Cloudflare network services

Connectivity, security, and performance — all delivered as a service through Magic products

Building and managing a patchwork of legacy enterprise connectivity architectures and networking hardware is untenable for today’s evolving traffic patterns.

Cloudflare delivers networking services and solutions to help enterprises connect, secure, and accelerate their corporate networks — without the cost and complexity of managing legacy network hardware.

Magic WAN OG
zero trust castle spot illustration before

Embrace network transformation — retire the castle-and-moat architecture

Corporate networking has become overly complicated. Network and IT teams that used to maintain “castle-and-moat” architectures are now responsible for much more: managing legacy WAN connectivity (such as MPLS), establishing secure remote access, and stringing together disparate networking hardware on-premise to satisfy security, performance, and reliability needs.

With Cloudflare, replace a patchwork of appliances and expensive legacy circuits with a single global network that provides built-in, software-defined Zero Trust functionality, DDoS mitigation, firewall services, and traffic acceleration.

Magic WAN

Magic WAN

Build your own private wide area network (WAN) over our network. Replace legacy WAN architectures, such as MPLS, and get global connectivity with cloud-delivered security, performance, and control through one simple user interface — all as a service. Take advantage of Cloudflare One network security services natively without rerouting traffic through a central hub.

Our network team is excited by Magic WAN. Cloudflare has built a global network-as-a-service (NaaS) platform that will help network teams manage complex edge and multi-cloud environments much more efficiently. Operating a single global WAN with built-in security and fast routing functionality — regardless of the HQ, data center, branch office, or end user location — is a game-changer in WAN technology.
Sander Petersson
Head of Infrastructure
Magic Transit How it works

Magic Transit

BGP-based DDoS mitigation delivered from every server in every Cloudflare data center ensures attacks of any size and kind are detected and mitigated automatically within seconds. Clean traffic is delivered over low-latency resilient Anycast GRE tunnels or direct connections to the customer data center.

"Cloudflare has reliable infrastructure and an extremely competent and responsive team. They are well-positioned to deflect even the largest of attacks."
Grant Ingersoll
CTO
cloudflare magic firewall

Magic Firewall

Deploy unified network security policies across your entire organization — headquarters, branch offices, remote users, and cloud-hosted applications. Fine-grained policies controlling what traffic is allowed in and out of your corporate network are propagated and deployed under 500 ms globally — all from one programmable interface.

Network Interconnect

Network Interconnect

We have a physical presence in 250 cities across 100 countries and interconnect with over 10,000 networks globally, including major ISPs and cloud services. With our highly connected network, we are likely co-located with your organization in at least one peering facility.

Using Cloudflare Network Interconnect, establish a direct connection to our network — for a more reliable and secure experience than connecting over the public Internet.

"Cloudflare Network Interconnect’s high-performance private links enable us to effectively and efficiently serve the content delivery needs of our B2 Cloud Storage customers."
Tim Nufire
Chief Cloud Officer
Cloudflare Anycast Tunnels

Baking resilience into our network using Anycast

Our Magic products use Anycast IP addresses for network tunnel endpoints — so a single tunnel configured from your network to Cloudflare connects to 200 global data centers. This does not add strain on your router; from your router’s perspective, it is a single tunnel to a single IP address.

This works because while the tunnel endpoint is technically bound to an IP address, it need not be bound to a specific device. Any device that can strip off the outer headers and then route the inner packet can handle any packet sent over the tunnel.

In the event of a network outage or other issues, tunnels fail over automatically — with no impact to your network performance.

Cloudflare Network Fractal

Networking with unparalleled scale, speed, and smarts

The Cloudflare network is like a fractal — all security, performance, and reliability functions run on every single server on every rack in every Cloudflare data center that today spans 250 cities across 100 countries.

Running the full stack of all Cloudflare services ensures all customer traffic is processed at the same data center that is closest to its source — whether for application layer services such as content caching or network services such as firewalling.

Trusted by millions of Internet properties

logo mars gray 32px wrapper
logo loreal gray 32px wrapper
logo doordash gray 32px wrapper
logo garmin gray 32px wrapper
logo ibm gray 32px wrapper
logo 23andme color 32px wrapper
logo shopify color 32px wrapper
logo lending tree color 32px wrapper
logo labcorp color 32px wrapper
logo ncr gray 32px wrapper
logo thomson reuters gray 32px wrapper
logo zendesk gray 32px wrapper