Skip to content

SYSTEM Cited by 7 sources

Cloudflare Radar

Cloudflare Radar (radar.cloudflare.com) is Cloudflare's public Internet observatory: an always-on telemetry platform that publishes per-AS, per-country, per-prefix Internet data derived from Cloudflare's global edge visibility — including traffic patterns, DNS query shapes, HTTP adoption, IPv6 posture, attack trends, and BGP routing anomalies.

What it exposes

Radar surfaces several classes of data for any ASN or prefix:

  • AS profile — connectivity (upstreams / peers / downstreams), country, organization, traffic share at the Cloudflare edge.
  • Routing anomaly pages — per-event pages for detected BGP events (e.g. route leaks, hijacks) naming the leaker AS, the origin AS, the prefixes involved, and the neighbor ASes they were leaked to / from.
  • Traffic, adoption, and attack trends — aggregate metrics at country / AS / network granularity.
  • Historical alerting feed — cumulative route-leak alerts per AS, enabling baseline frequency analysis (e.g. "AS8048 has had eleven Type-1 hairpin route-leak events since the beginning of December 2025").
  • Internet Quality — (radar.cloudflare.com/quality) per-AS, per-country rankings of CDN providers on connection time, aggregated via trimean over RUM samples collected from Cloudflare-branded error pages against Cloudflare, Amazon CloudFront, Google, Fastly, and Akamai. Substrate for Cloudflare's periodic network-performance update posts. See patterns/comparative-rum-benchmarking.
  • Adoption of AI agent standards (AI Insights) — (radar.cloudflare.com/ai-insights#adoption-of-ai-agent-standards) weekly-refreshed chart scanning 200,000 most-visited domains for presence of each of the standards isitagentready.com checks — robots.txt, Content Signals, markdown content negotiation, MCP Server Cards, API Catalog (RFC 9727), Web Bot Auth directory, Agent Skills index, OAuth Protected Resource Metadata. Substrate for score-driven standard-adoption telemetry — turns the Agent Readiness Score from a diagnostic tool into a public adoption dashboard.
  • Response Status Code Analysis (AI Insights) — (radar.cloudflare.com/ai-insights#response-status) launched 2026-04-17. Distribution of HTTP status codes across AI-crawler traffic at Cloudflare scale — filterable by individual status code or by response class (2xx / 3xx / 4xx / 5xx). Available aggregated across all AI crawlers and broken down per-bot on the bot directory pages. Representative numbers from the 2026-04-17 launch: aggregate ~74 % 2xx, ~13.7 % 4xx, ~11.3 % 3xx, ~1.2 % 5xx; GPTBot-specific ~83 % 2xx, ~10 % 4xx, ~5.1 % 3xx, ~2.2 % 5xx. Filterable by industry (Data Explorer) and by crawl purpose (Training / Search / Assistant). Exposed via the Cloudflare Radar API. Framing (Cloudflare 2026-04-17): "status codes are ultimately how the web communicates policy to crawlers" — the surface turns the policy-lane framing of patterns/response-status-as-content-policy into a public web-wide measurement. Wiki's canonical instance of Radar as crawler-response-policy measurement substrate, sibling to the standard-adoption and BGP-forensics roles.

Route-leak alerting pipeline

The wiki's canonical instance of Radar as a substrate is the BGP-forensics use case from the 2026-01-08 Venezuela post (see sources/2026-01-08-cloudflare-a-closer-look-at-a-bgp-anomaly-in-venezuela). The pipeline auto-classifies BGP events against RFC 7908 route-leak types, assigns them stable IDs (e.g. leak-462460), and exposes a per-AS history page. Operators and researchers can then evaluate an alleged BGP anomaly against the AS's own baseline rather than against a global uniform prior — the disambiguator between "targeted BGP attack" and "chronic routing hygiene issue."

Why it works

The architectural preconditions that let Radar act as an Internet observatory — rather than just a Cloudflare-product dashboard — are ambient to Cloudflare's substrate:

  • Cloudflare's edge spans hundreds of POPs and sees a large fraction of global DNS / HTTP flows, giving per-AS traffic visibility without instrumented sampling partners.
  • Cloudflare peers with a large fraction of the world's networks (tens of thousands of peering sessions), so its BGP view is close to the global routing table.
  • Cloudflare runs anycast DNS / CDN, so per-client AS attribution is high-quality.
  • Combining DNS-level, HTTP-level, and BGP-level views in one observatory lets events (e.g. a BGP withdrawal) be joined to their user-facing consequences (e.g. DNS query rate drop).

Seen in

  • sources/2026-01-08-cloudflare-a-closer-look-at-a-bgp-anomaly-in-venezuela — canonical instance of Radar as BGP-forensics substrate: the per-AS route-leak history page for AS8048 (radar.cloudflare.com/routing/as8048) shows eleven route-leak events since December 2025, letting Cloudflare disambiguate the 01-02 anomaly (narrative: attack tied to U.S. military action in Venezuela) from chronic loose- export-policy behaviour. The per-event page (leak-462460) names leaker (AS8048), prefixes, and neighbor ASes. BGPKIT monocle complements Radar with per-adjacency directional evidence from route-collector data.
  • sources/2025-07-16-cloudflare-1111-incident-on-july-14-2025 — Radar auto-flagged Tata Communications (AS4755) advertising 1.1.1.0/24 at 21:54 UTC during the outage; hijack was real but not the cause — it became visible only because Cloudflare had withdrawn its own advertisement. Radar provides the receipts both for "this is / isn't the cause" questions.
  • sources/2026-04-17-cloudflare-agents-week-network-performance-update — Radar's Internet Quality surface as the data substrate for Cloudflare's periodic network-performance update posts. The 40 % → 60 % "fastest in top 1,000 networks" shift (Sept → Dec 2025) and the 6 ms average gap to next-fastest provider are both computed from RUM-via-error-page comparative measurements aggregated with trimean of connection time against CloudFront / Google / Fastly / Akamai. First wiki instance of Radar as comparative-performance substrate (distinct from the BGP-forensics role).
  • sources/2026-04-17-cloudflare-introducing-the-agent-readiness-score-is-your-site-agent-ready — Radar's Adoption of AI agent standards surface on AI Insights — weekly scan of the top 200 k filtered domains for presence of each agent-readiness check. First wiki instance of Radar as standard-adoption-measurement substrate. Quantifies the current baseline: robots.txt 78 % / Content Signals 4 % / markdown content negotiation 3.9 % / MCP Server Cards + API Catalog combined < 15 sites in the entire dataset. Turns isitagentready from a diagnostic tool into a public adoption dashboard with a feedback loop (sites fix → next scan measures the delta).
  • sources/2026-04-17-cloudflare-redirects-for-ai-training-enforces-canonical-content — Radar's Response Status Code Analysis surface on AI Insights (and per-bot bot-directory pages) — aggregate + per-bot 2xx / 3xx / 4xx / 5xx distributions filterable by industry and crawl-purpose (Training / Search / Assistant). Aggregate representative: ~74 / 13.7 / 11.3 / 1.2 %; GPTBot representative: ~83 / 10 / 5.1 / 2.2 %. First wiki instance of Radar as crawler-response-policy measurement substrate — the 3xx slice is the visible adoption curve for Redirects for AI Training across the web; the 403 / 402 slices are visible adoption of WAF hard-block and pay-per-crawl policies.
  • sources/2026-04-28-cloudflare-q1-2026-internet-disruption-summary — Radar's quarterly Internet-disruption review shape (canonical in patterns/quarterly-internet-disruption-review). First wiki instance of Radar as a country-outage attribution substrate — per-country (radar.cloudflare.com/ug, /ir, /cu, /cg, /ua, /md, /py, /do, /pt, /gd, /gn, /gb, /vi, /us), per-AS (radar.cloudflare.com/as43754, /as31549, /as37451, /as46650, /as37461, /as13285, /as14434, /as6167, /as7303, /as27747, /as16814), and per-region (/traffic/709929, /706482, /703447, /3433955, /2267094, /2263478, /2740636, /7267902, /7267904) URLs are cited individually across the Q1 2026 review as evidence for each event. The Outage Center and Cloud Observatory are the two named surfaces on top of Radar that provide the curated and per-cloud-region views respectively. Canonical instances in this review: Uganda UIXP ~72 Gbps → ~1 Gbps; Iran IPv6-space collapse ~18% in two ASes (Asiatech 9.4% + RASANA 8.8%); AWS me-central-1
  • me-south-1 connection-failure elevation from kinetic strikes; Cuba ×3 national-grid collapses; WACS submarine-cable incident 82%-drop in Republic of Congo; Portugal Storm Kristin regional recovery curve. First wiki instance of Radar as substrate for kinetic-cloud-attack + political-shutdown-mechanism disambiguation (filtering vs route-withdrawal) + infrastructure-fragility trend monitoring.
  • sources/2026-05-27-cloudflare-irans-internet-is-partially-restored-cloudflare-radar-data-shows — Radar as shutdown-restoration measurement substrate: the May 26 2026 partial restoration of Iran's February 28 shutdown (87 days into the disruption) was confirmed by joining four Radar signals — bytes transferred (15× prior week), 1.1.1.1 DNS query rate, per-ASN breakdown across TCI / IranCell / RighTel / MCCI, and per-region geolocation showing 91.6% Tehran concentration. The geographic-asymmetry signal was diagnostic: per-region selective recovery is only producible by filtering-based architectures, confirming the original mechanism diagnosis in the recovery direction. Diurnal pattern returned within hours, confirming organic user activity. Radar's (radar.cloudflare.com/ir) per-country page is the live drill-down. First wiki instance of Radar's per-region geolocation breakdown as mechanism-confirmation evidence in the recovery direction (sibling to the route-stays-up-traffic-drops shutdown- direction signature canonicalised in the Q1 review). Establishes the multi-month sustained shutdown envelope (87 days) as a distinct point on the duration spectrum beyond elections (hours-days) and protests (days-weeks).
Last updated · 542 distilled / 1,571 read