Magic Transit | Extending Cloudflare to all your networks

Network DDoS protection with :Network analytics,IP firewall,Traffic acceleration:

When organizations need to protect their networks, IT departments typically turn to legacy hardware boxes or cloud ‘scrubbing’ providers. But traditional solutions just aren’t designed to fulfill the Internet’s basic needs: security, performance, and reliability.

Introducing Magic Transit.

Magic Transit delivers network functions at Cloudflare scale— that’s DDoS protection, traffic acceleration, and much more from every Cloudflare data center— for on-premise, cloud-hosted, and hybrid networks.

Network DDoS protection you'll love. We'll prove it.

Replace your legacy provider with Magic Transit and pay nothing until your current contract expires.^*

Learn more

Move your network perimeter hardware to the cloud

Provision virtual network functions on the fly: DDoS protection with over 37 Tbps of network capacity and near-instant mitigation, next-gen firewall, traffic acceleration, and much more.

Connect to the Cloudflare global network

Our security, performance, and reliability functions are delivered from a physical presence in 200 cities across over 95 countries. This means threats are mitigated close to where they originate, not in your data center.

Drive down your Total Cost of Ownership (TCO)

Get operational agility with reduced capital expenditure. Replace on-premise hardware with network functions delivered and billed as a service.

Thomson Reuters operates on-premise and cloud networks around the world. I’m excited about Cloudflare Magic Transit — the potential to unify our IP transit, DDoS mitigation, and traffic steering solutions into something we can manage with a single pane of glass will be game-changing. Cloudflare continues to impress me with its network’s scale, in terms of geography, capacity, and product breadth.

Jesse Haraldson
Principal Software Architect

The next step in infrastructure architecture

Cloudflare Magic Transit protects entire IP subnets from DDoS attacks, while also accelerating network traffic. It uses Cloudflare’s global network to mitigate attacks, employing two fundamental networking protocols, BGP and GRE, for routing and encapsulation.

All your network assets, whether on-premise or in private or public hosted cloud environments are safeguarded.

Connect

Using Border Gateway Protocol (BGP) route announcements to the Internet, and Cloudflare’s anycast network, customer traffic is ingested at a Cloudflare data center closest to the source.

Protect and Process

All customer traffic is inspected for attacks. Advanced and automated mitigation techniques can be applied immediately upon detecting an attack. Additional functions such as, load balancing, next-gen firewall, content caching and serverless compute are also delivered as a service.

Accelerate

Clean traffic is routed over Cloudflare’s network for optimal latency and throughput and can be handed-off over GRE tunnels, private network interconnects (PNI) or other forms or peering to the origin network.

The Cloudflare global network

Cloudflare delivers DDoS mitigation using our entire network. This network has a capacity of over 37 Tbps and spans more than 200 cities in 95 countries. Our network allows us to be within 100ms of 93% of the Internet-connected population globally. This is especially important for latency-sensitive applications such as Voice over IP (VoIP) and custom gaming protocols.

Ultra-low Time to Mitigate (TTM)

With a heritage in DDoS mitigation and a vast library of known attacks, malicious traffic is identified at a Cloudflare data center closest to the source within seconds. Automatic mitigation techniques are applied immediately and most malicious traffic is blocked in less than 10 seconds.

Pick your network function

Cloudflare Magic Transit comes integrated with our best-in-class network firewall, allowing you to configure granular allow/deny rules for IP ranges and propagate changes in seconds. Want application level firewalling? Configure optional TLS termination and start inspecting payloads. Want a load balancer? You got it. Want to write a serverless Cloudflare Worker to modify traffic on the fly? You can do that, too.

Magic Transit comes natively integrated with all of Cloudflare’s L4 and L7 products.

MRK 9376 CF Magic Transit Speedometer v02 FINAL

Traffic acceleration

More than 1 billion unique IP addresses pass through Cloudflare’s network every day. With every bit we move, our network gets smarter and faster.

When integrated with Argo Smart Routing, Cloudflare Magic Transit will deliver clean traffic back to your network using the fastest, most reliable links in real-time.

Key Features

Over 37 Tbps of network capacity

Mitigate most attacks in under 10 seconds

Sub-second threat detection

Integrate via BGP routing and GRE encapsulation

Native integration with L7 services (CDN, WAF, Bot Management, etc.)

Always-on and on-demand options

Support for all IP services (TCP, UDP, IPSec, VoIP, custom protocols)

Advanced analytics

As the lines between corporate infrastructure and cloud services continue to converge, Cloudflare's modern approach to protecting infrastructure is a much-needed solution for the industry. The ability for Magic Transit to leverage the power and scale of cloud services to protect infrastructure, while maintaining per IP configuration and optionality, all while routing traffic performantly across Cloudflare's global network, makes it a no-brainer.