Magic Transit

Unmatched, hardware-free DDoS protection for customer networks

Protect public-facing subnets using the Cloudflare global network, without the slowdowns of routing network traffic to scrubbing centers or capacity limitations of hardware boxes. With 405 Tbps of network capacity, 23x greater than the largest DDoS attacks ever recorded, Cloudflare can mitigate attacks of any size.

Get product brief

Benefits of Magic Transit

DDoS protection at massive scale

No more backhauling traffic to DDoS scrubbing centers. Magic Transit uses Cloudflare's global network to absorb and filter attacks.

Ultra-low Time to Mitigate (TTM)

Malicious traffic is identified and blocked at a Cloudflare data center closest to the source, usually within three seconds.

Reduce your TCO

Replace expensive hardware and increase operational agility with network functions delivered and billed as a service.

HOW IT WORKS

On-premises and hybrid infrastructure protected via our global network

Magic Transit delivers network protection from Cloudflare data centers. Using Border Gateway Protocol (BGP) route announcements, inbound traffic is ingested at the closest Cloudflare data center.

Clean traffic is routed rapidly over Cloudflare’s network and can be handed off over GRE tunnels, private network interconnects (PNI), or other forms of peering to the customer network.

Learn how Cloudflare protects network infrastructure, data centers, and public cloud services against DDoS attacks and other malicious traffic.

Get solution brief

ANALYST RECOGNITION

2023 Gartner® Peer Insights™ “Voice of the Customer”: DDoS Mitigation Solutions

Cloudflare was named a Customers’ Choice in the Gartner® Peer Insights™ “Voice of the Customer”: DDoS Mitigation Solutions.

Read report

What our customers are saying

“Cloudflare has reliable infrastructure and an extremely competent and responsive team. They are well-positioned to deflect even the largest of attacks.”

CTO — Wikimedia Foundation