cloudflare · marciocloudflare · Jul 31, 2025 · Jul 31, 2025 · Jul 31, 2025 · Jul 31, 2025
@@ -160,6 +160,13 @@ The following table exemplifies how to use geographic scoping for routes:
 
 When there are multiple routes to the same prefix with equal priority, and those routes are assigned to different geographic regions (like WNAM and ENAM), traffic entering the network in a specific region — for example, WNAM — will egress through the route associated with that same region.
 
+{ props.magicWord === "Magic Transit" && (
+  <>
+		<Render file="routing/anycast-warning" product="networking-services" />
+	</>
+)
+}
+
 ### Region codes and associated regions
 
 <Render file="traffic-steering-region-codes" product="networking-services/reference" />

@@ -0,0 +1,7 @@
+---
+{}
+---
+
+:::caution[Anycast routing]
+Remember that Cloudflare uses anycast to route traffic. Anycast is a network addressing and routing method in which incoming requests can be routed to a variety of different locations. Because of this, traffic might land in a different geographic location than expected. Not all requests are sent to the closest data center due to the complex nature of Internet routing and peering relationships, and how Cloudflare optimizes for performance and reliability.
+:::
@@ -19,6 +19,13 @@ Refer to <a href={props.trafficSteeringPage}>Traffic Steering</a> for more infor
 - Regional scoping of traffic to reduce latency
 - BGP peering
 
+{ props.magicWord === "Magic Transit" && (
+  <>
+		<Render file="routing/anycast-warning" product="networking-services" />
+	</>
+)
+}
+
 ## Configure static routes
 
 ### Create a static route

@@ -43,14 +43,21 @@ To configure the tunnels between Cloudflare and your locations, you must provide
 
 You can use GRE or IPsec tunnels to onboard your traffic to {props.productName}, and set them up via the Cloudflare dashboard or the API. However, if you want to use the API, be sure to have your [account ID](/fundamentals/account/find-account-and-zone-ids/) and [API key](/fundamentals/api/get-started/keys/#view-your-global-api-key) ready before you begin.
 
-:::note
-IPsec tunnels only support Internet Key Exchange version 2 (IKEv2).
-:::
+{ props.magicWord === "Magic Transit" && (
+  <>
+		<Render file="routing/anycast-warning" product="networking-services" />
+	</>
+)
+}
 
 #### IPsec supported ciphers
 
 Refer to <a href={props.tunnelsAndEncapsulationPagePath}>Tunnels and encapsulation</a> to learn more about the technical requirements for GRE and IPsec tunnels used in {props.productName}. In this page, you can also find the <a href={props.ciphersPagePath}>supported ciphers for IPsec</a>.
 
+:::note
+IPsec tunnels only support Internet Key Exchange version 2 (IKEv2).
+:::
+
 #### Anti-replay protection
 
 If you use {props.productName} and <GlossaryTooltip term="anycast">anycast</GlossaryTooltip> IPsec tunnels, we recommend disabling anti-replay protection. This setting is disabled on Cloudflare's side by default. However, it can be enabled via the API or the Cloudflare dashboard for devices that do not support disabling it, including Cisco Meraki, Velocloud, and AWS VPN Gateway.