make a `POST` request to the [Create Service Binding](/api/operations/ip-address-management-service-bindings-create-service-binding/) endpoint, indicating the IP address you want to bind to the CDN. Don't forget to specify the **corresponding network mask**. +1. Make a `POST` request to the [Create Service Binding](/api/operations/ip-address-management-service-bindings-create-service-binding/) endpoint, indicating the IP address you want to bind to the CDN. Specify the **corresponding network mask** as needed. @@ -190,7 +190,7 @@ At this point, if an address map for a zone `example.com` specifies that Cloudfl 2. Cloudflare proxies requests through the CDN and then routes the requests via [GRE](/magic-transit/reference/tunnels/#gre-and-ipsec-tunnels) or [CNI](/magic-transit/network-interconnect/) to the origin server `203.0.113.150` (Magic Transit protected prefix). 3. Depending on whether Magic Transit is implemented with [direct server return model or with Magic Transit egress](/magic-transit/how-to/configure-tunnels/#bidirectional-vs-unidirectional-health-checks), the origin server responds back to Cloudflare either: - * Directly over the Internet in a Magic Transit in a direct server return model + * Directly over the Internet in a Magic Transit direct server return model * Back through the Magic GRE tunnel(s) in a Magic Transit egress model 4. As the HTTP response egresses the Cloudflare network back to the client side, the source IP address of the response becomes `203.0.113.100` (the IP address that the HTTP request originally landed on). From 7d70c9c42a262027d88a6cd8e24d87e9f5d9c33a Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 28 Oct 2024 17:55:57 +0000 Subject: [PATCH 04/10] Adjust content from production to branch folder structure --- src/content/docs/byoip/service-bindings.mdx | 33 ------------------- .../docs/byoip/service-bindings/index.mdx | 23 ++++++------- 2 files changed, 10 insertions(+), 46 deletions(-) delete mode 100644 src/content/docs/byoip/service-bindings.mdx diff --git a/src/content/docs/byoip/service-bindings.mdx b/src/content/docs/byoip/service-bindings.mdx deleted file mode 100644 index 90a4f0674a3676..00000000000000 --- a/src/content/docs/byoip/service-bindings.mdx +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: IP address service bindings -pcx_content_type: concept -sidebar: - order: 6 - label: Service bindings -description: In IP address management, service binding refers to the association of IPs to specific Cloudflare services. Review the available options and the API endpoints to set up service bindings. ---- - -Within IP address management, service binding refers to the association of an IP (or a range of IPs) to specific Cloudflare services. - -:::note -Service binding operations are currently only available via API. You can find all endpoints and their specifications in the [Cloudflare API documentation](/api/operations/ip-address-management-service-bindings-list-service-bindings). -::: - -## Scope - -Currently, if you have BYOIP configured with [Magic Transit](/magic-transit/), you can use the [service binding API](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoints to add CDN or Spectrum capabilities on top of Magic Transit. - -You can upgrade individual IPs within a Magic Transit prefix to either a CDN IP or a Spectrum IP. For example, if you have `203.0.113.0/24`, you can upgrade `203.0.113.1` to CDN and `203.0.113.2` to Spectrum. - -### CDN (Cache) - -When you add the CDN service binding, any HTTP requests received via designated IPs are directed into the CDN pipeline (for [Layer 7 processing](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy)) as they reach the Cloudflare network. - -### Spectrum - -Adding [Spectrum](/spectrum/) allows you to benefit from Cloudflare security and performance for Layer 4 traffic. - -## Limitations - -- You must keep Magic Transit as a common base service, spanning all addresses in your prefix. -- Once a service binding is created, its propagation across the Cloudflare network will take four to six hours to complete. \ No newline at end of file diff --git a/src/content/docs/byoip/service-bindings/index.mdx b/src/content/docs/byoip/service-bindings/index.mdx index 9e6f0a42f883eb..90a4f0674a3676 100644 --- a/src/content/docs/byoip/service-bindings/index.mdx +++ b/src/content/docs/byoip/service-bindings/index.mdx @@ -3,34 +3,31 @@ title: IP address service bindings pcx_content_type: concept sidebar: order: 6 - label: About - group: - label: Service bindings - + label: Service bindings +description: In IP address management, service binding refers to the association of IPs to specific Cloudflare services. Review the available options and the API endpoints to set up service bindings. --- Within IP address management, service binding refers to the association of an IP (or a range of IPs) to specific Cloudflare services. +:::note +Service binding operations are currently only available via API. You can find all endpoints and their specifications in the [Cloudflare API documentation](/api/operations/ip-address-management-service-bindings-list-service-bindings). +::: + ## Scope -Currently, if you have BYOIP configured with [Magic Transit](/magic-transit/), you can use the [service binding](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoints to add CDN or Spectrum capabilities on top of Magic Transit. +Currently, if you have BYOIP configured with [Magic Transit](/magic-transit/), you can use the [service binding API](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoints to add CDN or Spectrum capabilities on top of Magic Transit. -### CDN (Cache) +You can upgrade individual IPs within a Magic Transit prefix to either a CDN IP or a Spectrum IP. For example, if you have `203.0.113.0/24`, you can upgrade `203.0.113.1` to CDN and `203.0.113.2` to Spectrum. -When you add the CDN service binding, any HTTP requests received via designated IPs are directed into the CDN pipeline (for [Layer 7 processing](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy)) as they land on the Cloudflare network. +### CDN (Cache) -Refer to [Use BYOIP with Magic Transit and CDN](/byoip/service-bindings/magic-transit-with-cdn/) to learn how to set this up. +When you add the CDN service binding, any HTTP requests received via designated IPs are directed into the CDN pipeline (for [Layer 7 processing](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy)) as they reach the Cloudflare network. ### Spectrum Adding [Spectrum](/spectrum/) allows you to benefit from Cloudflare security and performance for Layer 4 traffic. -## API - -Service binding operations are currently only available via API. You can find all endpoints and their specifications in the [Cloudflare API documentation](/api/operations/ip-address-management-service-bindings-list-service-bindings). - ## Limitations -- It is currently not possible to use both Spectrum and CDN together with the Magic Transit service. You must choose one or the other when upgrading your IPs. - You must keep Magic Transit as a common base service, spanning all addresses in your prefix. - Once a service binding is created, its propagation across the Cloudflare network will take four to six hours to complete. \ No newline at end of file From e058d48a858fa3276d27635360c1755fed0921ca Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 28 Oct 2024 18:02:48 +0000 Subject: [PATCH 05/10] Adjust sidebar labels --- src/content/docs/byoip/service-bindings/index.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/content/docs/byoip/service-bindings/index.mdx b/src/content/docs/byoip/service-bindings/index.mdx index 90a4f0674a3676..bf1bf0216a73f7 100644 --- a/src/content/docs/byoip/service-bindings/index.mdx +++ b/src/content/docs/byoip/service-bindings/index.mdx @@ -3,7 +3,9 @@ title: IP address service bindings pcx_content_type: concept sidebar: order: 6 - label: Service bindings + label: About + group: + label: Service bindings description: In IP address management, service binding refers to the association of IPs to specific Cloudflare services. Review the available options and the API endpoints to set up service bindings. --- From 8caa198cbcc7f50b0422470a7f68d3f2858170fd Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 28 Oct 2024 18:35:54 +0000 Subject: [PATCH 06/10] Bring in suggested changes from SME --- .../docs/byoip/service-bindings/index.mdx | 15 ++++++++++----- .../service-bindings/magic-transit-with-cdn.mdx | 16 ++++++++++------ 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/src/content/docs/byoip/service-bindings/index.mdx b/src/content/docs/byoip/service-bindings/index.mdx index bf1bf0216a73f7..567abd49efe859 100644 --- a/src/content/docs/byoip/service-bindings/index.mdx +++ b/src/content/docs/byoip/service-bindings/index.mdx @@ -9,7 +9,7 @@ sidebar: description: In IP address management, service binding refers to the association of IPs to specific Cloudflare services. Review the available options and the API endpoints to set up service bindings. --- -Within IP address management, service binding refers to the association of an IP (or a range of IPs) to specific Cloudflare services. +Service Bindings are effectively mappings