From 65d3a86061a72ceebde2c356cbeb177f1facc9ae Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 13 May 2025 13:49:24 +0100 Subject: [PATCH 01/10] Placeholder page for new get-started and temp hide old one --- src/content/docs/byoip/get-started-review.mdx | 37 +++++++++++++++++++ src/content/docs/byoip/get-started.mdx | 2 +- src/content/docs/byoip/index.mdx | 2 +- 3 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 src/content/docs/byoip/get-started-review.mdx diff --git a/src/content/docs/byoip/get-started-review.mdx b/src/content/docs/byoip/get-started-review.mdx new file mode 100644 index 000000000000000..7310c3508f214a0 --- /dev/null +++ b/src/content/docs/byoip/get-started-review.mdx @@ -0,0 +1,37 @@ +--- +title: Get started +pcx_content_type: get-started +sidebar: + order: 2 +--- + +import { GlossaryTooltip } from "~/components"; + +Work with your account team to understand everything you need to ensure a smooth transition during the onboarding process. + +Cloudflare requires a service-specific configuration for your prefixes, as well as some requirements common to all BYOIP customers regardless of service type. + +## Requirements + +The following requirements are common to all products compatible with BYOIP. + +You must verify that your [Internet Routing Registry (IRR)](/byoip/concepts/irr-entries/) records are up to date and contain: + + - `route` or `route6` objects matching the exact prefixes you want to onboard + - `origin` matching the correct ASN you want to onboard + +:::caution[RPKI validation] +You are not required to use Resource Public Key Infrastructure (RPKI). However, if you do, make sure your ROAs are accurate. You can use [Cloudflare's RPKI Portal](https://rpki.cloudflare.com/?view=validator) and a second source such as [Routinator](https://rpki-validator.ripe.net/ui/) to double check your prefixes. +::: + +## Process overview + +Overall, the steps can be summarized as follows: + +1. You revise your IRRs and ROAs (if applicable) to make sure they are correct. +2. You prepare a [letter of agency (LOA)](/byoip/concepts/loa/) containing both the prefixes you are authorizing Cloudflare to announce and which ASN they will be announced under. Cloudflare will present this to our transit partners as evidence that we are allowed to announce the route. +3. After receiving the LOA, Cloudflare validates the [requirements](#requirements). +4. Cloudflare provisions the IPs. +5. Once the IPs are provisioned, you use [service bindings](/byoip/service-bindings/) and [address maps](/byoip/address-maps/) to control how your IPs are used. +6. (Optional) You can use [Prefix delegations](/byoip/concepts/prefix-delegations/) to share all or part of your prefix with another Cloudflare account. +7. Finally, you configure the [Border Gateway Protocol advertisement](/byoip/concepts/dynamic-advertisement/) for your IPs at the Cloudflare network. \ No newline at end of file diff --git a/src/content/docs/byoip/get-started.mdx b/src/content/docs/byoip/get-started.mdx index 652b511941fc96b..e399a95291908d2 100644 --- a/src/content/docs/byoip/get-started.mdx +++ b/src/content/docs/byoip/get-started.mdx @@ -3,7 +3,7 @@ title: Get started pcx_content_type: get-started sidebar: order: 2 - + hidden: true --- import { GlossaryTooltip } from "~/components" diff --git a/src/content/docs/byoip/index.mdx b/src/content/docs/byoip/index.mdx index 9e4d7486299ddcf..a661e3307a86082 100644 --- a/src/content/docs/byoip/index.mdx +++ b/src/content/docs/byoip/index.mdx @@ -18,4 +18,4 @@ Get Cloudflare's security and performance while using your own IPs. With **Bringing Your Own IPs** (BYOIP), Cloudflare announces your IPs in all our locations. Use your IPs with [Magic Transit](/magic-transit/), [Spectrum](/spectrum/), [CDN services](/cache/), or [Gateway DNS](/cloudflare-one/policies/gateway/dns-policies/). -Learn how to [get started](/byoip/get-started/). +Learn how to [get started](/byoip/get-started-review/). From 12eb1f12fccdc7798d417f079f362f0555509369 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 16 May 2025 15:03:36 +0100 Subject: [PATCH 02/10] Switch order between delegation and mapping steps --- src/content/docs/byoip/get-started-review.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/byoip/get-started-review.mdx b/src/content/docs/byoip/get-started-review.mdx index 7310c3508f214a0..d8e128e65079c65 100644 --- a/src/content/docs/byoip/get-started-review.mdx +++ b/src/content/docs/byoip/get-started-review.mdx @@ -32,6 +32,6 @@ Overall, the steps can be summarized as follows: 2. You prepare a [letter of agency (LOA)](/byoip/concepts/loa/) containing both the prefixes you are authorizing Cloudflare to announce and which ASN they will be announced under. Cloudflare will present this to our transit partners as evidence that we are allowed to announce the route. 3. After receiving the LOA, Cloudflare validates the [requirements](#requirements). 4. Cloudflare provisions the IPs. -5. Once the IPs are provisioned, you use [service bindings](/byoip/service-bindings/) and [address maps](/byoip/address-maps/) to control how your IPs are used. -6. (Optional) You can use [Prefix delegations](/byoip/concepts/prefix-delegations/) to share all or part of your prefix with another Cloudflare account. +5. (Optional) You can use [Prefix delegations](/byoip/concepts/prefix-delegations/) to share all or part of your prefix with another Cloudflare account. +6. You use [service bindings](/byoip/service-bindings/) and [address maps](/byoip/address-maps/) to control how your IPs are used. 7. Finally, you configure the [Border Gateway Protocol advertisement](/byoip/concepts/dynamic-advertisement/) for your IPs at the Cloudflare network. \ No newline at end of file From 966899d9791c3204504d7121a74985bc65df5b0e Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 16 May 2025 15:29:18 +0100 Subject: [PATCH 03/10] List API endpoints for LOA upload and prefix creation --- src/content/docs/byoip/get-started-review.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/byoip/get-started-review.mdx b/src/content/docs/byoip/get-started-review.mdx index d8e128e65079c65..e192ee66def6d15 100644 --- a/src/content/docs/byoip/get-started-review.mdx +++ b/src/content/docs/byoip/get-started-review.mdx @@ -29,9 +29,9 @@ You are not required to use Date: Fri, 16 May 2025 16:47:43 +0100 Subject: [PATCH 06/10] Review BGP step and link to most recent API --- src/content/docs/byoip/get-started-review.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/byoip/get-started-review.mdx b/src/content/docs/byoip/get-started-review.mdx index 542701c06e653c5..dabc08b0287c9cb 100644 --- a/src/content/docs/byoip/get-started-review.mdx +++ b/src/content/docs/byoip/get-started-review.mdx @@ -34,7 +34,7 @@ Overall, the steps can be summarized as follows: 4. After receiving the LOA, Cloudflare validates the [requirements](#requirements) and provisions the IPs. 5. (Optional) You can use [Prefix delegations](/byoip/concepts/prefix-delegations/) to share all or part of your prefix with another Cloudflare account. 6. You use [service bindings](/byoip/service-bindings/)[^1] and [address maps](/byoip/address-maps/)[^2] to control how your IPs are used. -7. Finally, you configure the [Border Gateway Protocol advertisement](/byoip/concepts/dynamic-advertisement/) for your IPs at the Cloudflare network. +7. You advertise or withdraw the BGP route for a prefix via the [BGP Prefix API](/api/resources/addressing/subresources/prefixes/subresources/bgp_prefixes/methods/create/). [^1]: Mappings that control through which pipeline traffic destined for a given IP address will be routed. [^2]: Mappings that specify which IP addresses should be used when Cloudflare responds to DNS queries for proxied hostnames. \ No newline at end of file From eda02d7429d474b63bc28ff03203fde15a5c5f58 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 16 May 2025 16:58:17 +0100 Subject: [PATCH 07/10] Delete temp version and update get-started --- src/content/docs/byoip/get-started-review.mdx | 40 ------------------- src/content/docs/byoip/get-started.mdx | 30 +++++++++----- src/content/docs/byoip/index.mdx | 2 +- 3 files changed, 22 insertions(+), 50 deletions(-) delete mode 100644 src/content/docs/byoip/get-started-review.mdx diff --git a/src/content/docs/byoip/get-started-review.mdx b/src/content/docs/byoip/get-started-review.mdx deleted file mode 100644 index dabc08b0287c9cb..000000000000000 --- a/src/content/docs/byoip/get-started-review.mdx +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: Get started -pcx_content_type: get-started -sidebar: - order: 2 ---- - -import { GlossaryTooltip } from "~/components"; - -Work with your account team to understand everything you need to ensure a smooth transition during the onboarding process. - -Cloudflare requires a service-specific configuration for your prefixes, as well as some requirements common to all BYOIP customers regardless of service type. - -## Requirements - -The following requirements are common