Cloudflare's Magic Products

Connectivity, security, and performance — all delivered as-a-service

Building and managing a patchwork of legacy enterprise connectivity architectures and networking hardware is untenable for today’s evolving traffic patterns.

Cloudflare delivers networking services to help enterprises connect, secure, and accelerate their corporate networks — without the cost and complexity of managing legacy network hardware.

Retire the castle-and-moat architecture for the network of the future

Corporate networking has become overly complicated. Network and IT teams that used to maintain straightforward “castle and moat” architectures are now responsible for much more: managing legacy WAN connectivity (such as MPLS), establishing secure remote access to workers, and stringing together a bunch of disparate networking hardware on-premises to satisfy basic security, performance, and reliability needs.

With Cloudflare, replace a patchwork of appliances and expensive, proprietary circuits with a single global network that provides built-in software-defined Zero-Trust functionality, DDoS mitigation, network firewalling, and traffic acceleration.

Magic WAN

Replace MPLS between branch offices & data centers

Build your own private Wide Area Network (WAN) over Cloudflare’s global network. Replace legacy WAN architectures, such as MPLS, with Cloudflare’s network, and get global connectivity with cloud-delivered security, performance, and control through one simple user interface — all as-a-service.

Learn more

Magic Transit

Protect your data centers and network infrastructure against DDoS attacks

BGP-based DDoS mitigation delivered from every server in every Cloudflare Point-of-Presence (PoP) ensures attacks of any size or kind are detected and mitigated automatically within seconds. Clean traffic is delivered over low-latency resilient Anycast GRE tunnels or direct connections to the customer data center.

Learn more

Magic Firewall

Enforce traffic inspection and filtering across your corporate network

Deploy unified policies across your entire organization — HQ, branch offices, remote users, and cloud-hosted applications. Fine-grained policies controlling what traffic is allowed in and out of your corporate network are propagated and deployed under 500 ms globally — all from one programmable interface.

Learn more

Network Interconnect

Directly connect your on-prem networks to Cloudflare's network

Cloudflare has a physical presence in 200 cities across 100 countries and interconnects with over 9,500 networks globally, including major ISPs and cloud services. With our highly-connected network, there’s a good chance we’re colocated with your organization in at least one peering facility.

Using Cloudflare Network Interconnect, establish a direct connection to Cloudflare's network — for a more reliable and secure experience than connecting over the public Internet.

Learn more

Baking resilience into our network using Anycast

Cloudflare’s Magic products use Anycast IP addresses for network tunnel endpoints — so a single tunnel configured from your network to Cloudflare connects to 200 global PoPs. This doesn’t cause any additional strain on your router; from your router’s perspective, it’s a single tunnel to a single IP address.

This works because while the tunnel endpoint is technically bound to an IP address, it need not be bound to a specific device. Any device that can strip off the outer headers and then route the inner packet can handle any packet sent over the tunnel.

In the event of a network outage or other issues, tunnels fail over automatically — with no impact to your network performance.

Networking with unparalleled scale, speed, and smarts

Cloudflare’s network is like a fractal — all security, performance, and reliability functions run on every single server on every rack in every Cloudflare Point-of-Presence (PoP) that today spans 200 cities across 100 countries.

Running the full stack of all Cloudflare services ensures all customer traffic is processed at the same Cloudflare data center that is closest to its source — whether for application layer services such as content caching or for network services such as firewalling.

Trusted by approximately 25 million Internet properties