Skip to content
Magic Transit
Visit Magic Transit on GitHub
Set theme to dark (⇧+D)

Assign tunnel routes

Magic Transit uses a static configuration to route your traffic through Generic Routing Encapsulation (GRE) tunnels from Cloudflare’s edge to your data centers.

You must assign a route priority to each GRE tunnel–subnet pair in your GRE configuration using the following guidelines:

  • Lower values have greater priority.
  • When the priority values for prefix entries match, Cloudflare uses equal-cost multi-path (ECMP) packet forwarding to route traffic. You can refer to an example of this scenario with the subnet in the edge routing configuration example below.
Edge routing configuration example
GRE tunnelSubnetPriority

For more on how Cloudflare uses ECMP packet forwarding, refer to Traffic steering.

Map route prefixes smaller than /24

You must provide your prefixes and the tunnels they should be mapped to in order for Cloudflare to route your traffic from the edge to your data centers via GRE tunnels. Use the table below as reference.

PrefixGRE Tunnel

The minimum advertising prefix is /24, but because Cloudflare uses GRE tunnels as an outer wrapper for your traffic, we can route prefixes within that /24 to different tunnel end points.

For example, you can send x.x.x.0/29 to Datacenter 1 and x.x.x.8/29 to Datacenter 2. This is helpful when you operate in an environment with constrained IP resources.

Static routes

Magic Transit uses the static routes you provide to route traffic through GRE tunnels. A route with a lower Priority value is used as the preferred route, and routes with the same priority value use equal-cost multi-path (ECMP) packet forwarding to route traffic.

You can also create and edit static routes using Magic Transit Static Routes API.

Create a static route

  1. Log in to your Cloudflare dashboard and select Magic Transit.
  2. Next to Static routes configuration, click Configure.
  3. On the Static Routes page, click Create to add a new route.
  4. Enter the information for your route.
  5. While optional, we highly recommend testing your route before adding it by clicking Test routes.
  6. If your test was successful, click Add routes when you are done.

Edit a static route

  1. After navigating to the Static routes configuration page, click Edit next to the route you want to modify.
  2. Enter the updated route information and click Edit routes when you are done.

Scoped routes for GRE tunnels

To reduce latency for your GRE tunnel configurations, especially if you operate your own Anycast network, Cloudflare can steer your traffic by scoping it to specific Cloudflare data center regions. Valid Cloudflare regions include AFR, APAC, EEUR, ENAM, ME, OC, SAM, WEUR, and WNAM.

To configure scoping for your traffic, you must provide Cloudflare with GRE tunnel data for each Cloudflare region.

Scoping configuration data example
GRE tunnelRegion code

Cloudflare has nine geographic regions across the world which are listed below.

Region codes and associated regions
Region codeRegion
APACAsia Pacific
EEUREastern Europe
ENAMEastern North America
MEMiddle East
SAMSouth America
WEURWestern Europe
WNAMWestern North America