cloudflare · RebeccaTamachiro · Jan 16, 2025 · Jan 6, 2025 · Jan 6, 2025 · Jan 7, 2025
@@ -0,0 +1,47 @@
+---
+title: About address maps
+pcx_content_type: concept
+sidebar:
+  order: 5
+  label: About
+  group:
+    label: Address maps
+---
+
+import { GlossaryDefinition } from "~/components"
+
+<GlossaryDefinition term="address map" prepend="Address map is " />
+
+If you do not have BYOIP or static IPs and you want to use Address Maps, contact your account manager. You can [customize the IPs Cloudflare uses](/fundamentals/concepts/cloudflare-ip-addresses/#customize-cloudflare-ip-addresses) by bringing your own IP addresses to Cloudflare (BYOIP) or by leasing static Cloudflare IPs.
+
+:::note
+Both IPv4 and IPv6 addresses are supported.
+:::
+
+---
+
+## How Address Maps works
+
+For zones using [Cloudflare's authoritative DNS](/dns/), Cloudflare typically responds to DNS queries for proxied hostnames with [anycast IPs](/fundamentals/concepts/cloudflare-ip-addresses/). However, if you [customize the IPs Cloudflare uses](/fundamentals/concepts/cloudflare-ip-addresses/#customize-cloudflare-ip-addresses) and use Address Maps, Cloudflare will respond with the IP address(es) on the address map.
+
+Address maps do not change [how Cloudflare reaches the configured origin](/fundamentals/concepts/how-cloudflare-works/#how-cloudflare-works-as-a-reverse-proxy). The IP addresses defined on the **DNS** > **Records** under your zone continue to instruct Cloudflare how to reach the origin.
+
+:::caution
+Depending on whether you use static IPs or BYOIP, the process to [create an address map](/byoip/address-maps/setup/#create-address-maps) is different.
+:::
+
+### Static IPs or BYOIP
+
+Leased static IPs allow you to use a set of specifically assigned Cloudflare IPs to ensure they do not change. Cloudflare creates an address map with your static IPs that you may edit. You cannot create another map using your static IPs.
+
+With BYOIP, you use your IPs by bringing an address space that you lease or own and creating an address map.
+
+---
+
+## Immutable address maps
+
+Some customers may only proxy zones through BYOIP addresses, and are prohibited from using Cloudflare IP addresses for proxied DNS names. In this case, Cloudflare will create an immutable, account-wide address map to ensure all zones in your account receive BYOIP addresses as a fallback. These address maps cannot be deleted.
+
+It is still possible to create more specific zone-level address maps with specific BYOIPs, but DNS will fall back to the account-wide address map without one.
+
+To specify different addresses for certain zones, [create a new address map](/byoip/address-maps/setup/#create-address-maps).
@@ -0,0 +1,56 @@
+---
+title: Set up address maps
+pcx_content_type: how-to
+sidebar:
+  order: 2
+  label: Setup
+---
+
+import { GlossaryTooltip } from "~/components";
+
+Consider the sections below to learn how to set up address maps.
+
+## Create address maps
+
+To avoid any errors if you have [static IPs](/byoip/concepts/static-ips/), Cloudflare creates an address map during the static IP onboarding process, meaning you cannot create a new address map with your static IPs. You may only edit the Cloudflare-created map and add or edit your zones within the existing map.
+
+If you are using BYOIP instead, refer to the following steps:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
+2. Go to **IP Addresses** > **Address Maps**.
+3. Select **Create an address map**.
+4. Choose the scope of the address map.
+5. Add the zones and IP addresses that you want to map.
+6. Name your address map.
+7. Review the information and select **Save and Deploy**.
+
+:::note
+Creating an address map does not automatically change DNS configuration. DNS responses only begin to change when a zone or account is added to a map. Additionally, address maps that are not yet enabled will not take effect in DNS responses.
+:::
+
+## Manage address maps
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
+2. Go to **IP Addresses** > **Address Maps**.
+3. Go to your address map and select **Review**.
+4. Edit your address map.
+5. Review the information and select **Save**.
+
+:::note
+You can also enable, disable, and delete address maps. This will likely change the IP addresses used for your zones.
+:::
+
+## Non-SNI support
+
+If your visitors use devices that have not been updated since 2011, they may not have <GlossaryTooltip term="Server Name Indication (SNI)">Server Name Indication (SNI)</GlossaryTooltip> support. For further context, refer to [browser compatibility](/ssl/reference/browser-compatibility/#non-sni-support).
+
+Use address maps to specify a hostname as default SNI. This will be used whenever Cloudflare receives a non-SNI TLS handshake.
+
+:::note
+Setting up a default SNI is currently only supported via API.
+:::
+
+1. If you have not already, create an address map. Refer to the [section above](#create-address-maps) or to the [Create Address Map](/api/resources/addressing/subresources/address_maps/methods/create/) API endpoint.
+2. Take note of the address map `id`. If needed, you can use the [List Address Maps](/api/resources/addressing/subresources/address_maps/methods/list/) endpoint to get it.
+3. Make sure you add the desired IPs to the address map. Cloudflare will respond with the default SNI on those IPs. Use the dashboard or refer to [Add An IP To An Address Map](/api/resources/addressing/subresources/address_maps/subresources/ips/methods/update/).
+4. Configure the `default_sni` value on the address map created in step 1. Refer to the [Update Address Map](/api/resources/addressing/subresources/address_maps/methods/edit/) API endpoint for details. The default SNI can be any valid domain or subdomain owned by your account.
@@ -0,0 +1,21 @@
+---
+title: Static IPs
+pcx_content_type: concept
+sidebar:
+  order: 5
+
+---
+
+Lease static IPs so that you can use a set of specifically assigned Cloudflare IPs. If you need to allowlist your IPs or to communicate your IPs to third parties, allocating static IPs to your account allows you to know them ahead of time.
+
+Cloudflare will not change static IP addresses without notifying you, and will typically only do so at your request.
+
+:::note
+Although BYOIP and static IPs are different offerings, both can be managed using [Address Maps](/byoip/address-maps/).
+:::
+
+Static IPs are allocated to the account, but can be assigned to a single zone. This means that you can place multiple zones on the same static IPs. You can also specify which zones are mapped to your static IPs and control when the IPs for your zones change.
+
+## Availability
+
+Static IPs are available as an add-on purchase for Enterprise plans.
@@ -6,7 +6,7 @@ sidebar:
 
