Configure static routes
Magic Transit uses a static configuration to route your traffic through anycast tunnels from Cloudflare's global network to your locations.
You must assign a route priority to each tunnel-subnet pair in your configuration, as follows:
- Lower values have greater priority.
- When the priority values for prefix entries match, Cloudflare uses equal-cost multi-path (ECMP) packet forwarding to route traffic. For more on how Cloudflare uses ECMP packet forwarding, refer to Traffic steering.
You can also create and edit static routes using the Magic Static Routes API.
Prefix | NextHop | Priority |
---|---|---|
10.10.10.100/24 | TUNNEL_1_IAD | 100 |
10.10.10.100/24 | TUNNEL_2_IAD | 100 |
10.10.10.100/24 | TUNNEL_3_ATL | 100 |
10.10.10.100/24 | TUNNEL_4_ATL | 100 |
10.10.10.100/24 | TUNNEL_1_IAD | 200 |
10.10.10.100/24 | TUNNEL_2_IAD | 200 |
10.10.10.100/24 | TUNNEL_3_ATL | 100 |
10.10.10.100/24 | TUNNEL_4_ATL | 100 |
Optionally, weights can also be added to better distribute traffic amongst multiple tunnels. In the below example, TUNNEL_2_IAD
is likely to receive twice as much traffic as TUNNEL_1_IAD
.
Prefix | NextHop | Priority | Weight |
---|---|---|---|
10.10.10.100/24 | TUNNEL_1_IAD | 100 | 100 |
10.10.10.100/24 | TUNNEL_2_IAD | 100 | 200 |
10.10.10.100/24 | TUNNEL_3_ATL | 100 | 300 |
10.10.10.100/24 | TUNNEL_4_ATL | 100 | 400 |
You must provide your prefixes and the tunnels that should be mapped to for Cloudflare to route your traffic from our global network to your data centers via anycast tunnels. Use the table below as reference.
Prefix | NextHop |
---|---|
103.21.244.0/29 | TUNNEL_1_IAD |
103.21.244.8/29 | TUNNEL_2_ATL |
The minimum advertising prefix is /24
, but because Cloudflare uses anycast tunnels as an outer wrapper for your traffic, we can route prefixes within that /24
to different tunnel endpoints. For example, you can send x.x.x.0/29
to Data Center 1 and x.x.x.8/29
to Data Center 2. This is helpful when you operate in an environment with constrained IP resources.
To reduce latency for your anycast GRE or IPsec tunnel configurations, especially if you operate your own anycast network, Cloudflare can steer your traffic by scoping it to specific Cloudflare data center regions. Equal cost routes maintain an equal cost on a global scale so long as the routes are not scoped to specific regions. For example, if you use region-scoped routes, traffic from end users in New York will always land at their Ashburn network unless that tunnel is unhealthy.
When you scope static routes to specific regions, the routes will only exist in the specified regions, and traffic that lands outside the specified regions will not have anywhere to go.
To configure scoping for your traffic, you must provide static routes to Cloudflare with anycast GRE or IPsec tunnel data such that all Cloudflare regions have a route for your prefixes.
Prefix | NextHop | Priority | Region code |
---|---|---|---|
10.10.10.100/24 | TUNNEL_1_IAD | 100 | AFR |
10.10.10.100/24 | TUNNEL_2_IAD | 100 | EEUR |
10.10.10.100/24 | TUNNEL_3_ATL | 100 | ENAM |
10.10.10.100/24 | TUNNEL_4_ATL | 100 | ME |
Region codes and associated regions
Cloudflare has nine geographic regions across the world which are listed below.
Region code | Region |
---|---|
AFR | Africa |
APAC | Asia Pacific |
EEUR | Eastern Europe |
ENAM | Eastern North America |
ME | Middle East |
OC | Oceania |
SAM | South America |
WEUR | Western Europe |
WNAM | Western North America |
Configure scoping for your traffic in the Region code section when adding or editing a static route. Refer to Create a static route and Edit a static route more information.
By default, you can only add static routes with RFC 1918 ↗ IP prefixes like:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
If your use case requires IP prefixes outside RFC 1918, contact your Cloudflare customer service manager.
- Log in to the Cloudflare dashboard ↗, and select your account.
- Go to Magic Transit > Configuration.
- From the Static Routes tab, select Create to add a new route.
- Enter a descriptive name for your route in Description.
- In Prefix, enter your range of IP addresses. For example,
10.10.10.100/24
. - In Tunnel/Next hop select which tunnel you want your route to go through. Choose from the tunnels you have created in Configure tunnel endpoints.
- Choose the Priority for your route. Lower numbers have higher priorities.
- (Optional) Choose a Weight for your route. Refer to Edge routing configuration example for examples.
- (Optional) If you need to scope your route to a specific region, you can do it in Region code.
- (Optional) We highly recommend testing your route before adding it by selecting Test routes.
- Select Add routes when you are done.
Create a POST
request using the API to create one or more static routes.
Example:
- In Static routes, select Edit next to the route you want to modify.
- Enter the updated route information.
- (Optional) We highly recommend testing your route before adding it by selecting Test routes.
- Select Edit routes to save the new information when you are done.
Create a PUT
request using the API to update one or more static routes.
Example:
- In Static routes, locate the static route you want to modify and select Delete.
- Confirm the action by selecting the checkbox and select Delete.
Create a DELETE
request using the API to delete a static route.
Example: