Skip to content

[DDoS Protection] MT Advanced DDoS Systems onboarding #18362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Dec 4, 2024
Merged

[DDoS Protection] MT Advanced DDoS Systems onboarding #18362

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1975cde
[DDoS Protection] MT Advanced DDoS Systems onboarding
patriciasantaana Nov 22, 2024
a66c2e7
Merge branch 'production' into patricia/pcx14003-mt-atp
patriciasantaana Dec 4, 2024
c67eb36
update wording
patriciasantaana Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions ...docs/ddos-protection/advanced-ddos-systems/overview/advanced-dns-protection.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,12 @@ head:

---

import { Render } from "~/components"

Cloudflare's Advanced DNS Protection, powered by [`flowtrackd`](https://blog.cloudflare.com/announcing-flowtrackd/), provides stateful protection against DNS-based DDoS attacks, specifically sophisticated and fully randomized DNS attacks such as [random prefix attacks](/dns/dns-firewall/random-prefix-attacks/about/).

<Render file="mt-advanced-ddos-systems-onboarding" />

## How it works

Cloudflare's Advanced DNS Protection works by first learning your traffic patterns and forming a baseline of the type of DNS queries you normally receive. Later, the system will be able to distinguish between legitimate and malicious queries, protecting your DNS infrastructure without impacting legitimate traffic.
Expand Down
4 changes: 4 additions & 0 deletions ...docs/ddos-protection/advanced-ddos-systems/overview/advanced-tcp-protection.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,12 @@ head:

---

import { Render } from "~/components"

Cloudflare's Advanced TCP Protection, powered by [`flowtrackd`](https://blog.cloudflare.com/announcing-flowtrackd/), is a stateful TCP inspection engine used to detect and mitigate sophisticated out-of-state TCP attacks such as randomized and spoofed ACK floods or SYN and SYN-ACK floods.

<Render file="mt-advanced-ddos-systems-onboarding" />

## How it works

Advanced TCP Protection can simultaneously protect against different kinds of attacks:
Expand Down
12 changes: 12 additions & 0 deletions src/content/partials/ddos-protection/mt-advanced-ddos-systems-onboarding.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
{}

---

[Magic Transit](/magic-transit/) customers are automatically onboarded to the Advanced TCP Protection and Advanced DNS Protection systems.

Every 10 minutes, the `flowtrackd` API will look for new accounts in the conduit API. For each new account that it finds, it will add the account and its `authorized_prefixes` to the `flowtrackd` API, add default manual thresholds and rules for the TCP policer, TCP tracker, and DNS tracker—all in `monitoring` mode, and set the protection status to `Enabled` which allows `flowtrackd` to start processing your traffic.

:::note
If the `flowtrackd` API cannot find any `authorized_prefixes` for an account in the conduit API, it will wait to onboard you until the prefixes are present (up to seven days).
:::
Loading