that control whether traffic destined for a given IP address is routed to Magic Transit, the CDN pipeline (Layer 7 HTTP-based), or Spectrum (Layer 4 or Layer 7 HTTP with custom ports) pipeline. :::note Service binding operations are currently only available via API. You can find all endpoints and their specifications in the [Cloudflare API documentation](/api/operations/ip-address-management-service-bindings-list-service-bindings). @@ -17,19 +17,24 @@ Service binding operations are currently only available via API. You can find al ## Scope -Currently, if you have BYOIP configured with [Magic Transit](/magic-transit/), you can use the [service binding API](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoints to add CDN or Spectrum capabilities on top of Magic Transit. +Customers using BYOIP with Magic Transit can leverage the Service Binding API endpoint to selectively route traffic through the CDN (Layer 7 HTTP-based) or Spectrum (Layer 4 and Layer 7 HTTP with custom ports) pipelines on a per-IP address basis. You can upgrade individual IPs within a Magic Transit prefix to either a CDN IP or a Spectrum IP. For example, if you have `203.0.113.0/24`, you can upgrade `203.0.113.1` to CDN and `203.0.113.2` to Spectrum. +Magic Transit customers must ensure their contract is entitled to use CDN and/or Spectrum services commensurate. + ### CDN (Cache) -When you add the CDN service binding, any HTTP requests received via designated IPs are directed into the CDN pipeline (for [Layer 7 processing](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy)) as they reach the Cloudflare network. +When a Service Binding of type CDN is applied, once the change has propagated across Cloudflare's global network (four to six hours), any HTTP requests are directed into the CDN pipeline (for Layer 7 processing). + +Refer to Use BYOIP with Magic Transit and CDN to learn how to set this up. ### Spectrum -Adding [Spectrum](/spectrum/) allows you to benefit from Cloudflare security and performance for Layer 4 traffic. +When a Service Binding of type Spectrum is applied, once the change has propagated across Cloudflare's global network (four to six hours), any TCP/UDP/HTTP requests are directed into the Spectrum pipeline for Layer 4 or Layer 7 processing. ## Limitations - You must keep Magic Transit as a common base service, spanning all addresses in your prefix. -- Once a service binding is created, its propagation across the Cloudflare network will take four to six hours to complete. \ No newline at end of file +- When adding a Service Binding for a given IP address, it must be either a CDN Service Binding or a Spectrum Service Binding. It is not possible (or necessary) to bind both services. +- Once a Service Binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's Global Network. Services for the IP address(es) in scope will likely be disrupted during this window. \ No newline at end of file diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index f72c7c5f69734c..db7aee7e565bf0 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -11,12 +11,15 @@ import { Details, Example, TabItem, Tabs, GlossaryTooltip } from "~/components"; [Magic Transit](/magic-transit/) customers using [BYOIP](/byoip/) can also benefit from the performance, reliability, and security that Cloudflare offers for HTTP-based applications. -This configuration will use the [IP address management service bindings](/byoip/service-bindings/) to enable Cloudflare [CDN services (Cache)](/cache/) on top of Magic Transit, on individual IP addresses or on a subnet. +This documentation covers using the Cloudflare API to configure Service Bindings within Cloudflare's IP Address Management framework. Service Bindings allow BYOIP customers to selectively route traffic on a per-IP address basis to the CDN pipeline (Caching, WAF, etc). + +It is also possible to define Service Bindings to route traffic to the Spectrum pipeline selectively; however, that will be covered elsewhere. + +It is important to note that traffic routed to the CDN pipeline is protected at Layers 3 and 4 by the inherent DDoS Protection capabilities native to the CDN pipeline. ## Before you begin -- Consider the service bindings [scope and limitations](/byoip/service-bindings/). -- Plan for what IP addresses you want to configure. If you want to add CDN to multiple contiguous IP addresses, specifying a CIDR block that incorporates all IPs is more efficient. +Efficiency is paramount when planning how you will implement Service Bindings. Implementing Service Bindings through an aggregated CIDR block is strongly recommended.
