From c14ca42ed877d4f1f118a18b1b96f22962535332 Mon Sep 17 00:00:00 2001
From: marciocloudflare <marcio@cloudflare.com>
Date: Wed, 30 Apr 2025 14:37:44 +0100
Subject: [PATCH 1/5] added new warnings

---
 .../partials/networking-services/routing/configure-routes.mdx  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/content/partials/networking-services/routing/configure-routes.mdx b/src/content/partials/networking-services/routing/configure-routes.mdx
index c4eafe5ed700625..be6834a6ad8a43a 100644
--- a/src/content/partials/networking-services/routing/configure-routes.mdx
+++ b/src/content/partials/networking-services/routing/configure-routes.mdx
@@ -277,8 +277,9 @@ By default, each BGP peering session will use the same Cloudflare-side ASN to re
 	<Markdown
     text={`
 		Magic WAN customers should also be aware of the following:
+		- The customer chooses their device ASN, which must be different to the Cloudflare-side ASN.
 		- The Cloudflare side ASN will be included in the \`AS_PATH\` of announced routes to any BGP enabled interconnect.
-		- The customer chooses their device ASN, which should be different to the Cloudflare-side ASN.
+		- Customer announced \`AS_PATH\` is transitive between interconnects — that is, the origin or customer ASN is visible on the \`AS_PATH\` for the routes your CPE receives from Cloudflare in BGP. Default BGP loop prevention mechanisms will mean that routes are not accepted from the same ASN. For example, if you have two different Magic WAN-connected sites both using \`ASN65000\`, then site A will not learn routes coming from site B because of default BGP loop prevention behavior. For routing between private networks using Magic WAN, you should assign a unique ASN for each network/site, or configure the edge CPE to accept BGP-learned routes containing its local ASN.
   `}
     inline={false}
   />

From 4e29174d99833a062ddfec9b926c2e35760dfb51 Mon Sep 17 00:00:00 2001
From: marciocloudflare <marcio@cloudflare.com>
Date: Wed, 30 Apr 2025 14:43:22 +0100
Subject: [PATCH 2/5] refined text

---
 .../networking-services/routing/configure-routes.mdx         | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/content/partials/networking-services/routing/configure-routes.mdx b/src/content/partials/networking-services/routing/configure-routes.mdx
index be6834a6ad8a43a..f9a883a49122eb0 100644
--- a/src/content/partials/networking-services/routing/configure-routes.mdx
+++ b/src/content/partials/networking-services/routing/configure-routes.mdx
@@ -279,7 +279,10 @@ By default, each BGP peering session will use the same Cloudflare-side ASN to re
 		Magic WAN customers should also be aware of the following:
 		- The customer chooses their device ASN, which must be different to the Cloudflare-side ASN.
 		- The Cloudflare side ASN will be included in the \`AS_PATH\` of announced routes to any BGP enabled interconnect.
-		- Customer announced \`AS_PATH\` is transitive between interconnects — that is, the origin or customer ASN is visible on the \`AS_PATH\` for the routes your CPE receives from Cloudflare in BGP. Default BGP loop prevention mechanisms will mean that routes are not accepted from the same ASN. For example, if you have two different Magic WAN-connected sites both using \`ASN65000\`, then site A will not learn routes coming from site B because of default BGP loop prevention behavior. For routing between private networks using Magic WAN, you should assign a unique ASN for each network/site, or configure the edge CPE to accept BGP-learned routes containing its local ASN.
+		- The customer-announced \`AS_PATH\` is transitive between interconnects — meaning the origin (customer) ASN is visible in the \`AS_PATH\` of routes received from Cloudflare via BGP. Due to default BGP loop prevention mechanisms, a router will reject any route that contains its own ASN in the \`AS_PATH\`. For example, if two Magic WAN-connected sites both use \`ASN 65000\`, site A will not accept routes from site B, and vice versa, because each site sees its own ASN in the advertised \`AS_PATH\`. <br />
+			To enable routing between private networks over Magic WAN, you should either:
+			- Assign a unique ASN to each site/network, or
+			- Configure your edge CPE to accept BGP routes that include its own ASN in the \`AS_PATH\`.
   `}
     inline={false}
   />

From 477ecf3ce95b052a345e4116417b0b1761fde1e2 Mon Sep 17 00:00:00 2001
From: marciocloudflare <marcio@cloudflare.com>
Date: Wed, 30 Apr 2025 14:56:15 +0100
Subject: [PATCH 3/5] added note

---
 .../networking-services/routing/configure-routes.mdx   | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/content/partials/networking-services/routing/configure-routes.mdx b/src/content/partials/networking-services/routing/configure-routes.mdx
index f9a883a49122eb0..6db825de6ff4db8 100644
--- a/src/content/partials/networking-services/routing/configure-routes.mdx
+++ b/src/content/partials/networking-services/routing/configure-routes.mdx
@@ -9,7 +9,7 @@ params:
   - productGatewayOrEgress
 ---
 
-import { APIRequest, Markdown, Render, TabItem, Tabs } from "~/components";
+import { Aside, APIRequest, Markdown, Render, TabItem, Tabs } from "~/components";
 
 Magic Networking uses a routing table to steer your traffic via next-hop from Cloudflare's global network to your connected networks. Entries can be added to the Magic routing table via static route configuration or via routes learned through BGP peering (only available over Direct CNI).
 
