Configure static routes
Magic Transit uses a static configuration to route your traffic through Anycast tunnels from Cloudflare’s global network to your data centers.
You must assign a route priority to each Anycast tunnel–subnet pair in your GRE configuration using the following guidelines:
- Lower values have greater priority.
- When the priority values for prefix entries match, Cloudflare uses equal-cost multi-path (ECMP) packet forwarding to route traffic. You can refer to an example of this scenario with the
103.21.244.0/24subnet in the edge routing configuration example below.
You can also create and edit static routes using Magic Transit Static Routes API.Edge routing configuration example
Tunnel Subnet Priority TUNNEL_1_IAD 103.21.244.0/24100 TUNNEL_2_IAD 103.21.244.0/24100 TUNNEL_3_ATL 103.21.244.0/24100 TUNNEL_4_ATL 103.21.244.0/24100 TUNNEL_1_IAD 103.21.245.0/24200 TUNNEL_2_IAD 103.21.245.0/24200 TUNNEL_3_ATL 103.21.245.0/24100 TUNNEL_4_ATL 103.21.245.0/24100
For more on how Cloudflare uses ECMP packet forwarding, refer to Traffic steering.
Map route prefixes smaller than /24
You must provide your prefixes and the tunnels that should be mapped to in order for Cloudflare to route your traffic from our global network to your data centers via Anycast tunnels. Use the table below as reference.
| Prefix | Tunnel |
|---|---|
103.21.244.0/29 | TUNNEL_1_IAD |
103.21.244.8/29 | TUNNEL_2_ATL |
The minimum advertising prefix is /24, but because Cloudflare uses Anycast tunnels as an outer wrapper for your traffic, we can route prefixes within that /24 to different tunnel end points.
For example, you can send x.x.x.0/29 to Datacenter 1 and x.x.x.8/29 to Datacenter 2. This is helpful when you operate in an environment with constrained IP resources.
Scoped routes for Anycast GRE or IPsec tunnels
To reduce latency for your Anycast GRE or IPsec tunnel configurations, especially if you operate your own Anycast network, Cloudflare can steer your traffic by scoping it to specific Cloudflare data center regions. Equal cost routes maintain an equal cost on a global scale so long as the routes are not scoped to specific regions. For example, if you use region-scoped routes, traffic from end users in New York will always land at their Ashburn network unless that tunnel is unhealthy.
When you scope static routes to specific regions, the routes will only exist in the specified regions, and traffic that lands outside the specified regions will not have anywhere to go.
To configure scoping for your traffic, you must provide Cloudflare with Anycast GRE or IPsec tunnel data for each Cloudflare region.Scoping configuration data example
Tunnel Region code TUNNEL_1_IAD AFR TUNNEL_2_IAD EEUR TUNNEL_3_ATL ENAM TUNNEL_4_ATL ME
Cloudflare has nine geographic regions across the world which are listed below.Region codes and associated regions
Region code Region AFR Africa APAC Asia Pacific EEUR Eastern Europe ENAM Eastern North America ME Middle East OC Oceania SAM South America WEUR Western Europe WNAM Western North America
Configure scoping for your traffic in the Region code section when adding or editing a static route. Refer to Create a static route or Edit a static route for more information on this.
Create a static route
- Log in to your Cloudflare dashboard, and select your account.
- Select Magic Transit > Manage Magic Transit configuration > Configure.
- Select the Static Routes tab > Create to add a new route.
- Enter the information for your route.
- (Optional) We highly recommend testing your route before adding it by selecting Test routes.
- If your test was successful, select Add routes when you are done.
Edit a static route
- After navigating to the Static routes tab, select Edit next to the route you want to modify.
- (Optional) We highly recommend testing your route before adding it by selecting Test routes.
- Enter the updated route information and select Edit routes when you are done.
Delete static route
- From Static Routes, locate the static route you want to modify and select Delete.
- Confirm the action by selecting the checkbox and select Delete.