to all products compatible with BYOIP. - -You must verify that your [Internet Routing Registry (IRR)](/byoip/concepts/irr-entries/) records are up to date and contain: - - - `route` or `route6` objects matching the exact prefixes you want to onboard - - `origin` matching the correct ASN you want to onboard - -:::caution[RPKI validation] -You are not required to use Resource Public Key Infrastructure (RPKI). However, if you do, make sure your ROAs are accurate. You can use [Cloudflare's RPKI Portal](https://rpki.cloudflare.com/?view=validator) and a second source such as [Routinator](https://rpki-validator.ripe.net/ui/) to double check your prefixes. -::: - -## Process overview - -Overall, the steps can be summarized as follows: - -1. You revise your [IRRs and ROAs](#requirements) (if applicable) to make sure they are correct. -2. You prepare a [letter of agency (LOA)](/byoip/concepts/loa/) containing both the prefix you are authorizing Cloudflare to announce and which ASN they will be announced under. Cloudflare will present this to our transit partners as evidence that we are allowed to announce the route. -3. You use the [Upload LOA Document](/api/resources/addressing/subresources/loa_documents/methods/create/) API endpoint to submit the letter under your account and the [Add Prefix](/api/resources/addressing/subresources/prefixes/methods/create/) endpoint to create the prefix in your account with the associated `loa_document_id`. -4. After receiving the LOA, Cloudflare validates the [requirements](#requirements) and provisions the IPs. -5. (Optional) You can use [Prefix delegations](/byoip/concepts/prefix-delegations/) to share all or part of your prefix with another Cloudflare account. -6. You use [service bindings](/byoip/service-bindings/)[^1] and [address maps](/byoip/address-maps/)[^2] to control how your IPs are used. -7. You advertise or withdraw the BGP route for a prefix via the [BGP Prefix API](/api/resources/addressing/subresources/prefixes/subresources/bgp_prefixes/methods/create/). - -[^1]: Mappings that control through which pipeline traffic destined for a given IP address will be routed. -[^2]: Mappings that specify which IP addresses should be used when Cloudflare responds to DNS queries for proxied hostnames. \ No newline at end of file diff --git a/src/content/docs/byoip/get-started.mdx b/src/content/docs/byoip/get-started.mdx index e399a95291908d2..4b2a05c9b03b742 100644 --- a/src/content/docs/byoip/get-started.mdx +++ b/src/content/docs/byoip/get-started.mdx @@ -3,21 +3,20 @@ title: Get started pcx_content_type: get-started sidebar: order: 2 - hidden: true --- -import { GlossaryTooltip } from "~/components" +import { GlossaryTooltip } from "~/components"; -To bring your own IPs, you must work with your account team to understand everything you need to ensure a smooth transition during the onboarding process. +Work with your account team to understand everything you need to ensure a smooth transition during the onboarding process. -Cloudflare requires a service-specific configuration for your prefixes, as well as some requirements common to all BYOIP customers regardless of service type. These requirements are common to all products compatible with BYOIP, such as [Magic Transit](/magic-transit/), [Spectrum](/spectrum/), and [CDN services](/cache/). +Cloudflare requires a service-specific configuration for your prefixes, as well as some requirements common to all BYOIP customers regardless of service type. -## Prerequisites +## Requirements -There are two major prerequisites before Cloudflare can begin onboarding your IP space. +The following requirements are common to all products compatible with BYOIP. + +You must verify that your [Internet Routing Registry (IRR)](/byoip/concepts/irr-entries/) records are up to date and contain: -1. Cloudflare must receive a [Letter of Agency (LOA)](/byoip/concepts/loa/) to announce your prefixes, which we will share with our transit partners as evidence that we are allowed to announce the route. -2. You must verify that your [Internet Routing Registry (IRR)](/byoip/concepts/irr-entries/) records are up to date and contain: - `route` or `route6` objects matching the exact prefixes you want to onboard - `origin` matching the correct ASN you want to onboard @@ -25,7 +24,17 @@ There are two major prerequisites before Cloudflare can begin onboarding your IP You are not required to use Resource Public Key Infrastructure (RPKI). However, if you do, make sure your ROAs are accurate. You