@@ -308,6 +308,14 @@ If you already have set up your Cloudflare account ASN, you can skip steps two a
 4. Go to **Interconnects**.
 5. Find the Direct CNI interconnect you want to configure with BGP > select the **three dots** next to it > **Configure BGP**.
 6. In **Customer device ASN**, enter the ASN for your network.
+
+	{ props.magicWord === "Magic WAN" && (
+		<>
+		<Aside type="note">Multiple interconnects with the same ASN will not exchange routes if standard BGP loop prevention is enabled. Consider using a different ASN per session, or enabling duplicate ASNs (like Cisco's `allowas-in` feature) to exchange routes between networks.</Aside>
+		</>
+		)
+	}
+
 7. In **MD5 key**, you can optionally enter the key for your network. Note that this is meant to prevent accidental misconfigurations, and is not a security mechanism.
 8. (Optional) In **Advertised prefix list**, input the additional prefixes automatically assigned by Cloudflare during the creation of the CNI interconnect, to advertise alongside your existing routes. Leave blank if you do not want to advertise extra routes. <br /> Typical prefixes to configure here include:
 	- A route to `0.0.0.0/0`, the default route — to attract all Internet-bound traffic if using {props.productGatewayOrEgress}.

From 85c351b4ac6242c02c1635276b738904defa4152 Mon Sep 17 00:00:00 2001
From: marciocloudflare <marcio@cloudflare.com>
Date: Wed, 30 Apr 2025 14:56:48 +0100
Subject: [PATCH 4/5] refined text

---
 .../partials/networking-services/routing/configure-routes.mdx   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/partials/networking-services/routing/configure-routes.mdx b/src/content/partials/networking-services/routing/configure-routes.mdx
index 6db825de6ff4db8..e190c302be32fe9 100644
--- a/src/content/partials/networking-services/routing/configure-routes.mdx
+++ b/src/content/partials/networking-services/routing/configure-routes.mdx
@@ -311,7 +311,7 @@ If you already have set up your Cloudflare account ASN, you can skip steps two a
 
 	{ props.magicWord === "Magic WAN" && (
 		<>
-		<Aside type="note">Multiple interconnects with the same ASN will not exchange routes if standard BGP loop prevention is enabled. Consider using a different ASN per session, or enabling duplicate ASNs (like Cisco's `allowas-in` feature) to exchange routes between networks.</Aside>
+		<Aside type="note">Multiple interconnects with the same ASN will not exchange routes if standard BGP loop prevention is enabled. Consider using a different ASN per session, or enabling duplicate ASNs (like Cisco's <code>allowas-in</code> feature) to exchange routes between networks.</Aside>
 		</>
 		)
 	}

From 3600593d0f9fc55b3c4a750db836fcba25707149 Mon Sep 17 00:00:00 2001
From: marciocloudflare <marcio@cloudflare.com>
Date: Wed, 30 Apr 2025 15:52:16 +0100
Subject: [PATCH 5/5] github is stuck

---
 .../partials/networking-services/routing/configure-routes.mdx   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/partials/networking-services/routing/configure-routes.mdx b/src/content/partials/networking-services/routing/configure-routes.mdx
index e190c302be32fe9..da106eeac0135fa 100644
--- a/src/content/partials/networking-services/routing/configure-routes.mdx
+++ b/src/content/partials/networking-services/routing/configure-routes.mdx
@@ -311,7 +311,7 @@ If you already have set up your Cloudflare account ASN, you can skip steps two a
 
 	{ props.magicWord === "Magic WAN" && (
 		<>
-		<Aside type="note">Multiple interconnects with the same ASN will not exchange routes if standard BGP loop prevention is enabled. Consider using a different ASN per session, or enabling duplicate ASNs (like Cisco's <code>allowas-in</code> feature) to exchange routes between networks.</Aside>
+		<Aside type="note">Multiple interconnects with the same ASN will not exchange routes if standard BGP loop prevention is enabled. Consider using a different ASN per session, or enabling duplicate ASNs (like Cisco's <code>allowas-in</code> feature) to exchange routes between networks. </Aside>
 		</>
 		)
 	}