Magic Transit health checks monitor network status and the health of specific network components. To monitor the health of a specific route, each Cloudflare edge server associated with your network sends a multicast “heartbeat” every few seconds to construct a list of live, peer IP addresses. This approach utilizes consistent hashing, and as a result, Magic Transit can consistently assign tunnels to servers in a way that is resilient to server failures and does not require extra coordination between servers beyond heartbeats.
Because Cloudflare sends probes asynchronously, origin routers typically receive several hundred per minute. This allows Magic Transit to detect failures almost immediately.
Magic Transit performs two types of health checks: endpoint health checks and tunnel health checks.
Endpoint health checks
Endpoint health checks evaluate connectivity from Cloudflare distributed data centers to your origin network. Designed to provide a broad picture of Internet health, endpoint probes flow over available tunnels and do not inform tunnel selection or steering logic.
Cloudflare edge servers issue endpoint health checks outside of customer network namespaces and typically target endpoints beyond the tunnel-terminating border router. Each server sends one endpoint health check every ten minutes.
Tunnel health checks
Tunnel health checks monitor the status of the Generic Routing Encapsulation (GRE) tunnels that route traffic from Cloudflare to your origin network. Magic Transit relies on health checks to steer traffic to the best available routes.