FAQ
Yes. Both enterprise and free customers can send encrypted network flow data to Cloudflare.
Enterprise customers with Magic Transit or Magic WAN are able to send encrypted network flow data via an IPsec tunnel to Cloudflare’s network. You can achieve this by:
- Configuring your NetFlow or sFlow data to be sent to Cloudflare’s network for parsing.
- Directing that network flow data to be sent over Magic Transit IPsec tunnels or Magic WAN IPsec tunnels to Cloudflare’s network.
Cloudflare’s network will then identify this traffic via the destination IP address/port, and direct the network flow traffic to Magic Network Monitoring for parsing.
Free customers can route their network flow traffic through a device that is running the WARP client. Then, network flow traffic can be forwarded from the WARP enabled device to Cloudflare’s network flow endpoints. You can learn more about this in the Encrypt network flow data tutorial.
I have Auto-Advertisement enabled and it was triggered by an attack. Do I have to turn Magic Transit off manually?
Once Auto-Advertisement is activated for an IP prefix that is under attack, the IP prefix will continue to be advertised by Cloudflare even if the attack ends. You will then need to manually disable advertisement for that IP prefix. Refer to Configure dynamic advertisement to learn how to withdraw your prefixes, and stop using Magic Transit.
If Auto-Advertisement is enabled, and the threshold has been triggered, will the IP prefix show as advertised in the dashboard?
Yes, the IP prefix will show as advertised under the IP Prefixes tab.
No. Auto-advertisement only works with API-controlled advertisement, not BGP-controlled advertisement.
In the API, Magic Network Monitoring rules have a bandwidth_threshold
data field. Does the value for this field refer to bytes transferred or current throughput?
The threshold for a Magic Network Monitoring (MNM) rule has two values. The first value is bandwidth_threshold
. This value is a measure of the total ingress throughput on a network at any given moment. The second value is duration
. The duration
value refers to the amount of time that bandwidth_threshold
must be exceeded before an alert is sent to the customer.
For example, you create a MNM rule with the following parameters:
With this rule, your network needs to receive a throughput greater than 50,000,000 bits per second (50 Gigabits per second or Gbps) for 60 seconds. If both of these conditions are met, then MNM will send you an alert.
My router’s public IP address is different from the IP address of my network flow agent-ip
. I cannot change my network flow agent-ip
, and I am not seeing my router’s traffic in MNM analytics
It is recommended that you set your router’s public IP address and network flow agent-ip
to the same value. However, if you are unable to do this, you can register both your router’s public IP and your network flow agent-ip
in the Magic Network Monitoring (MNM) router configuration. This will prevent MNM from blocking network traffic received from any unknown IP addresses, and will show your router’s network flow data underneath the router’s agent-ip
.
What is Magic Network Monitoring’s data retention policy for Netflow/sFlow received from customer’s routers?
Currently, all data received from a customer’s router goes to our servers in the US. If you enable data sovereignty in Europe, you cannot currently use Magic Network Monitoring.
GraphQL analytics is retained for 90 days for enterprise customers. For non-enterprise customers, data retention is seven days. Cloudflare also retains data for six hours in the US, for threshold crossing detection.