@@ -37,7 +40,8 @@ This configuration will use the [IP address management service bindings](/byoip/
-- Note that a transitional state will take place for four to six hours after you create the service binding. During this time, traffic destined to your origins will slowly transition from the Magic Transit pipeline to the CDN pipeline. +Once a Service Binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's Global Network. Services for the IP address(es) in scope will likely be disrupted during this window. + ## 1. Get account information @@ -70,7 +74,7 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/addressing/prefi ## 2. Create service binding :::caution[Caution] -Once this step is completed, a four to six-hour propagation state will initiate. Only after the service binding reaches an **active** state, all traffic will be processed through the CDN pipeline. +Once a Service Binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's Global Network. Services for the IP address(es) in scope will likely be disrupted during this window. ::: 1. Make a `POST` request to the [Create Service Binding](/api/operations/ip-address-management-service-bindings-create-service-binding/) endpoint, indicating the IP address you want to bind to the CDN. Specify the **corresponding network mask** as needed. @@ -112,7 +116,7 @@ In the response body, the initial provisioning state should be `provisioning`. ``` -2. (Optional) Through the four to six hours that your change will take to propagate, you can use the [List Service Bindings](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoint to programmatically check for the `active` provisioning state. +You can periodically check the Service Binding status using the [List Service Bindings](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoint. ## 3. Create address maps From a953b5eb6c7b5e04bd20e9071d15f516640bb2f1 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 28 Oct 2024 19:05:29 +0000 Subject: [PATCH 07/10] Style guide adjustments --- .../docs/byoip/service-bindings/index.mdx | 18 ++++++++++-------- .../magic-transit-with-cdn.mdx | 18 +++++++++--------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/src/content/docs/byoip/service-bindings/index.mdx b/src/content/docs/byoip/service-bindings/index.mdx index 567abd49efe859..f887dd8558040c 100644 --- a/src/content/docs/byoip/service-bindings/index.mdx +++ b/src/content/docs/byoip/service-bindings/index.mdx @@ -9,7 +9,7 @@ sidebar: description: In IP address management, service binding refers to the association of IPs to specific Cloudflare services. Review the available options and the API endpoints to set up service bindings. --- -Service Bindings are effectively mappings that control whether traffic destined for a given IP address is routed to Magic Transit, the CDN pipeline (Layer 7 HTTP-based), or Spectrum (Layer 4 or Layer 7 HTTP with custom ports) pipeline. +Service Bindings are mappings that control whether traffic destined for a given IP address is routed to Magic Transit, the CDN pipeline (Layer 7 HTTP-based), or Spectrum pipeline (Layer 4 or Layer 7 HTTP with custom ports). :::note Service binding operations are currently only available via API. You can find all endpoints and their specifications in the [Cloudflare API documentation](/api/operations/ip-address-management-service-bindings-list-service-bindings). @@ -17,24 +17,26 @@ Service binding operations are currently only available via API. You can find al ## Scope -Customers using BYOIP with Magic Transit can leverage the Service Binding API endpoint to selectively route traffic through the CDN (Layer 7 HTTP-based) or Spectrum (Layer 4 and Layer 7 HTTP with custom ports) pipelines on a per-IP address basis. +Customers using BYOIP with Magic Transit can leverage the [service binding API endpoints](/api/operations/ip-address-management-service-bindings-list-service-bindings) to selectively route traffic through the CDN (Layer 7 HTTP-based) or Spectrum (Layer 4 and Layer 7 HTTP with custom ports) pipelines on a per-IP address basis. You can upgrade individual IPs within a Magic Transit prefix to either a CDN IP or a Spectrum IP. For example, if you have `203.0.113.0/24`, you can upgrade `203.0.113.1` to CDN and `203.0.113.2` to Spectrum. -Magic Transit customers must ensure their contract is entitled to use CDN and/or Spectrum services commensurate. +:::caution +Magic Transit customers must ensure that