Magic Transit
L3 DDoS protection and WAN as a service
Magic Transit protects entire networks and IP prefixes against layer 3 DDoS attacks by routing traffic through Cloudflare's global network with over 280 Tbps of capacity. The system uses Anycast BGP to automatically redirect traffic to the nearest data center, where it is filtered and returned through a clean GRE or IPsec tunnel. WAN-as-a-service optimizes routing between company locations, eliminating the need for costly MPLS links. Attack mitigation occurs in less than 3 seconds without affecting legitimate traffic performance.
Enterprise-grade protection compliant with regulatory requirements and security standards
Fast deployment with minimal resource overhead
Dedicated support from a certified partner
Easy integration with your existing infrastructure
Key features
- Protection of entire IP prefixes (/24 and larger) against L3/L4 attacks
- Anycast BGP routing with automatic redirection during an attack
- GRE/IPsec tunnels for returning clean traffic to origin
- WAN as a service optimizing routing between locations
- Magic Firewall for network-level filtering with centralized policy
Business benefits
- Protection of the entire network infrastructure, not just individual applications
- Elimination of scrubbing center costs and dedicated DDoS hardware
- 50% reduction in WAN costs by eliminating expensive MPLS links
- Mitigation in less than 3 seconds without manual intervention
- Simplified network architecture through service consolidation
Why Cloudflare?
A global security and performance network handling a significant share of the world's internet traffic. Cloudflare offers DDoS protection, WAF, Zero Trust network access, secure DNS, and many other services, protecting applications, APIs, and infrastructure from threats.
Need Magic Transit in your organization?
As a certified Cloudflare partner, we'll help you deploy and configure the solution.