Cloudflare IPs
To use Magic Transit, you need to own a publicly routable IP address block with a minimum size of /24. If you do not own a /24 address block, you can use Magic Transit with a Cloudflare-owned IP address. This option is helpful if you do not meet the /24 prefix length requirements or want to protect a smaller network.
To protect your network with a Cloudflare IP address, contact your account manager. After you receive your IP address:
- Create a tunnel.
- Set up static routes or BGP peering.
- Configure health checks.
- Confirm you properly configured tunnel and endpoint health checks.
- Update your infrastructure at your own pace to use the allocated Cloudflare IPs.
When you use a Cloudflare-owned IP space, you do not need a Letter of Agency (LOA). When using Cloudflare-leased IPs, Cloudflare automatically enables Magic Transit Egress, which routes your egress traffic to Cloudflare instead of the Internet. Set up policy-based routing on your end to ensure return traffic routes properly.
You can find your leased Anycast IPs for Magic Transit on the dashboard under IP addresses > Leased IPs ↗.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
