Configure routes
Magic Transit uses a static configuration to route your traffic through anycast tunnels from Cloudflare's global network to your locations.
You must assign a route priority to each tunnel-subnet pair in your configuration, as follows:
- Lower values have greater priority.
- When the priority values for prefix entries match, Cloudflare uses equal-cost multi-path (ECMP) packet forwarding to route traffic. For more on how Cloudflare uses ECMP packet forwarding, refer to Traffic steering.
You can also create and edit static routes using the Magic Static Routes API.
| Prefix | NextHop | Priority |
|---|---|---|
10.10.10.100/24 | TUNNEL_1_IAD | 100 |
10.10.10.100/24 | TUNNEL_2_IAD | 100 |
10.10.10.100/24 | TUNNEL_3_ATL | 100 |
10.10.10.100/24 | TUNNEL_4_ATL | 100 |
10.10.10.100/24 | TUNNEL_1_IAD | 200 |
10.10.10.100/24 | TUNNEL_2_IAD | 200 |
10.10.10.100/24 | TUNNEL_3_ATL | 100 |
10.10.10.100/24 | TUNNEL_4_ATL | 100 |
Optionally, you can assign weights to distribute traffic more effectively among multiple tunnels. The weight values determine the proportion of traffic directed to each tunnel, with higher weights resulting in a greater share of traffic. The maximum weight value is 256.
In the example below, TUNNEL_2_IAD is likely to receive twice as much traffic as TUNNEL_1_IAD.
| Prefix | NextHop | Priority | Weight |
|---|---|---|---|
10.10.10.100/24 | TUNNEL_1_IAD | 100 | 64 |
10.10.10.100/24 | TUNNEL_2_IAD | 100 | 128 |
10.10.10.100/24 | TUNNEL_3_ATL | 100 | 192 |
10.10.10.100/24 | TUNNEL_4_ATL | 100 | 255 |
You must provide your prefixes and the tunnels that should be mapped to for Cloudflare to route your traffic from our global network to your data centers via anycast tunnels. Use the table below as reference.
| Prefix | NextHop |
|---|---|
103.21.244.0/29 |
TUNNEL_1_IAD |
103.21.244.8/29 |
TUNNEL_2_ATL |
The minimum advertising prefix is /24, but because Cloudflare uses anycast tunnels as an outer wrapper for your traffic, we can route prefixes within that /24 to different tunnel endpoints. For example, you can send x.x.x.0/29 to Data Center 1 and x.x.x.8/29 to Data Center 2. This is helpful when you operate in an environment with constrained IP resources.
If you have multiple onboarded /24 subnets that belong to a larger contiguous block, you can configure a summary static route for the corresponding supernet (like a /23 or a /22) instead of adding each /24 individually. This eliminates the need to configure each /24 route individually, as all traffic will be routed through the same GRE tunnels.
For example, if you have two tunnels:
192.0.2.0/24192.0.3.0/24
You can summarize these into a single 192.0.2.0/23.
Refer to Add tunnels to learn more about configuring GRE tunnels.
To reduce latency for your anycast GRE or IPsec tunnel configurations, especially if you operate your own anycast network, Cloudflare can steer your traffic by scoping it to specific Cloudflare data center regions. Equal cost routes maintain an equal cost on a global scale so long as the routes are not scoped to specific regions. For example, if you use region-scoped routes, traffic from end users in New York will always land at their Ashburn network unless that tunnel is unhealthy.
When you scope static routes to specific regions, the routes will only exist in the specified regions, and traffic that lands outside the specified regions will not have anywhere to go.
To configure scoping for your traffic, you must provide static routes to Cloudflare with anycast GRE or IPsec tunnel data such that all Cloudflare regions have a route for your prefixes.
| Prefix | NextHop | Priority | Region code |
|---|---|---|---|
10.10.10.100/24 | TUNNEL_1_IAD | 100 | AFR |
10.10.10.100/24 | TUNNEL_2_IAD | 100 | EEUR |
10.10.10.100/24 | TUNNEL_3_ATL | 100 | ENAM |
10.10.10.100/24 | TUNNEL_4_ATL | 100 | ME |
Region codes and associated regions
Cloudflare has nine geographic regions across the world which are listed below.
| Region code | Region |
|---|---|
| AFR | Africa |
| APAC | Asia Pacific |
| EEUR | Eastern Europe |
| ENAM | Eastern North America |
| ME | Middle East |
| OC | Oceania |
| SAM | South America |
| WEUR | Western Europe |
| WNAM | Western North America |
Configure scoping for your traffic in the Region code section when adding or editing a static route. Refer to Create a static route and Edit a static route more information.
Allowed IP ranges for static routes are:
- Cloudflare leased IPs assigned to your account
- BYOIP prefixes. For BYOIP, you have the option to use them as-is, or to create a summary route to cover all your onboarded prefixes.
- Log in to the Cloudflare dashboard ↗, and select your account.
- Go to Magic Transit > Configuration.
- From the Routes tab, select Create to add a new route.
- Enter a descriptive name for your route in Description.
- In Prefix, enter your range of IP addresses. For example,
10.10.10.100/24. - In Tunnel/Next hop select which tunnel you want your route to go through. Choose from the tunnels you have created in Configure tunnel endpoints.
- Choose the Priority for your route. Lower numbers have higher priorities.
- (Optional) Choose a Weight for your route. Refer to Edge routing configuration example for examples.
- (Optional) If you need to scope your route to a specific region, you can do it in Region code.
- (Optional) We highly recommend testing your route before adding it by selecting Test routes.
- Select Add routes when you are done.
Create a POST request using the API to create one or more static routes.
Example:
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/routes \--header "X-Auth-Email: <EMAIL>" \--header "X-Auth-Key: <API_KEY>" \--header "Content-Type: application/json" \--data '{ "routes": [ { "description": "New route for new prefix", "prefix": "<YOUR_IP_PREFIX>", "nexthop": "<IP_NEXT_HOP>", "priority": <PRIORITY>, "scope": { "colo_names": [ "<NAME_OF_CLOUDFLARE_SERVER>" ], "colo_regions": [ "<NAME_OF_REGION>" ] }, "weight": <WEIGHT> } ]}'- In Routes, select Edit next to the route you want to modify.
- Enter the updated route information.
- (Optional) We highly recommend testing your route before adding it by selecting Test routes.
- Select Edit routes to save the new information when you are done.
Create a PUT request using the API to update one or more static routes.
Example:
curl --request PUT \https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/routes \--header "X-Auth-Email: <EMAIL>" \--header "X-Auth-Key: <API_KEY>" \--header "Content-Type: application/json" \--data '{ "routes": [ { "description": "New route for new prefix", "nexthop": "<IP_NEXT_HOP>", "prefix": "<YOUR_IP_PREFIX>", "priority": <PRIORITY>, "scope": { "colo_names": [ "<NAME_OF_CLOUDFLARE_SERVER>" ], "colo_regions": [ "<NAME_OF_REGION>" ] }, "weight": <WEIGHT> } ]}'- In Routes, locate the static route you want to modify and select Delete.
- Confirm the action by selecting the checkbox and select Delete.
Create a DELETE request using the API to delete a static route.
Example:
curl --request DELETE \https://api.cloudflare.com/client/v4/accounts/{account_id}/magic/routes/{route_id} \--header "X-Auth-Email: <EMAIL>" \--header "X-Auth-Key: <API_KEY>"Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark