You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* added content explicitly to both columns
* added bgp info
* explicit how long to provision cni
* refined text
* lower cased title
* refined loa text
* lowercased titles
* refined text
* refined text
Copy file name to clipboardExpand all lines: src/content/docs/network-interconnect/get-started.mdx
+12-11Lines changed: 12 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -53,6 +53,7 @@ Consider the following service levels when planning your deployment:
53
53
-**Observability**: There is no visibility of the interconnect config/status within the Cloudflare dashboard.
54
54
-**Availability**: While network-resilient locations are designed to maintain connectivity during maintenance, single-homed locations can experience full service disruption.
55
55
-**Backup Connectivity**: You are required to maintain alternative Internet connectivity as a backup for all CNI implementations.
56
+
-**BGP**: Customers must have a BGP session established for Dataplane 1.0/1.1 to be operational.
56
57
57
58
## Location Alignment
58
59
@@ -66,7 +67,7 @@ Cloudflare partners with leading global providers, including: Console Connect, C
66
67
67
68
## End-to-End Implementation Workflow
68
69
69
-
The process of provisioning a CNI can take several weeks, depending on the complexity and third-party provider timelines. The most common delays occur during the physical connection phase, which is outside of Cloudflare's direct control.
70
+
The process of provisioning a CNI typically takes two to four weeks, depending on the complexity of implementation and third-party provider timelines. The most common delays occur during the physical connection phase, which is outside of Cloudflare's direct control.
70
71
71
72
1.**Submit Request**: Work with your account team to create a CNI request ticket, providing your desired CNI type, location, use case, and technical details. An Implementation Manager will be assigned to guide the process.
72
73
2.**Review Configuration**: The Implementation Manager will provide a detailed configuration document covering IP addressing, VLANs, and other technical specifications. You must review and approve this document.
@@ -79,7 +80,7 @@ The process of provisioning a CNI can take several weeks, depending on the compl
8. Enable tunnel health checks for Magic [Transit](/magic-transit/how-to/configure-tunnel-endpoints/#add-tunnels) / [WAN](/magic-wan/configuration/manually/how-to/configure-tunnel-endpoints/#add-tunnels).
81
82
82
-
## How-To Guides
83
+
## How-To guides
83
84
84
85
### How-To: Provision a Direct Interconnect
85
86
@@ -88,41 +89,41 @@ The process of provisioning a CNI can take several weeks, depending on the compl
88
89
- required port speeds (10G or 100G)
89
90
- BGP ASN for Peering/Magic Transit
90
91
- BGP password (optional)
91
-
2.**Order Cross-Connect**: Cloudflare will issue a Letter of Authorization (LOA). This document grants you permission to order a physical cross-connect between your equipment and a specific port on Cloudflare's hardware within the data center. This process can take one to two weeks or more, depending on the facility provider. Cloudflare's demarcation is the port that is specified in the LOA: you are responsible for the deployment, provisioning and ongoing support and operation of this connection and the commercial relationships with the facility provider and any third-party connectivity providers.
92
+
2.**Order Cross-Connect**: Cloudflare will issue a Letter of Authorization (LOA). This document grants you permission to order a physical cross-connect between your equipment and a specific port on Cloudflare's hardware within the data center. The end-to-end process for ordering a cross-connect can take one to two weeks or more, depending on the facility provider. Cloudflare's demarcation is the port that is specified in the LOA: you are responsible for the deployment, provisioning and ongoing support and operation of this connection, and the commercial relationships with the facility provider and any third-party connectivity providers.
92
93
93
94
### How-To: Provision a Partner Interconnect
94
95
95
96
Cloudflare partners with leading connectivity providers globally. To provision a Partner Interconnect, you will initiate a connection request from your chosen provider's administrative portal. Cloudflare will then review and accept the request to activate the virtual circuit.
96
97
97
-
### How-To: Configure BGP and Routing
98
+
### How-To: Configure BGP and routing
98
99
99
100
Once your physical cross-connect or virtual circuit is provisioned, the next phase is to configure IP routing using Border Gateway Protocol (BGP). This process typically takes about one week to complete.
100
101
101
-
#### Step 1: IP Address Provisioning
102
+
#### Step 1: IP Address provisioning
102
103
103
104
1. Cloudflare will send you a set of IPv4 and IPv6 addresses for your connection.
104
105
2. Assign the provided IPs to your router's interface that connects to Cloudflare.
105
106
3. Perform ping tests between your router and Cloudflare's router to confirm that the physical or virtual link is active and passing packets correctly.
106
107
-**For Partner Interconnects**: If you are using a partner like Megaport, ensure you have configured the correct VLAN provided by your Customer Success Manager, as an incorrect VLAN can cause IP provisioning to fail.
107
108
108
-
#### Step 2: BGP Session Establishment
109
+
#### Step 2: BGP session establishment
109
110
110
111
After you confirm connectivity with successful ping tests, the next step is to establish the BGP session.
111
112
112
113
1. Cloudflare will configure its side of the BGP session, and notify you once ready.
113
-
2. You will configure your side of the BGP session and accept the routes.
114
+
2. You will configure your side of the BGP session and accept the routes you need.
114
115
3. Once the session is established, traffic will begin to flow over the CNI. Contact your solutions engineer to verify that traffic is routing as expected.
