Cloudflare IPs
To use Magic Transit you need to own a publicly routable IP address block with a minimum size of /24. If you do not own a /24 address block, you can use Magic Transit with a Cloudflare-owned IP address. This option is helpful for users who do not meet the /24 prefix length requirements or who want to protect a smaller network.
To protect your network using a Cloudflare IP address, contact your account manager. After receiving your IP address, you will need to:
- Create a tunnel.
- Set up static routes or BGP peering.
- Configure health checks.
- Confirm tunnel and endpoint health checks were properly configured.
- Update your infrastructure at your own pace to use the allocated Cloudflare IPs.
When you use a Cloudflare-owned IP space, you do not need a Letter of Agency (LOA). When using Cloudflare-leased IPs, Magic Transit Egress is automatically enabled — that is, your egress traffic will also be destined to Cloudflare instead of the Internet. Because of this, you will need to set up policy-based routing on your end to make sure that return traffic is properly routed.
A list of your leased Anycast IPs for Magic Transit is available on the dashboard under IP addresses > Leased IPs ↗.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark