Cloudflare Docs
Magic Transit
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)


Review the definitions for terms used across Cloudflare’s Magic Transit documentation.

anycastAnycast is a network addressing and routing method in which incoming requests can be routed to a variety of different locations. Anycast typically routes incoming traffic to the nearest data center with the capacity to process the request efficiently.
data packetA data packet is a unit of data consisting of user and control information. Information in a network is broken down into packets, that might follow different paths to their final destination.
equal-cost multi-path routingA technique that uses hashes calculated from packet data to determine the route chosen.
GRE tunnelStands for generic routing encapsulation. It is a protocol wrapping one data packet within another type of data packet. This is useful for enabling protocols that are not normally supported by a network.
ICMPInternet Control Message Protocol (ICMP) is used by network devices to send error messages and other operational information. ICMP is useful for diagnostic purposes, for example.
Internet key exchange (IKE)The protocol Cloudflare uses to create the IPsec tunnel between Magic WAN and the customer’s device.
IPsec tunnelStands for Internet Protocol secure. It is a group of protocols for securing connections between devices, by encrypting IP packets.
letter of agencySometimes referred to as a Letter of Authorization. A document that authorizes Cloudflare to advertise your prefixes. This is required so transit providers can accept the routes Cloudflare advertises on your behalf.
maximum segment size (MSS)MSS limits the size of packets, or small chunks of data, that travel across a network, such as the Internet.
on-rampRefers to a way of connecting a business network to Cloudflare. Examples of on-ramps, or ways to connect to Cloudflare, are Anycast GRE tunnels, Anycast IPsec tunnels, Cloudflare Network Interconnect (CNI), Cloudflare Tunnel, and WARP.
policy-based routingPolicy-based routing (PBR) is a technique used to make routing decisions based on policies set by your administrador.

A number that identifies the network portion of an IP address. It tells devices if an IP address is on the same network or not. It is shown as a number after a slash (for example, /31) at the end of the IP address.

Using an analogy, the prefix is like a street address. If an IP is in the same street, it belongs to the same network of devices.

static routeA fixed configuration to route traffic through Anycast tunnels from Cloudflare global network to the customer’s locations.
subnetAlso known as subnetwork. It refers to a network that is part of another network.
traffic steeringCloudflare evaluates your route’s health and steers traffic according to priorities defined by you and / or tunnel health.
tunnel health-checkA probe sent by Cloudflare to check for tunnel health. If a tunnel is not considered healthy, Cloudflare reroutes traffic to one that is considered healthy.