Use Cloudflare Network Interconnect
Scope your configuration.
Cloudflare generates Letters of Authorization (LOAs) for your CNI cross-connects and sends them to your organization.
Order the cross-connects you want to use with CNI. You can use any of the following:
- Private network interconnects (PNI) - Available at any of our .
- Virtual private network interconnects (vPNI) - Allows you to easily connect with Cloudflare at any of our interconnection platform locations.
- Internet exchange point (IXP) interconnects - Allow you to establish a link with Cloudflare at any of the in which we participate.
Send Cloudflare confirmation after the cross-connects are set up.
Cloudflare provides the GRE IPs and BGP Peering info after onboarding the GRE tunnels in CNI links.
Work with Cloudflare to establish the BGP session for the PNI on both sides. This requires a BGP call and a ~2 hour maintenance window provided by the customer.
Configure the GRE tunnel over the PNI.
Cloudflare up-prefs the CNI connection and turns Magic Transit back on.
Each step can take 1–7 business days.
When working with Magic Transit and CNI, observe these guidelines:
Because Cloudflare Network Interconnect does not support 1500 byte packets, you must implement MSS clamping.
Set the MSS clamp size to 1332 bytes to accommodate the additional overhead from the Foo-over-UDP (FOU) protocol and IPv6. These are used to backhaul data from the colocation facility where traffic is ingested—close to the end user—to the facility with the CNI link.
Cloudflare Network Interconnect does not process outgoing traffic from your data centers. Egress traffic returns to end users through direct server return (DSR), not through Cloudflare. For this reason, CNI cannot replace your existing transit providers.