Cloudflare Docs
Magic WAN
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Configure static routes

Magic WAN uses a static configuration to route your traffic through anycast tunnels from Cloudflare’s global network to your locations.

You must assign a route priority to each tunnel–subnet pair in your configuration, as follows:

  • Lower values have greater priority.
  • When the priority values for prefix entries match, Cloudflare uses equal-cost multi-path (ECMP) packet forwarding to route traffic. The maximum number of routes you can have with the same priority is 64. For more on how Cloudflare uses ECMP packet forwarding, refer to Traffic steering.

You can also create and edit static routes using the Magic Static Routes API.

​​ Edge routing configuration example

PrefixNextHopPriority
10.10.10.100/24TUNNEL_1_IAD100
10.10.10.100/24TUNNEL_2_IAD100
10.10.10.100/24TUNNEL_3_ATL100
10.10.10.100/24TUNNEL_4_ATL100
10.10.10.100/24TUNNEL_1_IAD200
10.10.10.100/24TUNNEL_2_IAD200
10.10.10.100/24TUNNEL_3_ATL100
10.10.10.100/24TUNNEL_4_ATL100

Optionally, weights can also be added to better distribute traffic amongst multiple tunnels. In the below example, TUNNEL_2_IAD is likely to receive twice as much traffic as TUNNEL_1_IAD.

PrefixNextHopPriorityWeight
10.10.10.100/24TUNNEL_1_IAD100100
10.10.10.100/24TUNNEL_2_IAD100200
10.10.10.100/24TUNNEL_3_ATL100300
10.10.10.100/24TUNNEL_4_ATL100400

​​ Scoped routes for anycast GRE or IPsec tunnels

To reduce latency for your anycast GRE or IPsec tunnel configurations, especially if you operate your own anycast network, Cloudflare can steer your traffic by scoping it to specific Cloudflare data center regions. Equal cost routes maintain an equal cost on a global scale so long as the routes are not scoped to specific regions. For example, if you use region-scoped routes, traffic from end users in New York will always land at their Ashburn network unless that tunnel is unhealthy.

When you scope static routes to specific regions, the routes will only exist in the specified regions, and traffic that lands outside the specified regions will not have anywhere to go.

To configure scoping for your traffic, you must provide static routes to Cloudflare with anycast GRE or IPsec tunnel data such that all Cloudflare regions have a route for your prefixes.

​​ Scoping configuration data example

PrefixNextHopPriorityRegion code
10.10.10.100/24TUNNEL_1_IAD100AFR
10.10.10.100/24TUNNEL_2_IAD100EEUR
10.10.10.100/24TUNNEL_3_ATL100ENAM
10.10.10.100/24TUNNEL_4_ATL100ME

Region codes and associated regions

Cloudflare has nine geographic regions across the world which are listed below.

Region codeRegion
AFRAfrica
APACAsia Pacific
EEUREastern Europe
ENAMEastern North America
MEMiddle East
OCOceania
SAMSouth America
WEURWestern Europe
WNAMWestern North America

Configure scoping for your traffic in the Region code section when adding or editing a static route. Refer to Create a static route and Edit a static route more information.

​​ Allowed IP ranges

By default, you can only add static routes with RFC 1918 IP prefixes like:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

When using Magic WAN and Cloudflare Tunnel together, remember to consider the IP ranges utilized in the static routes of Cloudflare Tunnel when selecting static routes for Magic WAN. For more information, refer to Cloudflare Tunnel.

If your use case requires IP prefixes outside RFC 1918, contact your Cloudflare customer service manager.

​​ ​​Create a static route

  1. Log in to the Cloudflare dashboard, and select your account.
  2. Go to Magic WAN > Configuration.
  3. From the Static Routes tab, select Create to add a new route.
  4. Enter a descriptive name for your route in Description.
  5. In Prefix, enter your range of IP addresses. For example, 10.10.10.100/24.
  6. In Tunnel/Next hop select which tunnel you want your route to go through. Choose from the tunnels you have created in Configure tunnel endpoints.
  7. Choose the Priority for your route. Lower numbers have higher priorities.
  8. (Optional) Choose a Weight for your route. Refer to Edge routing configuration example for examples.
  9. (Optional) If you need to scope your route to a specific region, you can do it in Region code.
  10. (Optional) We highly recommend testing your route before adding it by selecting Test routes.
  11. Select Add routes when you are done.

Create a POST request using the API to create one or more static routes.

Example:

curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/routes \
--header "X-Auth-Email: <EMAIL>" \
--header "X-Auth-Key: <API_KEY>" \
--header "Content-Type: application/json" \
--data '{
"routes": [
{
"description": "New route for new prefix",
"prefix": "<YOUR_IP_PREFIX>",
"nexthop": "<IP_NEXT_HOP>",
"priority": <PRIORITY>,
"scope": {
"colo_names": [
"<NAME_OF_CLOUDFLARE_SERVER>"
],
"colo_regions": [
"<NAME_OF_REGION>"
]
},
"weight": <WEIGHT>
}
]
}'

​​ ​​Edit a static route

  1. In Static routes, select Edit next to the route you want to modify.
  2. Enter the updated route information.
  3. (Optional) We highly recommend testing your route before adding it by selecting Test routes.
  4. Select Edit routes to save the new information when you are done.

Create a PUT request using the API to update one or more static routes.

Example:

curl --request PUT \
https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/routes \
--header "X-Auth-Email: <EMAIL>" \
--header "X-Auth-Key: <API_KEY>" \
--header "Content-Type: application/json" \
--data '{
"routes": [
{
"description": "New route for new prefix",
"nexthop": "<IP_NEXT_HOP>",
"prefix": "<YOUR_IP_PREFIX>",
"priority": <PRIORITY>,
"scope": {
"colo_names": [
"<NAME_OF_CLOUDFLARE_SERVER>"
],
"colo_regions": [
"<NAME_OF_REGION>"
]
},
"weight": <WEIGHT>
}
]
}'

​​ ​​Delete static route

  1. In Static routes, locate the static route you want to modify and select Delete.
  2. Confirm the action by selecting the checkbox and select Delete.

Create a DELETE request using the API to delete a static route.

Example:

curl --request DELETE \
https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/routes/{route_id} \
--header "X-Auth-Email: <EMAIL>" \
--header "X-Auth-Key: <API_KEY>"