cloudflare · marciocloudflare · Dec 4, 2024 · Dec 4, 2024 · Dec 4, 2024
@@ -41,7 +41,7 @@ When using Magic Cloud Networking to automatically create on-ramps to your Googl
 - Cloudflare will reserve a public Internet routable IP address from GCP.
 - Cloudflare will create a VPN Gateway and two VPN Tunnels in the region you specify.
 - Cloudflare will create routes for each prefix in your [Magic WAN Address Space](/magic-cloud-networking/cloud-on-ramps/#magic-wan-address-space) within your VPC pointing to the VPN Tunnels.
-- Cloudflare will add routes in Magic WAN for all subnet CIDR prefixes in your VPC. This includes all regions within the VPC. Traffic bound for a region other than the VPN Gateway’s region will be subject to GCP’s [Inter-region Pricing](https://cloud.google.com/vpc/network-pricing#inter-region-data-transfer).
+- Cloudflare will add routes in Magic WAN for all subnet CIDR prefixes in your VPC. This includes all regions within the VPC. Traffic bound for a region other than the VPN Gateway's region will be subject to GCP's [Inter-region Pricing](https://cloud.google.com/vpc/network-pricing#inter-region-data-transfer).
 - Traffic sent to and from your VM instances through the VPN Tunnels is still subject to VPC firewall rules, and may [require further configuration](https://cloud.google.com/network-connectivity/docs/vpn/how-to/configuring-firewall-rules#firewall_rules).
 
 ## Supported resources

@@ -13,7 +13,7 @@ If you are an Enterprise customer, Cloudflare can significantly accelerate the o
 
 ## 1. Verify NetFlow or sFlow capabilities
 
-Verify your routers are capable of exporting <GlossaryTooltip term="NetFlow">NetFlow</GlossaryTooltip> or <GlossaryTooltip term="sFlow">sFlow</GlossaryTooltip> to an IP address on Cloudflare’s network. Magic Network Monitoring supports NetFlow v5, NetFlow v9, IPFIX, and sFlow.
+Verify your routers are capable of exporting <GlossaryTooltip term="NetFlow">NetFlow</GlossaryTooltip> or <GlossaryTooltip term="sFlow">sFlow</GlossaryTooltip> to an IP address on Cloudflare's network. Magic Network Monitoring supports NetFlow v5, NetFlow v9, IPFIX, and sFlow.
 
 Refer to [Supported routers](/magic-network-monitoring/routers/supported-routers) to view a list of supported routers. The list is not exhaustive.
 

@@ -26,7 +26,7 @@ Improve your network visibility and detect DDoS attacks based on traffic flows.
 
 <Plan type="all" />
 
-Magic Network Monitoring provides visibility into your network traffic by analyzing network <GlossaryTooltip term="flow data">flow data</GlossaryTooltip> sent from a customer’s routers. Magic Network Monitoring supports NetFlow v5, NetFlow v9, IPFIX, and sFlow.
+Magic Network Monitoring provides visibility into your network traffic by analyzing network <GlossaryTooltip term="flow data">flow data</GlossaryTooltip> sent from a customer's routers. Magic Network Monitoring supports NetFlow v5, NetFlow v9, IPFIX, and sFlow.
 
 Magic Network Monitoring is generally available to everyone with a Cloudflare account by default. You can log in to your Cloudflare dashboard, select your account, then go to **Analytics & Logs** > **Magic Monitoring** to get started.
 

@@ -5,7 +5,7 @@ sidebar:
   order: 3
 head: []
 description: A step-by-step configuration guide for exporting NetFlow or IPFIX
-  data to Cloudflare’s network.
+  data to Cloudflare's network.
 
 ---
 

@@ -4,7 +4,7 @@ pcx_content_type: reference
 sidebar:
   order: 2
 head: []
-description: The best sampling rate recommendations for your network’s traffic volume.
+description: The best sampling rate recommendations for your network's traffic volume.
 
