Configure static routes

Magic Transit uses a static configuration to route your traffic through Anycast tunnels from Cloudflare’s global network to your locations.

You must assign a route priority to each tunnel–subnet pair in your configuration, as follows:

• Lower values have greater priority.
• When the priority values for prefix entries match, Cloudflare uses equal-cost multi-path (ECMP) packet forwarding to route traffic. For more on how Cloudflare uses ECMP packet forwarding, refer to Traffic steering.

You can also create and edit static routes using the Magic Transit Static Routes API.

​​ Edge routing configuration example

Optionally, weights can also be added to better distribute traffic amongst multiple tunnels. In the below example, TUNNEL_2_IAD is likely to receive twice as much traffic as TUNNEL_1_IAD.

​​ ​​Map route prefixes smaller than /24

You must provide your prefixes and the tunnels that should be mapped to for Cloudflare to route your traffic from our global network to your data centers via Anycast tunnels. Use the table below as reference.

The minimum advertising prefix is /24, but because Cloudflare uses Anycast tunnels as an outer wrapper for your traffic, we can route prefixes within that /24 to different tunnel endpoints. For example, you can send x.x.x.0/29 to Data Center 1 and x.x.x.8/29 to Data Center 2. This is helpful when you operate in an environment with constrained IP resources.

​​ Scoped routes for Anycast GRE or IPsec tunnels

To reduce latency for your Anycast GRE or IPsec tunnel configurations, especially if you operate your own Anycast network, Cloudflare can steer your traffic by scoping it to specific Cloudflare data center regions. Equal cost routes maintain an equal cost on a global scale so long as the routes are not scoped to specific regions. For example, if you use region-scoped routes, traffic from end users in New York will always land at their Ashburn network unless that tunnel is unhealthy.

When you scope static routes to specific regions, the routes will only exist in the specified regions, and traffic that lands outside the specified regions will not have anywhere to go.

To configure scoping for your traffic, you must provide static routes to Cloudflare with Anycast GRE or IPsec tunnel data such that all Cloudflare regions have a route for your prefixes.

​​ Scoping configuration data example

Region codes and associated regions

Cloudflare has nine geographic regions across the world which are listed below.

Configure scoping for your traffic in the Region code section when adding or editing a static route. Refer to Create a static route and Edit a static route more information.

​​ ​​Create a static route

1. Log in to the Cloudflare dashboard Open external link , and select your account.
2. Go to Magic Transit > Configuration.
3. From the Static Routes tab, select Create to add a new route.
4. Enter a descriptive name for your route in Description.
5. In Prefix, enter your range of IP addresses. For example, 10.10.10.100/24.
6. In Tunnel/Next hop select which tunnel you want your route to go through. Choose from the tunnels you have created in Configure tunnel endpoints.
7. Choose the Priority for your route. Lower numbers have higher priorities.
8. (Optional) Choose a Weight for your route. Refer to Edge routing configuration example for examples.
9. (Optional) If you need to scope your route to a specific region, you can do it in Region code.
10. (Optional) We highly recommend testing your route before adding it by selecting Test routes.
11. Select Add routes when you are done.

​​ ​​Edit a static route

1. In Static routes, select Edit next to the route you want to modify.
2. Enter the updated route information.
3. (Optional) We highly recommend testing your route before adding it by selecting Test routes.
4. Select Edit routes to save the new information when you are done.

​​ ​​Delete static route

1. In Static routes, locate the static route you want to modify and select Delete.
2. Confirm the action by selecting the checkbox and select Delete.