115
116
116
-
#### BGP Configuration Options and Use Cases
117
+
#### BGP configuration options and use cases
117
118
118
119
Depending on the Cloudflare services you use, your BGP configuration may vary:
119
120
120
-
-**Standard Peering**: This is the most common scenario, where BGP is used to exchange routes between your network and Cloudflare. Cloudflare learns your network routes, which is useful for services like CDN-only deployments or on-demand Magic Transit. It is important to note that prefixes Cloudflare learns via CNI remain local to that specific data center and are not propagated to other Cloudflare locations.
121
+
-**Standard Peering**: This is the most common scenario, where BGP is used to exchange routes between your network and Cloudflare. Cloudflare learns your network routes, which is useful for services like CDN-only deployments or on-demand Magic Transit. It is important to note that this is not peering with the Magic Transit routing table, which is global. Instead, this is peering with the specific data center's Internet edge network. This means that prefixes Cloudflare learns via CNI remain local to that specific data center and are not propagated to other Cloudflare locations.
121
122
-**Magic Transit with Controlled Advertisement**: Magic Transit customers can use a second BGP session to control which prefixes are advertised to the Internet. In this setup, Cloudflare advertises no prefixes to you, and you advertise only the specific prefixes you want Cloudflare to announce on your behalf.
122
123
123
-
#### Important Note on Accepting Routes from Cloudflare
124
+
#### Important note on accepting routes from Cloudflare
124
125
125
-
If you wish to use the CNI for egress traffic from your network to Cloudflare-advertised prefixes (such as anycast or BYOIP addresses), you can accept the BGP prefixes you receive from Cloudflare (typically there will be around 4,000 routes advertised by Cloudflare). However, be aware that there is a 1 Gbps capacity limitation for traffic you send to Cloudflare over the CNI link.
126
+
If you wish to use the CNI for egress traffic from your network to Cloudflare-advertised prefixes (such as anycast or BYOIP addresses), you can accept the BGP prefixes you receive from Cloudflare (typically there will be around 4,000 to 6,000 routes advertised by Cloudflare).
Copy file name to clipboardExpand all lines: src/content/partials/networking-services/cni-product-use-cases.mdx
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ CNI provides a private point-to-point IP connection with Cloudflare. There are t
10
10
|**Magic Transit Direct Server Return (DSR)** <br /> DDoS protection for all ingress traffic from the Internet to your public network. Send egress traffic via your ISP. | Supported with a GRE tunnel established over the interconnect circuit. | Supported with or without a GRE tunnel established over the interconnect circuit. |
11
11
|**Magic Transit with Egress** <br /> DDoS protection for all ingress traffic from the Internet to your public network. Send egress traffic via Cloudflare. | Supported with a GRE tunnel established over the interconnect circuit. | Supported with a GRE tunnel established over the interconnect circuit. |
12
12
|**Magic WAN and Zero Trust** <br /> Build a secure, private network backbone connecting your Zero Trust users and applications with all your sites, data centers, and clouds. | Supported with a GRE tunnel established over the interconnect circuit. | Supported with or without a GRE tunnel established over the interconnect circuit. |
13
-
|**Peering** <br /> Exchange public routes with a single Cloudflare PoP (Point of Presence). | Supported. All customers connecting with the edge data center will exchange public routes at that PoP with AS13335. Connectivity is established at each individual PoP. Routes for other edge locations in Cloudflare's network may not be available. Routes for customer-advertised prefixes will be available only in the connected PoP. ||
14
-
|**Application Security and Performance** <br /> Improve the performance and security of your web applications |**Supported via peering**: Customers can use Argo Smart Routing to direct origin traffic via the edge peering connection when it is determined to be the lowest latency option. Customers must maintain a direct Internet connection which will always be used for a portion of traffic and during failure scenarios. <br /> **Supported Via Magic Transit**: Customers may configure any product with an origin server IP address that is protected by Magic Transit. Magic Transit will direct this traffic via the overlay and customer can control interconnect next-hops using the Magic networking routing table. ||
13
+
|**Peering** <br /> Exchange public routes with a single Cloudflare PoP (Point of Presence). | Supported. All customers connecting with the edge data center will exchange public routes at that PoP with AS13335. Connectivity is established at each individual PoP. Routes for other edge locations in Cloudflare's network may not be available. Routes for customer-advertised prefixes will be available only in the connected PoP. |Supported. All customers connecting with the edge data center will exchange public routes at that PoP with AS13335. Connectivity is established at each individual PoP. Routes for other edge locations in Cloudflare's network may not be available. Routes for customer-advertised prefixes will be available only in the connected PoP.|
14
+
| **Application Security and Performance** <br /> Improve the performance and security of your web applications | **Supported via peering**: Customers can use Argo Smart Routing to direct origin traffic via the edge peering connection when it is determined to be the lowest latency option. Customers must maintain a direct Internet connection which will always be used for a portion of traffic and during failure scenarios. <br /> **Supported Via Magic Transit**: Customers may configure any product with an origin server IP address that is protected by Magic Transit. Magic Transit will direct this traffic via the overlay and customer can control interconnect next-hops using the Magic networking routing table. | **Supported via peering**: Customers can use Argo Smart Routing to direct origin traffic via the edge peering connection when it is determined to be the lowest latency option. Customers must maintain a direct Internet connection which will always be used for a portion of traffic and during failure scenarios. <br /> **Supported Via Magic Transit**: Customers may configure any product with an origin server IP address that is protected by Magic Transit. Magic Transit will direct this traffic via the overlay and customer can control interconnect next-hops using the Magic networking routing table. |
15
15
16
16
For more details refer to the [prerequisites section](/network-interconnect/get-started/#prerequisites).
0 commit comments