 ---
 

@@ -5,7 +5,7 @@ sidebar:
   order: 4
 head: []
 description: A step-by-step configuration guide for exporting sFlow data to
-  Cloudflare’s network.
+  Cloudflare's network.
 
 ---
 

@@ -15,7 +15,7 @@ The majority of enterprise-grade routers are capable of exporting <GlossaryToolt
 Relatively few consumer grade routers are capable of exporting NetFlow or sFlow. If you are a network hobbyist, business, or other organization, and your router options are limited, you can view the list of open source and affordable options below.
 
 :::note[Note:]
-These lists are not exhaustive, and we encourage you to check your router’s specification sheet to confirm your router is capable of exporting NetFlow or sFlow.
+These lists are not exhaustive, and we encourage you to check your router's specification sheet to confirm your router is capable of exporting NetFlow or sFlow.
 :::
 
 ## NetFlow routers

@@ -12,7 +12,7 @@ head:
 
 
 
-Customers who want to effectively test Cloudflare’s Magic Network Monitoring (MNM) in a repeatable manner can devise a simulated DDoS attack. At a high level, you would need to:
+Customers who want to effectively test Cloudflare's Magic Network Monitoring (MNM) in a repeatable manner can devise a simulated DDoS attack. At a high level, you would need to:
 
 1. Select and install a trusted and open source DDoS simulation tool.
 2. Conduct a small DDoS test attack in a safe test environment.

@@ -15,9 +15,9 @@ Magic Transit is a network security and performance solution that offers DDoS pr
 
 Magic Transit delivers its connectivity, security, and performance benefits by serving as the front door to your IP network. This means it accepts IP <GlossaryTooltip term="data packet">packets</GlossaryTooltip> destined for your network, processes them, and then outputs them to your origin infrastructure.
 
-The Cloudflare network uses [Border Gateway Protocol (BGP)](https://www.cloudflare.com/learning/security/glossary/what-is-bgp/) to announce your company’s IP address space, extending your network presence globally, and <GlossaryTooltip term="anycast" link="https://www.cloudflare.com/learning/cdn/glossary/anycast-network/">anycast</GlossaryTooltip> to ingest your traffic. Today, Cloudflare’s anycast global network spans [hundreds of cities worldwide](https://www.cloudflare.com/network/).
+The Cloudflare network uses [Border Gateway Protocol (BGP)](https://www.cloudflare.com/learning/security/glossary/what-is-bgp/) to announce your company's IP address space, extending your network presence globally, and <GlossaryTooltip term="anycast" link="https://www.cloudflare.com/learning/cdn/glossary/anycast-network/">anycast</GlossaryTooltip> to ingest your traffic. Today, Cloudflare's anycast global network spans [hundreds of cities worldwide](https://www.cloudflare.com/network/).
 
-Once packets hit Cloudflare’s network, traffic is inspected for attacks, filtered, <GlossaryTooltip term="traffic steering">steered</GlossaryTooltip>, accelerated, and sent onward to your origin. Magic Transit connects to your origin infrastructure using anycast <GlossaryTooltip term="GRE tunnel">Generic Routing Encapsulation (GRE)</GlossaryTooltip> tunnels over the Internet or, with [Cloudflare Network Interconnect (CNI)](/network-interconnect/), via physical or virtual interconnect.
+Once packets hit Cloudflare's network, traffic is inspected for attacks, filtered, <GlossaryTooltip term="traffic steering">steered</GlossaryTooltip>, accelerated, and sent onward to your origin. Magic Transit connects to your origin infrastructure using anycast <GlossaryTooltip term="GRE tunnel">Generic Routing Encapsulation (GRE)</GlossaryTooltip> tunnels over the Internet or, with [Cloudflare Network Interconnect (CNI)](/network-interconnect/), via physical or virtual interconnect.
 
 Magic Transit users have two options for their implementation: ingress traffic or ingress and [egress traffic](/magic-transit/reference/egress/). Users with an egress implementation will need to set up <GlossaryTooltip term="policy-based routing">policy-based routing (PBR)</GlossaryTooltip> or ensure default routing on their end forwards traffic to Cloudflare via tunnels.
 