can use [Cloudflare's RPKI Portal](https://rpki.cloudflare.com/?view=validator) and a second source such as [Routinator](https://rpki-validator.ripe.net/ui/) to double check your prefixes. ::: -After onboarding, [Border Gateway Protocol (BGP)](https://www.cloudflare.com/learning/security/glossary/what-is-bgp/) announcements for customer prefixes can be controlled with the [Dynamic Advertisement](/byoip/concepts/dynamic-advertisement/) API or via the Cloudflare dashboard. +## Process overview + +Overall, the steps can be summarized as follows: + +1. You revise your [IRRs and ROAs](#requirements) (if applicable) to make sure they are correct. +2. You prepare a [letter of agency (LOA)](/byoip/concepts/loa/) containing both the prefix you are authorizing Cloudflare to announce and which ASN they will be announced under. Cloudflare will present this to our transit partners as evidence that we are allowed to announce the route. +3. You use the [Upload LOA Document](/api/resources/addressing/subresources/loa_documents/methods/create/) API endpoint to submit the letter under your account and the [Add Prefix](/api/resources/addressing/subresources/prefixes/methods/create/) endpoint to create the prefix in your account with the associated `loa_document_id`. +4. After receiving the LOA, Cloudflare validates the [requirements](#requirements) and provisions the IPs. +5. (Optional) You can use [Prefix delegations](/byoip/concepts/prefix-delegations/) to share all or part of your prefix with another Cloudflare account. +6. You use [service bindings](/byoip/service-bindings/)[^1] and [address maps](/byoip/address-maps/)[^2] to control how your IPs are used. +7. You advertise or withdraw the BGP route for a prefix via the [BGP Prefix API](/api/resources/addressing/subresources/prefixes/subresources/bgp_prefixes/methods/create/). ## Cloudflare IPs @@ -46,3 +55,6 @@ To protect your network using a Cloudflare IP address, contact your account mana When you use a Cloudflare-managed IP space, you do not need to provide a Letter of Agency (LOA) and advertise your prefixes that are associated with bringing your own IP. ::: + +[^1]: Mappings that control through which pipeline traffic destined for a given IP address will be routed. +[^2]: Mappings that specify which IP addresses should be used when Cloudflare responds to DNS queries for proxied hostnames. \ No newline at end of file diff --git a/src/content/docs/byoip/index.mdx b/src/content/docs/byoip/index.mdx index a661e3307a86082..9e4d7486299ddcf 100644 --- a/src/content/docs/byoip/index.mdx +++ b/src/content/docs/byoip/index.mdx @@ -18,4 +18,4 @@ Get Cloudflare's security and performance while using your own IPs. With **Bringing Your Own IPs** (BYOIP), Cloudflare announces your IPs in all our locations. Use your IPs with [Magic Transit](/magic-transit/), [Spectrum](/spectrum/), [CDN services](/cache/), or [Gateway DNS](/cloudflare-one/policies/gateway/dns-policies/). -Learn how to [get started](/byoip/get-started-review/). +Learn how to [get started](/byoip/get-started/). From 6fe46abbe9184f0096660ed5eddf94544dc34fee Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 16 May 2025 17:01:32 +0100 Subject: [PATCH 08/10] Remove section on Cloudflare IPs --- src/content/docs/byoip/get-started.mdx | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/src/content/docs/byoip/get-started.mdx b/src/content/docs/byoip/get-started.mdx index 4b2a05c9b03b742..dabc08b0287c9cb 100644 --- a/src/content/docs/byoip/get-started.mdx +++ b/src/content/docs/byoip/get-started.mdx @@ -36,25 +36,5 @@ Overall, the steps can be summarized as follows: 6. You use [service bindings](/byoip/service-bindings/)[^1] and [address maps](/byoip/address-maps/)[^2] to control how your IPs are used. 7. You advertise or withdraw the BGP route for a prefix via the [BGP Prefix API](/api/resources/addressing/subresources/prefixes/subresources/bgp_prefixes/methods/create/). -## Cloudflare IPs - -If you are unable to bring your own IP to Cloudflare, you can use an IP address issued by Cloudflare. - -Using a Cloudflare IP may be a good option if you: - -* Have one or a few IPs allocated from home or business class ISPs. -* Are an online streamer who could be the target of a DoS attack if your IP is leaked. -* Are a business owner with a small number of locations with broadband Internet connections. -* Do not own an IP space with a /24 prefix length. -* Maintain a large number of locations with a combination of connectivity methods. -* Own an IP