their contract allows them to use CDN and/or Spectrum services to the desired extent. +::: ### CDN (Cache) -When a Service Binding of type CDN is applied, once the change has propagated across Cloudflare's global network (four to six hours), any HTTP requests are directed into the CDN pipeline (for Layer 7 processing). +When a service binding of type `CDN` is applied, once the change has propagated across Cloudflare's global network (four to six hours), any HTTP requests are directed into the CDN pipeline for Layer 7 processing. -Refer to Use BYOIP with Magic Transit and CDN to learn how to set this up. +Refer to [Use BYOIP with Magic Transit and CDN](/byoip/service-bindings/magic-transit-with-cdn/) for detailed guidance. ### Spectrum -When a Service Binding of type Spectrum is applied, once the change has propagated across Cloudflare's global network (four to six hours), any TCP/UDP/HTTP requests are directed into the Spectrum pipeline for Layer 4 or Layer 7 processing. +When a service binding of type `Spectrum` is applied, once the change has propagated across Cloudflare's global network (four to six hours), any TCP/UDP/HTTP requests are directed into the Spectrum pipeline for Layer 4 or Layer 7 processing. ## Limitations - You must keep Magic Transit as a common base service, spanning all addresses in your prefix. -- When adding a Service Binding for a given IP address, it must be either a CDN Service Binding or a Spectrum Service Binding. It is not possible (or necessary) to bind both services. -- Once a Service Binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's Global Network. Services for the IP address(es) in scope will likely be disrupted during this window. \ No newline at end of file +- When adding a service binding for a given IP address, it must be either a CDN service binding or a Spectrum service binding. It is not possible (or necessary) to bind both services. +- Once a service binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's Global Network. Services for the IP addresses in scope will likely be disrupted during this window. \ No newline at end of file diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index db7aee7e565bf0..067d842f03025c 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -11,15 +11,15 @@ import { Details, Example, TabItem, Tabs, GlossaryTooltip } from "~/components"; [Magic Transit](/magic-transit/) customers using [BYOIP](/byoip/) can also benefit from the performance, reliability, and security that Cloudflare offers for HTTP-based applications. -This documentation covers using the Cloudflare API to configure Service Bindings within Cloudflare's IP Address Management framework. Service Bindings allow BYOIP customers to selectively route traffic on a per-IP address basis to the CDN pipeline (Caching, WAF, etc). +This documentation covers using the Cloudflare API to configure service bindings within Cloudflare's IP Address Management framework. Service bindings allow BYOIP customers to selectively route traffic on a per-IP address basis to the CDN pipeline (which includes [Cache](/cache/), [WAF](/waf/), and more). -It is also possible to define Service Bindings to route traffic to the Spectrum pipeline selectively; however, that will be covered elsewhere. +It is also possible to define service bindings to route traffic to the Spectrum pipeline selectively. However, this is not in the scope of this guide. -It is important to note that traffic routed to the CDN pipeline is protected at Layers 3 and 4 by the inherent DDoS Protection capabilities native to the CDN pipeline. +It is important to note that traffic routed to the CDN pipeline is protected at Layers 3 and 4 by the inherent DDoS protection capabilities native to the CDN pipeline. ## Before you begin -Efficiency is paramount when planning how you will implement Service Bindings. Implementing Service Bindings through an aggregated CIDR block is strongly recommended. +Efficiency is paramount when planning how you will implement service bindings. Implementing service bindings through an aggregated CIDR block is strongly recommended.
@@ -36,11 +36,11 @@ Efficiency is paramount when planning how you will implement Service Bindings. I `203.0.113.22` `203.0.113.23` - **Best practice:** Add one discrete CDN Service Binding for `203.0.113.16` with a `/29` netmask. + **Best practice:** Add one discrete CDN service binding for `203.0.113.16` with a `/29` netmask.
