Assign tunnel routes
You must assign a route priority to each GRE tunnel–subnet pair in your GRE configuration using the following guidelines:
- Lower values have greater priority.
- When the priority values for prefix entries match, Cloudflare uses equal-cost multi-path (ECMP) packet forwarding to route traffic. You can refer to an example of this scenario with the 220.127.116.11/24 subnet in the edge routing configuration example below.
Edge routing configuration example
Map route prefixes smaller than /24
You must provide your prefixes and the tunnels they should be mapped to in order for Cloudflare to route your traffic from the edge to your data centers via GRE tunnels. Use the table below as reference.
The minimum advertising prefix is /24, but because Cloudflare uses GRE tunnels as an outer wrapper for your traffic, we can route prefixes within that /24 to different tunnel end points.
For example, you can send
x.x.x.0/29 to Datacenter 1 and
x.x.x.8/29 to Datacenter 2. This is helpful when you operate in an environment with constrained IP resources.
Magic Transit uses the static routes you provide to route traffic through GRE tunnels. A route with a lower Priority value is used as the preferred route, and routes with the same priority value use equal-cost multi-path (ECMP) packet forwarding to route traffic.
Create a static route
- Log in to your and select Magic Transit.
- Next to Static routes configuration, click Configure.
- On the Static Routes page, click Create to add a new route.
- Enter the information for your route.
- While optional, we highly recommend testing your route before adding it by clicking Test routes.
- If your test was successful, click Add routes when you are done.
Edit a static route
- After navigating to the Static routes configuration page, click Edit next to the route you want to modify.
- Enter the updated route information and click Edit routes when you are done.
Scoped routes for GRE tunnels
To reduce latency for your GRE tunnel configurations, especially if you operate your own Anycast network, Cloudflare can steer your traffic by scoping it to specific Cloudflare data center regions. Valid Cloudflare regions include AFR, APAC, EEUR, ENAM, ME, OC, SAM, WEUR, and WNAM.
To configure scoping for your traffic, you must provide Cloudflare with GRE tunnel data for each Cloudflare region.
Scoping configuration data example
|GRE tunnel||Region code|
Cloudflare has nine geographic regions across the world which are listed below.
Region codes and associated regions
|ENAM||Eastern North America|
|WNAM||Western North America|