 ---
 
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
 
 The following topics are useful for troubleshooting BYOIP issues.
 
@@ -22,10 +22,6 @@ If you are experiencing packet loss as a result of an upstream ISP implementing
 
 ## Non-SNI support
 
-:::caution
-
 Currently, BYOIP cannot be used with [legacy custom certificates](/ssl/edge-certificates/custom-certificates/uploading/) to support <GlossaryTooltip term="Server Name Indication (SNI)" link="/ssl/reference/browser-compatibility/#non-sni-support">non-SNI</GlossaryTooltip> requests.
 
-:::
-
-An Address map can set the default SNI to enable non-SNI support, the default SNI can be any valid zone or subdomain owned by the account holding the BYOIP prefix. Refer to [Update Address Map API](/api/resources/addressing/subresources/address_maps/methods/edit/) for more information.
+Instead, you can use Address Maps to set a default SNI for IPs on your account or zone. Refer to [Setup](/byoip/address-maps/setup/#non-sni-support) for further guidance.
@@ -33,9 +33,9 @@ To support non-SNI requests, you can:
 
   Note that `Legacy` custom certificates are not compatible with [BYOIP](/byoip/) and that, unlike [Universal SSL](/ssl/edge-certificates/universal-ssl/) or [advanced certificates](/ssl/edge-certificates/advanced-certificate-manager/), Cloudflare does not manage issuance and renewal for [custom certificates](/ssl/edge-certificates/custom-certificates/).
 
-* (BYOIP customers only) Enterprise customers can choose to bring your own IP prefix to Cloudflare Network and [specify the default SNI used for any handshake in the address map](/byoip/troubleshooting/#non-sni-support).
+* (BYOIP customers only) Enterprise customers can choose to bring their own IP prefix to the Cloudflare network and [specify the default SNI used for any non-SNI handshake in the address map](/byoip/address-maps/setup/#non-sni-support).
 
-* (Paid plans only) [Contact Cloudflare Support](/support/contacting-cloudflare-support/) and request a set of dedicated IPs for your zone.
+* (Paid plans only) [Contact Cloudflare Support](/support/contacting-cloudflare-support/) and request a set of non-SNI IPs for your zone.
 
 ## HTTPS records
 

@@ -20,4 +20,4 @@ Because requests to proxied hostnames go through Cloudflare before reaching your
 Cloudflare anycast IPs used to proxy traffic on your domain are assigned automatically. These IPs might change at any time for operational reasons.
 If you need to allowlist Cloudflare IPs on your infrastructure or hosting provider, include the full list of [Cloudflare anycast IPs](https://www.cloudflare.com/ips/).
 
-As an Enterprise customer, you have the option to get [static IPs](/spectrum/about/static-ip/) or [bring your own IPs (BYOIP)](/byoip/).
+As an Enterprise customer, you have the option to get [static IPs](/byoip/concepts/static-ips/) or [bring your own IPs (BYOIP)](/byoip/).