Best practices
To prevent issues and simplify the advertisement process during an attack scenario, complete the following tasks.
-
Assign appropriate user roles. Ensure that users assigned to manage the status of IP prefix advertisement have the Administrator or Super Administrator role in your Cloudflare account. For more information, refer to Setting up Multi-user accounts on Cloudflare.
-
Get a list of the prefix IDs that you want to manage. Maintain a list of Cloudflare prefix IDs to simplify dynamic advertisement management and operations. You can obtain prefix IDs via the Cloudflare dashboard or use the list prefixes operation in the Cloudflare API. Refer to these prefix IDs when managing prefix advertisement.
You can avoid latency and the possibility of dropped routes by enabling prefix advertisement from Cloudflare before you withdraw the advertisement from your data center.
- Refer to configure dynamic advertisement. This operation requires your account ID, prefix IDs, and API key.
- Verify the advertisement using a looking glass of your choice, such as Hurricane Electric Internet Services ↗. Use the Cloudflare ASN (
13335
) to track the advertisement route. - Remove the prefix advertisement that originates from your data center.
Enablement takes approximately five to seven minutes.
- Add the prefix advertisement to your data center.
- (Optional) Verify the advertisement using a looking glass of your choice, such as Hurricane Electric Internet Services ↗.
- Refer to configure dynamic advertisement. This operation requires your account ID, prefix IDs, and API key.
Disablement takes approximately 15 minutes.
- Log in to your Cloudflare dashboard ↗ and select your account.
- Go to IP Addresses > IP Prefixes.
- Select Edit at the end of the entry.
- From Edit IP Prefixes, select Advertised or Withdrawn under Status.
- Select Save to commit your changes.
After saving your changes, it takes between two to seven minutes to enable advertisement and approximately 15 minutes to disable or withdraw advertisement.
To configure prefix advertisement with the Cloudflare API, use the IP Address Management and Dynamic Advertisement API.
Most dynamic advertisement operations require that you supply the Cloudflare ID for any prefix you want to access with the Cloudflare API. The following section outlines how to obtain prefix IDs.
- Log in to your Cloudflare dashboard ↗ and select your account.
- Go to IP Addresses > IP Prefixes.
- Find the CIDR for which you want the prefix ID, and select the arrow next to it.
- The prefix ID is the value under API Tag. Select Copy to add the value to your clipboard.
To obtain prefix IDs using the API, refer to the list prefixes operation in the Cloudflare API.