The latest DDoS Threat Landscape report is out. Learn about the latest threats, trends, and how to defend against DDoS attacks. Get Report

Magic Transit

Extending Cloudflare to all your networks

When organizations need to protect their networks, IT departments typically turn to legacy hardware boxes or cloud ‘scrubbing’ providers. But traditional solutions just aren’t designed to fulfill the Internet’s basic needs: security, performance, and reliability.

Magic Transit is a network security solution that offers DDoS protection, traffic acceleration, and much more from every Cloudflare data center— for on-premise, cloud-hosted, and hybrid networks.

The next step in infrastructure architecture

Diagram of Cloudflare Magic Transit preventing a DDoS attack

Cloudflare Magic Transit protects entire IP subnets from DDoS attacks, while also accelerating network traffic. It uses Cloudflare’s global network to mitigate attacks, employing standards-based networking protocols, like BGP, GRE, and IPsec, for routing and encapsulation.

All your network assets, whether on-premise or in private or public hosted cloud environments are safeguarded.

Diagram of Cloudflare Magic Transit preventing a DDoS attack

The Cloudflare global network

Global map of Cloudflare Network Interconnect locations

Cloudflare delivers DDoS mitigation using our entire network. This network has a capacity of over 248 Tbps and spans more than 310 cities in 120 countries. Our network allows us to sit approximately 50 ms from about 95% of the Internet-connected population globally. This is especially important for latency-sensitive applications such as Voice over IP (VoIP) and custom gaming protocols.

Global map of Cloudflare Network Interconnect locations

Ultra-low Time to Mitigate (TTM)

Reliability time to mitigate spot illustration

With a heritage in DDoS mitigation and a vast library of known attacks, malicious traffic is identified at a Cloudflare data center closest to the source within seconds. Automatic mitigation techniques are applied immediately and most malicious traffic is blocked in less than 3 seconds.

Reliability time to mitigate spot illustration

Pick your network function

IP Firewall

Cloudflare Magic Transit comes integrated with our best-in-class network firewall, allowing you to configure granular allow/deny rules for IP ranges and propagate changes in seconds. Want application level firewalling? Configure optional TLS termination and start inspecting payloads. Want a load balancer? You got it. Want to write a serverless Cloudflare Worker to modify traffic on the fly? You can do that, too.

Magic Transit comes natively integrated with all of Cloudflare’s L4 and L7 products.

IP Firewall

Traffic acceleration

Performance acceleration spot illustration

Cloudflare's network serves 55 million HTTP requests per second on average. With every bit we move, the network gets smarter and faster.

When integrated with Argo Smart Routing, Cloudflare Magic Transit will deliver clean traffic back to your network using the fastest, most reliable links in real-time.

Performance acceleration spot illustration

Key Features

Over 248 Tbps of network capacity
Mitigate most attacks in under 3 seconds
Sub-second threat detection
Integrate via BGP routing and GRE encapsulation
Native integration with L7 services (CDN, WAF, Bot Management, etc.)
Always-on and on-demand options
Support for all IP services (TCP, UDP, IPSec, VoIP, custom protocols)
Advanced analytics
Advanced DNS Protection (DNS over UDP)

Forrester named Cloudflare a “Leader” in DDoS mitigation

Forrester Wave report on DDoS Mitigation Solutions

Cloudflare has been recognized as a Leader in the 2021 Forrester Wave™: DDoS Mitigation Solutions. Cloudflare achieved the highest scores across fifteen evaluation criteria, including:

  • Product vision
  • Performance
  • Speed of implementation
  • Response automation
  • Security operations centers
Read report
Forrester Wave report on DDoS Mitigation Solutions

Cloudflare network services

Cloudflare network service

Magic Transit is just one part of the Cloudflare network security and solutions family. Cloudflare offers built-in services — like DDoS mitigation, branch connectivity, software-defined Zero-Trust functionality, and network firewalling — on a single global network that replaces patchwork appliances. Connect, secure, and accelerate your corporate network with Cloudflare.

Explore network services and solutions
Cloudflare network service

Learn more about Magic Transit


Demo: Cloudflare network services

This video demo shows how to use Cloudflare's Magic Transit, Magic WAN, and Magic Firewall to stop DDoS attacks, establish security rules, and simplify connectivity between complex global networks.

Watch Video

Cloudflare Magic Transit protects networks while improving performance

In this paper, we present results of Catchpoint tests we’ve run over our network to quantify the impact of latency with Magic Transit. These test results demonstrate that network performance improved for the test customer when traffic was routed over Cloudflare Magic Transit.

Download PDF

Five questions to ask your DDoS mitigation provider

Selecting the right DDoS mitigation service is essential to protect your networks, applications, and users. Here are five questions to consider when evaluating providers.

Download PDF

Trusted by millions of Internet properties

Logo doordash trusted by gray
Logo garmin trusted by gray
Logo 23andme trusted by gray
Logo lending tree trusted by gray
NCR logo
Thomson Reuters logo
Logo zendesk trusted by gray