Cloudflare Docs
Magic Transit
Edit this page on GitHub
Set theme to dark (⇧+D)

Get started

Before you can begin using Magic Transit, be sure to complete the onboarding steps below. Cloudflare can significantly accelerate this timeline during active-attack scenarios.

​​ 1. Scope your configuration

The onboarding process begins with an initial kickoff call where Cloudflare engages with your organization to confirm the scope and timeline for setting up Magic Transit.

After your call with Cloudflare, complete the prerequisites.

​​ 2. Configure tunnels

Configure your tunnels to connect Cloudflare to your origin infrastructure.

​​ 3. Run pre-flight checks

After Cloudflare stages the tunnels, Cloudflare validates tunnel connectivity, Letter of Agency (LOA), Internet Routing Registry (IRR), and maximum segment size (MSS) configurations.

​​ 4. Advertise prefixes

Once Cloudflare’s pre-flight checks have passed and your account team verifies the date to complete the change, the process of onboarding your prefixes to Cloudflare’s global network network begins.

To configure our global network, Cloudflare routes traffic sourced from Cloudflare’s network and attracts traffic from the broader Internet by advertising your customer-owned prefixes.

You control the edge router advertisement, which dictates whether Cloudflare’s global network advertises your prefixes. Advertisement is activated at the go-live call, routing traffic via Cloudflare and the tunnels to your data centers.

If you are using a Cloudflare IP, you do not need to advertise your prefixes.

Duration: ~5 business days

​​ 5. Go live and announce prefixes

Once edge network configuration is complete, schedule a go-live call. During this call, you announce your prefixes from Cloudflare’s global network for the first time.