space with a /24 prefix length but do not advertise prefixes from every location. - -To protect your network using a Cloudflare IP address, contact your account manager. - -:::note - -When you use a Cloudflare-managed IP space, you do not need to provide a Letter of Agency (LOA) and advertise your prefixes that are associated with bringing your own IP. -::: - [^1]: Mappings that control through which pipeline traffic destined for a given IP address will be routed. [^2]: Mappings that specify which IP addresses should be used when Cloudflare responds to DNS queries for proxied hostnames. \ No newline at end of file From 227669336c4b781aad157e868a3049863a62dccb Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro <62246989+RebeccaTamachiro@users.noreply.github.com> Date: Tue, 3 Jun 2025 09:56:45 +0100 Subject: [PATCH 09/10] Apply suggestions from code review Co-authored-by: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> --- src/content/docs/byoip/get-started.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/byoip/get-started.mdx b/src/content/docs/byoip/get-started.mdx index dabc08b0287c9cb..172324880763a7d 100644 --- a/src/content/docs/byoip/get-started.mdx +++ b/src/content/docs/byoip/get-started.mdx @@ -21,7 +21,7 @@ You must verify that your [Internet Routing Registry (IRR)](/byoip/concepts/irr- - `origin` matching the correct ASN you want to onboard :::caution[RPKI validation] -You are not required to use Resource Public Key Infrastructure (RPKI). However, if you do, make sure your ROAs are accurate. You can use [Cloudflare's RPKI Portal](https://rpki.cloudflare.com/?view=validator) and a second source such as [Routinator](https://rpki-validator.ripe.net/ui/) to double check your prefixes. +You are not required to use Resource Public Key Infrastructure (RPKI). However, if you do, make sure your ROAs are accurate. You can use [Cloudflare's RPKI Portal](https://rpki.cloudflare.com/?view=validator) and a second source such as [Routinator](https://rpki-validator.ripe.net/ui/) to double-check your prefixes. ::: ## Process overview @@ -32,9 +32,9 @@ Overall, the steps can be summarized as follows: 2. You prepare a [letter of agency (LOA)](/byoip/concepts/loa/) containing both the prefix you are authorizing Cloudflare to announce and which ASN they will be announced under. Cloudflare will present this to our transit partners as evidence that we are allowed to announce the route. 3. You use the [Upload LOA Document](/api/resources/addressing/subresources/loa_documents/methods/create/) API endpoint to submit the letter under your account and the [Add Prefix](/api/resources/addressing/subresources/prefixes/methods/create/) endpoint to create the prefix in your account with the associated `loa_document_id`. 4. After receiving the LOA, Cloudflare validates the [requirements](#requirements) and provisions the IPs. -5. (Optional) You can use [Prefix delegations](/byoip/concepts/prefix-delegations/) to share all or part of your prefix with another Cloudflare account. +5. (Optional) You can use [prefix delegations](/byoip/concepts/prefix-delegations/) to share all or part of your prefix with another Cloudflare account. 6. You use [service bindings](/byoip/service-bindings/)[^1] and [address maps](/byoip/address-maps/)[^2] to control how your IPs are used. -7. You advertise or withdraw the BGP route for a prefix via the [BGP Prefix API](/api/resources/addressing/subresources/prefixes/subresources/bgp_prefixes/methods/create/). +7. You advertise or withdraw the BGP route for a prefix via the [BGP Prefixes API](/api/resources/addressing/subresources/prefixes/subresources/bgp_prefixes/). [^1]: Mappings that control through which pipeline traffic destined for a given IP address will be routed. [^2]: Mappings that specify which IP addresses should be used when Cloudflare responds to DNS queries for proxied hostnames. \ No newline at end of file From da9373aa6c9af325ff5c829b2831de9c3e6f48b6 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro <62246989+RebeccaTamachiro@users.noreply.github.com> Date: Tue, 3 Jun 2025 09:57:51 +0100 Subject: [PATCH 10/10] Keep LOA capitalization consistent with target page --- src/content/docs/byoip/get-started.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/byoip/get-started.mdx b/src/content/docs/byoip/get-started.mdx index 172324880763a7d..6a62fc6e4d6ad9f 100644 --- a/src/content/docs/byoip/get-started.mdx +++ b/src/content/docs/byoip/get-started.mdx @@ -29,7 +29,7 @@ You are not required to use