What is Magic Transit?

Cloudflare's DDoS protection solution for network infrastructure

  • Protects entire IP subnets (not just web traffic)
  • Uses GRE or IPsec tunnels to route traffic through Cloudflare's edge

Provides:

  • Layer 3/4 DDoS mitigation (Gatebot, DDoSD, Flowtrackd)
  • Magic Firewall for network policies
  • Advanced TCP Protection (ATP)
Key Concept: Customer traffic flows INTO Cloudflare via GRE tunnels, but egress can be direct (Direct Server Return) or back through Cloudflare (Edge Server Return). This is called Asymmetric Routing.

📖 View Glossary of Terms

← Previous
Jump to:
Next →