@@ -11,13 +11,13 @@ head:
 
 import { GlossaryTooltip, Render } from "~/components"
 
-[Network Analytics](/analytics/network-analytics/) gives you real-time visibility into Magic Transit traffic entering and leaving Cloudflare’s network through <GlossaryTooltip term="GRE tunnel">GRE</GlossaryTooltip> or <GlossaryTooltip term="IPsec tunnel">IPsec</GlossaryTooltip> tunnels. Start by inspecting information from the source and destination tunnel panels in Network Analytics to learn more about your data.
+[Network Analytics](/analytics/network-analytics/) gives you real-time visibility into Magic Transit traffic entering and leaving Cloudflare's network through <GlossaryTooltip term="GRE tunnel">GRE</GlossaryTooltip> or <GlossaryTooltip term="IPsec tunnel">IPsec</GlossaryTooltip> tunnels. Start by inspecting information from the source and destination tunnel panels in Network Analytics to learn more about your data.
 
 Source/destination tunnel data in Network Analytics includes:
 
 - A list of your top tunnels by traffic volume.
 - Source and destination <GlossaryTooltip term="IP address">IP addresses</GlossaryTooltip>, ports, and protocols of tunnel traffic.
-- Samples of all GRE or IPsec tunnel traffic entering or leaving Cloudflare’s network.
+- Samples of all GRE or IPsec tunnel traffic entering or leaving Cloudflare's network.
 - Mitigations applied (such as DDoS and Magic Firewall) to traffic entering Cloudflare.
 
 ## Access Magic Tunnel analytics

@@ -21,7 +21,7 @@ Before you can begin using Magic Transit, verify that you meet Cloudflare's onbo
 
 ### Verify router compatibility
 
-Magic Transit relies on <GlossaryTooltip term="anycast">anycast</GlossaryTooltip> tunnels to transmit <GlossaryTooltip term="data packet">packets</GlossaryTooltip> from Cloudflare’s global network to your origin network.
+Magic Transit relies on <GlossaryTooltip term="anycast">anycast</GlossaryTooltip> tunnels to transmit <GlossaryTooltip term="data packet">packets</GlossaryTooltip> from Cloudflare's global network to your origin network.
 
 The routers at your tunnel endpoints must meet the following requirements to ensure compatibility with Magic Transit.
 
@@ -94,7 +94,7 @@ Refer to [Maximum transmission unit and maximum segment size](/magic-transit/ref
 
 ## 4. Configure static routes
 
-Configure [static routes](/magic-transit/how-to/configure-static-routes/) to route traffic from Cloudflare’s global network to your locations.
+Configure [static routes](/magic-transit/how-to/configure-static-routes/) to route traffic from Cloudflare's global network to your locations.
 
 ## 5. Run pre-flight checks
 

@@ -5,7 +5,7 @@ sidebar:
   order: 2
 head: []
 description: Magic Transit uses a static configuration to route your traffic
-  through anycast tunnels from Cloudflare’s global network to your locations.
+  through anycast tunnels from Cloudflare's global network to your locations.
   Learn how to configure static routes.
 
 ---

@@ -10,7 +10,7 @@ head:
 
 import { GlossaryTooltip } from "~/components";
 
-Cloudflare Network Interconnect (CNI) allows you to connect your network infrastructure directly with Cloudflare – rather than using the public Internet – for a more reliable and secure experience. With CNI, you can bring Cloudflare’s full suite of network functions to your physical network edge.
+Cloudflare Network Interconnect (CNI) allows you to connect your network infrastructure directly with Cloudflare – rather than using the public Internet – for a more reliable and secure experience. With CNI, you can bring Cloudflare's full suite of network functions to your physical network edge.
 
 Use Cloudflare Network Interconnect with Magic Transit to improve throughput and harden infrastructure to attack.
 