-Once a Service Binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's Global Network. Services for the IP address(es) in scope will likely be disrupted during this window. +Once a service binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's global network. Services for the IP addresses in scope will likely be disrupted during this window. ## 1. Get account information @@ -74,10 +74,10 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/addressing/prefi ## 2. Create service binding :::caution[Caution] -Once a Service Binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's Global Network. Services for the IP address(es) in scope will likely be disrupted during this window. +Once a service binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's global network. Services for the IP addresses in scope will likely be disrupted during this window. ::: -1. Make a `POST` request to the [Create Service Binding](/api/operations/ip-address-management-service-bindings-create-service-binding/) endpoint, indicating the IP address you want to bind to the CDN. Specify the **corresponding network mask** as needed. +1. Make a `POST` request to the [Create service binding](/api/operations/ip-address-management-service-bindings-create-service-binding/) endpoint, indicating the IP address you want to bind to the CDN. Specify the **corresponding network mask** as needed. @@ -116,7 +116,7 @@ In the response body, the initial provisioning state should be `provisioning`. ``` -You can periodically check the Service Binding status using the [List Service Bindings](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoint. +You can periodically check the service binding status using the [List Service Bindings](/api/operations/ip-address-management-service-bindings-list-service-bindings) endpoint. ## 3. Create address maps From bccfac665426e308a16fa80bbef5d3b25917d544 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 29 Oct 2024 09:37:05 +0000 Subject: [PATCH 08/10] Overall review and touchups --- src/content/docs/byoip/service-bindings/index.mdx | 11 +++++++---- .../byoip/service-bindings/magic-transit-with-cdn.mdx | 10 +++++----- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/src/content/docs/byoip/service-bindings/index.mdx b/src/content/docs/byoip/service-bindings/index.mdx index f887dd8558040c..8bfa9b51577fe3 100644 --- a/src/content/docs/byoip/service-bindings/index.mdx +++ b/src/content/docs/byoip/service-bindings/index.mdx @@ -9,7 +9,7 @@ sidebar: description: In IP address management, service binding refers to the association of IPs to specific Cloudflare services. Review the available options and the API endpoints to set up service bindings. --- -Service Bindings are mappings that control whether traffic destined for a given IP address is routed to Magic Transit, the CDN pipeline (Layer 7 HTTP-based), or Spectrum pipeline (Layer 4 or Layer 7 HTTP with custom ports). +Service bindings are mappings that control whether traffic destined for a given IP address is routed to [Magic Transit](/magic-transit/), the CDN pipeline [^1], or the Spectrum pipeline [^2]. :::note Service binding operations are currently only available via API. You can find all endpoints and their specifications in the [Cloudflare API documentation](/api/operations/ip-address-management-service-bindings-list-service-bindings). @@ -17,12 +17,12 @@ Service binding operations are currently only available via API. You can find al ## Scope -Customers using BYOIP with Magic Transit can leverage the [service binding API endpoints](/api/operations/ip-address-management-service-bindings-list-service-bindings) to selectively route traffic through the CDN (Layer 7 HTTP-based) or Spectrum (Layer 4 and Layer 7 HTTP with custom ports) pipelines on a per-IP address basis. +Customers using BYOIP with Magic Transit can leverage the [service binding API endpoints](/api/operations/ip-address-management-service-bindings-list-service-bindings) to selectively route traffic through the CDN [^1] or Spectrum [^2] pipelines on a per-IP address basis. You can upgrade individual IPs within a Magic Transit prefix to either a CDN IP or a Spectrum IP. For example, if you have `203.0.113.0/24`, you can upgrade `203.0.113.1` to CDN and `203.0.113.2` to Spectrum. :::caution -Magic Transit customers must ensure that their contract allows them to use CDN and/or Spectrum services to the desired extent. +Magic Transit customers must ensure that their contract includes CDN and/or Spectrum according to their needs. ::: ### CDN (Cache) @@ -39,4 +39,7 @@ When a service binding of type `Spectrum` is applied, once the change has propag - You must keep Magic Transit as a common base service, spanning all addresses in your prefix. - When adding a service binding for a given IP address, it must be either a CDN service binding or a Spectrum service binding. It is not possible (or necessary) to bind both services. -- Once a service binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's Global Network. Services for the IP addresses in scope will likely be disrupted during this window. \ No newline at end of file +- Once a service binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's global network. Services for the IP addresses in scope will likely be disrupted during this window. + +[^1]: Layer 7 HTTP-based +[^2]: Layer 4 or Layer 7 HTTP with custom ports \ No newline at end of file diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index 067d842f03025c..7a8079e6502b6b 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -9,9 +9,9 @@ sidebar: import { Details, Example, TabItem, Tabs, GlossaryTooltip } from "~/components"; -[Magic Transit](/magic-transit/) customers