Cloudflare Magic Transit defends entire IP subnets against DDoS attacks while also improving network performance.

As part of our Server Management service, Bobcares responds to all inquiries, no matter how big or small.

Let’s look at Cloudflare Magic Transit in more detail.

Cloudflare Magic Transit

Magic Transit serves as the front door to the IP network, providing connectivity, security, and performance. It accepts IP packets destined for the network, processes them, and then sends them back to the origin infrastructure.

It inspects the traffic for attacks, filtered, steered, accelerated, and sent onward to the origin once it reaches Cloudflare’s network. Magic transit connects to the origin infrastructure over the Internet using Anycast Generic Routing Encapsulation (GRE) tunnels or via physical or virtual interconnect with Cloudflare Network Interconnect (CNI).

Users of Magic Transit have two implementation options: ingress traffic or ingress and egress traffic. Basically, users who use an egress implementation must enable policy-based routing (PBR) or ensure that their default routing sends traffic to Cloudflare via tunnels.

Deploying Magic Transit.

It’s easy to set up Magic Transit in front of their network:

1. With Acme’s permission, Cloudflare uses Border Gateway Protocol (BGP) to announce Acme’s 203.0.113.0/24 prefix from Cloudflare’s edge.
2. Cloudflare has started ingesting packets with the Acme IP prefix.
3. Magic Transit protects network traffic with DDoS mitigation and firewall rules. So, traffic that would benefit from HTTPS caching and WAF inspection can be “upgraded” to our Layer 7 HTTPS pipeline without incurring additional network hops after it is ingested by the Cloudflare network.
4. Acme would like Cloudflare to tunnel traffic from the Cloudflare Network back to Acme’s datacenter using Generic Routing Encapsulation (GRE). Anycast endpoints initiate GRE tunnels back to Acme’s premise. So, the tunnels are constantly and simultaneously connected to hundreds of network locations thanks to the magic of anycast, ensuring that they are highly available and resilient to network failures that would bring down traditional GRE tunnels.
5. Finally, over these GRE tunnels, Cloudflare egresses packets destined for Acme.

[Looking for a solution to another query? We are just a click away.]

Conclusion

To sum up, our Support team went over Cloudflare Magic Transit in greater depth.