Skip to content
Magic Transit
Visit Magic Transit on GitHub
Set theme to dark (⇧+D)

Use Cloudflare Network Interconnect


When setting up Magic Transit to work with Cloudflare Network Interconnect (CNI), the onboarding process includes the following additional steps:

  1. Cloudflare generates Letters of Authorization (LOAs) for your CNI cross-connects and sends them to your organization.

  2. You order the cross-connects that you want to use with CNI. You can use any of the following:

  3. You send Cloudflare confirmation when the cross-connects are in place.

  4. Cloudflare makes routing configuration changes and validates BGP sessions and GRE tunnel routes.

Each of these steps can take 2–7 business days.

For more details on the CNI onboarding process, see Set up Cloudflare Network Interconnect: Onboarding.


When working with Magic Transit and CNI, observe these guidelines:

  • Cloudflare Network Interconnect does not support 1500 byte packets, so you still need to implement MSS clamping.

  • You must set the MSS clamp size to 1332 bytes to accommodate the additional overhead from the Foo-over-UDP (FOU) protocol and IPv6. These are used to backhaul data from the colocation facility where traffic is ingested (close to the end user) to the facility with the CNI link.

  • Cloudflare Network Interconnect does not process outgoing traffic from your data centers. Egress traffic returns to end users through direct server return (DSR), not through Cloudflare. For this reason, CNI is not a replacement for your existing transit providers.