using [BYOIP](/byoip/) can also benefit from the performance, reliability, and security that Cloudflare offers for HTTP-based applications. +[Magic Transit](/magic-transit/) customers using BYOIP can also benefit from the performance, reliability, and security that Cloudflare offers for HTTP-based applications. -This documentation covers using the Cloudflare API to configure service bindings within Cloudflare's IP Address Management framework. Service bindings allow BYOIP customers to selectively route traffic on a per-IP address basis to the CDN pipeline (which includes [Cache](/cache/), [WAF](/waf/), and more). +This documentation covers using the Cloudflare API to configure [service bindings](/byoip/service-bindings/) within Cloudflare's IP Address Management framework. Service bindings allow BYOIP customers to selectively route traffic on a per-IP address basis to the CDN pipeline (which includes [Cache](/cache/), [Web Application Firewal (WAF)](/waf/), and more). It is also possible to define service bindings to route traffic to the Spectrum pipeline selectively. However, this is not in the scope of this guide. @@ -40,7 +40,7 @@ Efficiency is paramount when planning how you will implement service bindings. I -Once a service binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's global network. Services for the IP addresses in scope will likely be disrupted during this window. +Once a service binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's global network. Services for the IP addresses in scope will likely be disrupted during this window. ## 1. Get account information @@ -51,7 +51,7 @@ Once a service binding is created (or deleted), it will take four to six hours t -At this point, continuing the example mentioned above, you should have a mapping similar to the following: +At this point, continuing the [example](#before-you-begin), you should have a mapping similar to the following: | Variables | Description | |-------------------------------|----------------------------------------------------| @@ -77,7 +77,7 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/addressing/prefi Once a service binding is created (or deleted), it will take four to six hours to propagate across Cloudflare's global network. Services for the IP addresses in scope will likely be disrupted during this window. ::: -1. Make a `POST` request to the [Create service binding](/api/operations/ip-address-management-service-bindings-create-service-binding/) endpoint, indicating the IP address you want to bind to the CDN. Specify the **corresponding network mask** as needed. +1. Make a `POST` request to the [Create service binding](/api/operations/ip-address-management-service-bindings-create-service-binding) endpoint, indicating the IP address you want to bind to the CDN. Specify the **corresponding network mask** as needed. From 3b16a200ccdf025130ec4e484c18b927cf66818b Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Wed, 30 Oct 2024 10:13:18 +0000 Subject: [PATCH 09/10] Call out ingress IP and origin IP can be the same --- .../magic-transit-with-cdn.mdx | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index 7a8079e6502b6b..e2e4f7b439ca82 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -120,7 +120,7 @@ You can periodically check the service binding status using the [List Service Bi ## 3. Create address maps -Once you have configured your IPs to have CDN service, you can use address maps to specify which IPs should be used by Cloudflare in DNS responses when a record is [proxied](/dns/manage-dns-records/reference/proxied-dns-records/#proxied-records). +Once you have configured your IPs to have CDN service, you can use address maps to specify which IPs should be used by Cloudflare in DNS responses when a record is proxied. You can choose between two different scopes: @@ -163,8 +163,8 @@ To create a DNS record in the dashboard: 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select an account and domain. 2. Go to **DNS** > **Records**. 3. Select **Add record**. -4. Choose an address (`A`/`AAAA`) record [**Type**](/dns/manage-dns-records/reference/dns-record-types/). -5. Complete the required fields, indicating an IP address that has CDN service binding and setting the proxy status to **proxied**. +4. Choose an address (`A`/`AAAA`) [record type](/dns/manage-dns-records/reference/dns-record-types/). +5. Complete the required fields, setting the **Proxy status** to **proxied**. 6. Select **Save**. @@ -200,6 +200,18 @@ At this point, if an address map for a zone `example.com` specifies that Cloudfl +Having the same IP address as ingress IP (defined in the address map) and origin IP (listed in the DNS record) will not cause any loops. + +
+ +Assuming `203.0.113.100` was also the origin IP, the DNS record would look like the following: + +| Type | Name | IP address | Proxy status | TTL | +| --- | --- | --- | --- | --- | +| `A` | `www` | `203.0.113.100` | `Proxied` | `Auto` | + +
+ ## 5.(Optional) Add layer 7 functionality Leverage other features according to your needs: From 74c57c4a9fd219f2c51dc2ead735a880caca9e22 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Wed, 30 Oct 2024 11:13:34 +0000 Subject: [PATCH 10/10] Adjust pcx_content_type to tutorial --- .../docs/byoip/service-bindings/magic-transit-with-cdn.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx index e2e4f7b439ca82..372e8a427475be 100644 --- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx +++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx @@ -1,6 +1,6 @@ --- title: Use BYOIP with Magic Transit and CDN -pcx_content_type: how-to +pcx_content_type: tutorial sidebar: order: 3 label: Magic Transit with CDN