--- title: FAQ description: Answers to common questions about Network Flow. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/network-flow/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) ### Tags [ IPsec ](https://developers.cloudflare.com/search/?tags=IPsec) # FAQ If you cannot find your answer here, refer to the [community page ↗](https://community.cloudflare.com/) for more resources. ## I am getting an "Invalid account settings request body: account name format contains illegal characters or is not supported" error when trying to create a rule. This probably means that your account name has unsupported characters. Make sure your account name does not have characters like, for example, `&`, `<`, `>`, `"`, `'`, `` ` ``. Refer to [Account name](https://developers.cloudflare.com/fundamentals/account/create-account/#account-name) to learn how to change your account name. ## Can I send NetFlow/sFlow data to Cloudflare in a secure, encrypted way? Yes. Both enterprise and free customers can send encrypted network flow data to Cloudflare. Enterprise customers with Magic Transit or Cloudflare WAN (formerly Magic WAN) can send encrypted network flow data via an IPsec tunnel to Cloudflare's network. You can achieve this by: 1. Configuring your [NetFlow](https://developers.cloudflare.com/network-flow/routers/netflow-ipfix-config/) or [sFlow](https://developers.cloudflare.com/network-flow/routers/sflow-config/) data to be sent to Cloudflare's network for parsing. 2. Directing that network flow data to be sent over [Magic Transit IPsec tunnels](https://developers.cloudflare.com/magic-transit/how-to/configure-tunnel-endpoints/) or [Cloudflare WAN IPsec tunnels](https://developers.cloudflare.com/cloudflare-wan/configuration/how-to/configure-tunnel-endpoints/) to Cloudflare's network. Cloudflare identifies the flow traffic by its destination IP address and port, then forwards it to Network Flow for parsing. Free customers can route their network flow traffic through a device that is running the Cloudflare One Client. Then, network flow traffic can be forwarded from the Cloudflare One Client enabled device to Cloudflare's network flow endpoints. Learn more in the [Encrypt network flow data tutorial](https://developers.cloudflare.com/network-flow/tutorials/encrypt-network-flow-data/). ## I have Auto-Advertisement enabled and it was triggered by an attack. Do I have to turn Magic Transit off manually? Yes. After Auto-Advertisement activates for a prefix under attack, Cloudflare continues advertising that prefix even after the attack ends. You must manually withdraw the prefix to stop Magic Transit. Refer to [Configure dynamic advertisement](https://developers.cloudflare.com/byoip/concepts/dynamic-advertisement/best-practices/#configure-dynamic-advertisement) to withdraw your prefixes. ## If Auto-Advertisement is enabled, and the threshold has been triggered, will the IP prefix show as advertised in the dashboard? Yes, the IP prefix will show as advertised under the [IP Prefixes tab](https://developers.cloudflare.com/byoip/concepts/dynamic-advertisement/best-practices/#configure-dynamic-advertisement). ## Does Auto-advertisement also work with BGP-controlled advertisements? No. Auto-advertisement only works with API-controlled advertisement, not BGP-controlled advertisement. ## In the API, Network Flow rules have a `bandwidth_threshold` data field. Does the value for this field refer to bytes transferred or current throughput? A [Network Flow rule](https://developers.cloudflare.com/api/resources/magic%5Fnetwork%5Fmonitoring/subresources/rules/methods/list/) threshold has two values: * `bandwidth_threshold` — the total ingress throughput on your network at any given moment, measured in bits per second. * `duration` — how long `bandwidth_threshold` must be exceeded before you receive an alert. For example, you create a Network Flow rule with the following parameters: ``` "bandwidth_threshold": 50000000 "duration": "1m0s" ``` With this rule, your network needs to receive a throughput greater than 50,000,000 bits per second (50 Megabits per second or Mbps) for 60 seconds. If both of these conditions are met, then Network Flow will send you an alert. ## My router's public IP address is different from the IP address of my network flow `agent-ip`. I cannot change my network flow `agent-ip`, and I am not seeing my router's traffic in Network Flow analytics Set your router's public IP address and network flow `agent-ip` to the same value. If you cannot change the `agent-ip`, register both your router's public IP and the `agent-ip` in the Network Flow [router configuration](https://developers.cloudflare.com/network-flow/get-started/). Registering both addresses prevents Network Flow from blocking traffic from unrecognized IPs. Your router's flow data appears under the `agent-ip`. ## What is the Network Flow data retention policy for NetFlow/sFlow received from customer's routers? All flow data is processed on Cloudflare's servers in the US. If you enable data sovereignty in Europe, you cannot use Network Flow. Cloudflare retains GraphQL analytics data for 90 days for enterprise customers and seven days for non-enterprise customers. Cloudflare also retains flow data for six hours for threshold crossing detection. ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/network-flow/","name":"Network Flow"}},{"@type":"ListItem","position":3,"item":{"@id":"/network-flow/faq/","name":"FAQ"}}]} ```