Configure static routes
Magic WAN uses a static configuration to route your traffic through Generic Routing Encapsulation (GRE) tunnels from Cloudflare’s edge to your locations.
You must assign a route priority to each Anycast GRE or IPsec tunnel–subnet pair in your GRE configuration, as follows:
- Lower values have greater priority.
- When the priority values for prefix entries match — as illustrated by the 10.10.10.102/31 subnet in the example routing configuration (in bold) — Cloudflare uses equal-cost multi-path (ECMP) packet forwarding to route traffic.
For more on how Cloudflare uses ECMP packet forwarding, refer to Traffic steering .
For an example edge routing configuration, refer to the example below.Edge routing configuration example
Anycast GRE or IPsec tunnel Subnet Priority GRE_1_IAD 10.10.10.102/31 100 GRE_2_IAD 10.10.10.102/31 100 GRE_3_ATL 10.10.10.102/31 100 GRE_4_ATL 10.10.10.102/31 100 GRE_1_IAD 10.10.10.108/31 200 GRE_2_IAD 10.10.10.108/31 200 GRE_3_ATL 10.10.10.108/31 100 GRE_4_ATL 10.10.10.108/31 100
Create a static route
- Log in to your Cloudflare dashboard and select Magic WAN.
- Next to Manage Magic WAN configuration, click Configure.
- Click the Static Routes tab and click Create to add a new route.
- Enter the information for your route.
- (Optional) We highly recommend testing your route before adding it by clicking Test routes.
- If your test was successful, click Add routes when you are done.
Edit a static route
- After navigating to the Edit static routes page, click Edit next to the route you want to modify.
- (Optional) We highly recommend testing your route before adding it by clicking Test routes.
- Enter the updated route information and click Edit routes when you are done.
Delete static route
- From Static Routes, locate the static route you want to modify and click Delete.
- Confirm the action by selecting the checkbox and clicking Delete.
Scoped routes for Anycast GRE or IPsec tunnels
To reduce latency for your Anycast GRE or IPsec tunnel configurations, especially if you operate your own Anycast network, Cloudflare can steer your traffic by scoping it to specific Cloudflare data center regions. Equal cost routes maintain an equal cost on a global scale so long as the routes are not scoped to specific regions. For example, if you use region-scoped routes, traffic from end users in New York will always land at their Ashburn network unless that tunnel is unhealthy.
When you scope static routes to specific regions, the routes will only exist in the specified regions, and traffic that lands outside the specified regions will not have anywhere to go.
To configure scoping for your traffic, you must provide Cloudflare with Anycast GRE or IPsec tunnel data for each Cloudflare region.Scoping configuration data example
GRE tunnel Region code GRE_1_IAD AFR GRE_2_IAD EEUR GRE_3_ATL ENAM GRE_4_ATL ME
Cloudflare has nine geographic regions across the world which are listed below.Region codes and associated regions
Region Code Region AFR Africa APAC Asia Pacific EEUR Eastern Europe ENAM Eastern North America ME Middle East OC Oceania SAM South America WEUR Western Europe WNAM Western North America