@@ -26,7 +26,7 @@ You will need the email address associated with your Cloudflare account, Cloudfl
 
 5. Select **Edit** next to the Cloudflare branded mitigation to edit and review the information.
 
-   In the example below under section two, the Cloudflare email address, Account ID, and API token are used to send the API call to Cloudflare to begin advertising routes and turn on Magic Transit for the customer’s network.
+   In the example below under section two, the Cloudflare email address, Account ID, and API token are used to send the API call to Cloudflare to begin advertising routes and turn on Magic Transit for the customer's network.
 
    ![Kentik mitigation setup](~/assets/images/magic-transit/kentik-setup.png)
 

@@ -4,7 +4,7 @@ title: Traffic steering
 head: []
 description: Magic Transit uses a static configuration to route traffic through
   anycast tunnels using the Generic Routing Encapsulation (GRE) and Internet
-  Protocol Security (IPsec) protocols from Cloudflare’s global network to your
+  Protocol Security (IPsec) protocols from Cloudflare's global network to your
   network.
 ---
 

@@ -3,7 +3,7 @@ pcx_content_type: concept
 title: GRE and IPsec tunnels
 head: []
 description: Magic Transit uses Generic Routing Encapsulation (GRE) and IPsec
-  tunnels to transmit packets from Cloudflare’s global network to your origin
+  tunnels to transmit packets from Cloudflare's global network to your origin
   network.
 ---
 

@@ -31,13 +31,13 @@ Refer to [Magic WAN Network Analytics](/magic-wan/analytics/network-analytics/)
 
 ## Traceroutes
 
-Traceroutes provide a hop by hop breakdown of the Internet path network traffic follows as it traverses from Cloudflare’s network to a customer’s network.
+Traceroutes provide a hop by hop breakdown of the Internet path network traffic follows as it traverses from Cloudflare's network to a customer's network.
 
 Refer to [Traceroutes](/magic-wan/analytics/traceroutes/) to learn more.
 
 ## Packet captures
 
-Packet captures allow customers to analyze the raw packet data that a customer is sending and receiving from Cloudflare’s network.
+Packet captures allow customers to analyze the raw packet data that a customer is sending and receiving from Cloudflare's network.
 
 Refer to [packet captures](/magic-firewall/packet-captures/) to learn more.
 

@@ -22,7 +22,7 @@ To check for Connector metrics:
 
 ### Query metrics with GraphQL
 
-Customers can query Cloudflare’s GraphQL API to fetch their Magic WAN Connector device metrics. The Cloudflare dashboard displays Magic WAN Connector device metrics over the past one hour. Via the GraphQL API, customers can query for up to 30 days of historical Magic WAN Connector device metrics.
+Customers can query Cloudflare's GraphQL API to fetch their Magic WAN Connector device metrics. The Cloudflare dashboard displays Magic WAN Connector device metrics over the past one hour. Via the GraphQL API, customers can query for up to 30 days of historical Magic WAN Connector device metrics.
 
 For example:
 

@@ -3,12 +3,12 @@ pcx_content_type: how-to
 title: Breakout traffic
 head: []
 description: Breakout traffic allows you to define which applications should
-  bypass Cloudflare’s security filtering.
+  bypass Cloudflare's security filtering.
 ---
 
 import { Render, TabItem, Tabs } from "~/components";
 
-Breakout traffic allows you to define which applications should bypass Cloudflare’s security filtering, and go directly to the Internet. It works via DNS requests inspection. This means that if your network is caching DNS requests, Breakout traffic will only take effect after you cache entries expire and your client issues a new DNS request that the Magic WAN Connector can detect. This can take several minutes.
+Breakout traffic allows you to define which applications should bypass Cloudflare's security filtering, and go directly to the Internet. It works via DNS requests inspection. This means that if your network is caching DNS requests, Breakout traffic will only take effect after you cache entries expire and your client issues a new DNS request that the Magic WAN Connector can detect. This can take several minutes.
 
