Flow-based monitoring
Flow-based monitoring works with Magic Transit on demand to detect and notify you about attacks based on traffic flows from your data centers. You can configure your routers to continuously send NetFlow data to Cloudflare where the flow data is ingested and analyzed for volumetric DDoS attacks, or you can choose to send data over IPsec tunnels. When an attack is detected, Cloudflare automatically notifies you by email, webhook, or PagerDuty with information about the attack.
You can choose to activate IP advertisement via the Cloudflare dashboard or API. After Magic Transit is activated and your traffic is flowing through Cloudflare, you only receive the clean traffic back to your network over your tunnels.
To activate IP advertisement via the Cloudflare dashboard, refer to using the IP Prefixes page to configure dynamic advertisement. To activate IP advertisement via the API, refer to the IP Address Management Dynamic Advertisement API.
To enable Flow-based monitoring alerts, refer to Enable Flow-based monitoring alerts.
To enable per-prefix thresholds with prefix auto advertisement, refer to Enable per-prefix thresholds with prefix auto advertisement.