Magic Transit | Extending Cloudflare to On-Prem Networks

Network Transit with :DDoS protection,IP firewall,Traffic acceleration:

Cloudflare protects and accelerates over 20 million Internet properties. Extend the same benefits and more to your on-premise and data center networks.

Introducing Cloudflare Magic Transit.

Magic Transit is a software-defined networking product that offers IP transit with DDoS protection, next-gen firewall, traffic acceleration and more for your on-premise and data center networks from a single, easy-to-use interface.

Move your network perimeter hardware to the cloud

Provision virtual network functions on the fly: DDoS protection with over 30 Tbps of network capacity and near-instant mitigation, next-gen firewall, traffic acceleration, and much more.

Connect to the Cloudflare global network

Our security, performance, and reliability functions are delivered from a physical presence in over 193 cities across 90 countries. This means threats are mitigated close to where they originate, not in your data center.

Drive down your Total Cost of Ownership (TCO)

Get operational agility with reduced capital expenditure. Replace on-premise hardware with network functions delivered and billed as a service.

Thomson Reuters operates on-premise and cloud networks around the world. I’m excited about Cloudflare Magic Transit — the potential to unify our IP transit, DDoS mitigation, and traffic steering solutions into something we can manage with a single pane of glass will be game-changing. Cloudflare continues to impress me with its network’s scale, in terms of geography, capacity, and product breadth.

Jesse Haraldson
Principal Software Architect

The next step in infrastructure architecture

Cloudflare Magic Transit protects entire IP subnets from DDoS attacks, while also accelerating network traffic. It uses Cloudflare’s global network to mitigate attacks, employing two fundamental networking protocols, BGP and GRE, for routing and encapsulation.

All your network assets, whether on-premise or in private or public hosted cloud environments are safeguarded.

Connect

Using Border Gateway Protocol (BGP) route announcements to the Internet, and Cloudflare’s anycast network, customer traffic is ingested at a Cloudflare data center closest to the source.

Protect and Process

All customer traffic is inspected for attacks. Advanced and automated mitigation techniques can be applied immediately upon detecting an attack. Additional functions such as, load balancing, next-gen firewall, content caching and serverless compute are also delivered as a service.

Accelerate

Clean traffic is routed over Cloudflare’s network for optimal latency and throughput and can be handed-off over GRE tunnels, private network interconnects (PNI) or other forms or peering to the origin network.

The Cloudflare global network

Cloudflare delivers DDoS mitigation using our entire network. This network has a capacity of over 30 Tbps and spans more than 193 cities in 90 countries. Our network allows us to be within 100ms of 93% of the Internet-connected population globally. This is especially important for latency-sensitive applications such as Voice over IP (VoIP) and custom gaming protocols.

Ultra-low Time to Mitigate (TTM)

With a heritage in DDoS mitigation and a vast library of known attacks, malicious traffic is identified at a Cloudflare data center closest to the source within seconds. Automatic mitigation techniques are applied immediately and most malicious traffic is blocked in less than 10 seconds.

Pick your network function

Cloudflare Magic Transit comes integrated with our best-in-class network firewall, allowing you to configure granular allow/deny rules for IP ranges and propagate changes in seconds. Want application level firewalling? Configure optional TLS termination and start inspecting payloads. Want a load balancer? You got it. Want to write a serverless Cloudflare Worker to modify traffic on the fly? You can do that, too.

Magic Transit comes natively integrated with all of Cloudflare’s L4 and L7 products.

MRK 9376 CF Magic Transit Speedometer v02 FINAL

Traffic acceleration

More than 1 billion unique IP addresses pass through Cloudflare’s network every day. With every bit we move, our network gets smarter and faster.

When integrated with Argo Smart Routing, Cloudflare Magic Transit will deliver clean traffic back to your network using the fastest, most reliable links in real-time.

Key Features

Over 30 Tbps of network capacity

Mitigate most attacks in under 10 seconds

Sub-second threat detection

Integrate via BGP routing and GRE encapsulation

Native integration with L7 services (CDN, WAF, Bot Management, etc.)

Always-on and on-demand options

24x7 SOC

Support for all IP services (TCP, UDP, IPSec, VoIP, custom protocols)

Dashboard and API access

Advanced analytics

As the lines between corporate infrastructure and cloud services continue to converge, Cloudflare's modern approach to protecting infrastructure is a much-needed solution for the industry. The ability for Magic Transit to leverage the power and scale of cloud services to protect infrastructure, while maintaining per IP configuration and optionality, all while routing traffic performantly across Cloudflare's global network, makes it a no-brainer.