 :::caution
 Breakout traffic will not work for applications that use DNS-over-HTTPs.
@@ -30,7 +30,7 @@ accTitle: In this example, the applications go directly to the Internet, skippin
 _In the graph above, Applications 1 and 2 are configured to bypass Cloudflare's security filtering, and go straight to the Internet_
 
 :::note[A note on security]
-We recommend routing all traffic through our global network for comprehensive security filtering and access controls. However, there may be specific cases where you want a subset of traffic to bypass Cloudflare’s security filtering and route it directly to the Internet. You can scope this breakout traffic to specific applications from the Cloudflare dashboard.
+We recommend routing all traffic through our global network for comprehensive security filtering and access controls. However, there may be specific cases where you want a subset of traffic to bypass Cloudflare's security filtering and route it directly to the Internet. You can scope this breakout traffic to specific applications from the Cloudflare dashboard.
 
 Refer to [Traffic steering](/magic-wan/reference/traffic-steering/) to learn how Cloudflare routes traffic.
 :::

@@ -8,11 +8,11 @@ import { DirectoryListing } from "~/components"
 
 In addition to traffic policies based on network-layer attributes like IP and port ranges, the Magic WAN Connector supports the ability to classify traffic based on well-known applications. Application-aware policies provide easier management and more granularity over traffic flows.
 
-Cloudflare’s implementation of application awareness leverages the intelligence of our global network, using the same categorization/classification already shared across security tools like our [Secure Web Gateway](/cloudflare-one/policies/gateway/), so IT and security teams can expect consistent behavior across routing and inspection decisions.
+Cloudflare's implementation of application awareness leverages the intelligence of our global network, using the same categorization/classification already shared across security tools like our [Secure Web Gateway](/cloudflare-one/policies/gateway/), so IT and security teams can expect consistent behavior across routing and inspection decisions.
 
 For more information, refer to [Applications and app types](/cloudflare-one/policies/gateway/application-app-types/).
 
-Magic WAN Connector's ability to classify traffic allows you to define which applications should bypass Cloudflare’s security filtering, and go directly to the Internet. You can also give some applications a higher priority, and Connector will process them first. This is useful when your network is at capacity, for example.
+Magic WAN Connector's ability to classify traffic allows you to define which applications should bypass Cloudflare's security filtering, and go directly to the Internet. You can also give some applications a higher priority, and Connector will process them first. This is useful when your network is at capacity, for example.
 
 Refer to the following pages for more information.
 

@@ -5,7 +5,7 @@ sidebar:
   order: 2
 head: []
 description: Magic WAN uses a static configuration to route your traffic through
-  anycast tunnels from Cloudflare’s global network to your locations.
+  anycast tunnels from Cloudflare's global network to your locations.
 
 ---
 

@@ -38,7 +38,7 @@ The list of prerequisites below is only for customers planning to connect manual
 
 ### Use compatible tunnel endpoint routers
 
-Magic WAN relies on <GlossaryTooltip term="GRE tunnel" link="/magic-wan/reference/tunnels/">GRE</GlossaryTooltip> and <GlossaryTooltip term="IPsec tunnel" link="/magic-wan/reference/tunnels/#ipsec-tunnels">IPsec tunnels</GlossaryTooltip> to transmit packets from Cloudflare’s global network to your origin network. To ensure compatibility with Magic WAN, the routers at your tunnel endpoints must:
+Magic WAN relies on <GlossaryTooltip term="GRE tunnel" link="/magic-wan/reference/tunnels/">GRE</GlossaryTooltip> and <GlossaryTooltip term="IPsec tunnel" link="/magic-wan/reference/tunnels/#ipsec-tunnels">IPsec tunnels</GlossaryTooltip> to transmit packets from Cloudflare's global network to your origin network. To ensure compatibility with Magic WAN, the routers at your tunnel endpoints must:
 
 - Allow configuration of at least one tunnel per Internet service provider (ISP).
 - Support <GlossaryTooltip term="maximum segment size (MSS)">maximum segment size (MSS)</GlossaryTooltip> clamping.