Cloudflare Docs
Magic Transit
Visit Magic Transit on GitHub
Set theme to dark (⇧+D)

Configure static routes

Magic Transit uses a static configuration to route your traffic through Anycast tunnels from Cloudflare’s global network to your data centers.

You must assign a route priority to each Anycast tunnel–subnet pair in your GRE configuration using the following guidelines:

  • Lower values have greater priority.
  • When the priority values for prefix entries match, Cloudflare uses equal-cost multi-path (ECMP) packet forwarding to route traffic. You can refer to an example of this scenario with the 103.21.244.0/24 subnet in the edge routing configuration example below.

You can also create and edit static routes using Magic Transit Static Routes API.

Edge routing configuration example
TunnelSubnetPriority
TUNNEL_1_IAD103.21.244.0/24100
TUNNEL_2_IAD103.21.244.0/24100
TUNNEL_3_ATL103.21.244.0/24100
TUNNEL_4_ATL103.21.244.0/24100
TUNNEL_1_IAD103.21.245.0/24200
TUNNEL_2_IAD103.21.245.0/24200
TUNNEL_3_ATL103.21.245.0/24100
TUNNEL_4_ATL103.21.245.0/24100

For more on how Cloudflare uses ECMP packet forwarding, refer to Traffic steering.

​​ Map route prefixes smaller than /24

You must provide your prefixes and the tunnels that should be mapped to in order for Cloudflare to route your traffic from our global network to your data centers via Anycast tunnels. Use the table below as reference.

PrefixTunnel
103.21.244.0/29TUNNEL_1_IAD
103.21.244.8/29TUNNEL_2_ATL

The minimum advertising prefix is /24, but because Cloudflare uses Anycast tunnels as an outer wrapper for your traffic, we can route prefixes within that /24 to different tunnel end points.

For example, you can send x.x.x.0/29 to Datacenter 1 and x.x.x.8/29 to Datacenter 2. This is helpful when you operate in an environment with constrained IP resources.

​​ Scoped routes for Anycast GRE or IPsec tunnels

To reduce latency for your Anycast GRE or IPsec tunnel configurations, especially if you operate your own Anycast network, Cloudflare can steer your traffic by scoping it to specific Cloudflare data center regions. Equal cost routes maintain an equal cost on a global scale so long as the routes are not scoped to specific regions. For example, if you use region-scoped routes, traffic from end users in New York will always land at their Ashburn network unless that tunnel is unhealthy.

When you scope static routes to specific regions, the routes will only exist in the specified regions, and traffic that lands outside the specified regions will not have anywhere to go.

To configure scoping for your traffic, you must provide Cloudflare with Anycast GRE or IPsec tunnel data for each Cloudflare region.

Scoping configuration data example
TunnelRegion code
TUNNEL_1_IADAFR
TUNNEL_2_IADEEUR
TUNNEL_3_ATLENAM
TUNNEL_4_ATLME

Cloudflare has nine geographic regions across the world which are listed below.

Region codes and associated regions
Region codeRegion
AFRAfrica
APACAsia Pacific
EEUREastern Europe
ENAMEastern North America
MEMiddle East
OCOceania
SAMSouth America
WEURWestern Europe
WNAMWestern North America

Configure scoping for your traffic in the Region code section when adding or editing a static route. Refer to Create a static route or Edit a static route for more information on this.

​​ Create a static route

  1. Log in to your Cloudflare dashboard, and select your account.
  2. Select Magic Transit > Manage Magic Transit configuration > Configure.
  1. Select the Static Routes tab > Create to add a new route.
  2. Enter the information for your route.
  3. (Optional) We highly recommend testing your route before adding it by selecting Test routes.
  4. If your test was successful, select Add routes when you are done.

​​ Edit a static route

  1. After navigating to the Static routes tab, select Edit next to the route you want to modify.
  2. (Optional) We highly recommend testing your route before adding it by selecting Test routes.
  3. Enter the updated route information and select Edit routes when you are done.

​​ Delete static route

  1. From Static Routes, locate the static route you want to modify and select Delete.
  2. Confirm the action by selecting the checkbox and select Delete.