In tracking down / trying to eliminate some abusive traffic spikes on our app, I discovered that New Relic and Cloudflare are assigning the same traffic different ASN values.
For example, New Relic may give traffic an AS value of 71, but the same traffic in Cloudflare is 16509. This makes it difficult to use New Relic info when setting up various Firewall Rules in Cloudflare.
Maybe worth noting that all of the IP lookups / geolocation databases I’ve checked the relevant IP addresses against agree with Cloudflare – not NR – about the expected ASN.
Has anyone else noticed this? Is there something I’m missing wrt how these values are assigned? Should I not be expecting them to match?
Any insight or experience would be appreciated!
Edit: I now have a new situation where New Relic isn’t even reporting ASN values for a good chunk of my traffic, but Cloudflare seems to know about it.