Magic Transit by Matworks

When organizations need to protect their networks, IT departments typically turn to legacy hardware boxes or cloud ‘scrubbing’ providers. But traditional solutions just aren’t designed to fulfill the Internet’s basic needs: security, performance, and reliability. Magic Transit is a network security solution that offers DDoS protection, traffic acceleration, and much more from every Cloudflare data center— for on-premise, cloud-hosted, and hybrid networks.

Cloudflare Magic Transit network security software deploys a layered security approach that blocks harmful traffic from entering your network while accelerating traffic speed across your entire network. On top of filtering out malicious traffic, the software also optimizes web traffic so that your network can perform at lightning fast speeds.

Who Uses Cloudflare Magic Transit?

Cloudflare Magic Transit is used by businesses and organizations of every size in a global network of more than 90 countries, including users in the publishing, education, financial services, health care, travel, entertainment, and public sector industries, to name a few.

The Cloudflare Advantage

Leader in DDoS Mitigation

Top analyst research firms consistently rank Cloudflare as a leader in DDoS mitigation because of Cloudflare’s recorded ability to block attacks of all sizes and kinds, unique architecture, rapid onboarding, and fine-grained controls.

Robust Security

Magic Transit runs as a service on every server in the Cloudflare network—meaning there’s no need to divert traffic to latency-inducing scrubbing centers. Better yet, traffic routed over the Cloudflare network benefits from faster routing than over the public Internet.

Lower Total Cost of Ownership

Security, performance and reliability functions are built on the same global anycast network across 200 cities. They are designed to integrate seamlessly and via the same dashboard. With zero CAPEX required, security and performance functions can be deployed more efficiently.

Who Uses Cloudflare Magic Transit?

Cloudflare Magic Transit is used by businesses and organizations of every size in a global network of more than 90 countries, including users in the publishing, education, financial services, health care, travel, entertainment, and public sector industries, to name a few.

The Cloudflare Advantage

Leader in DDoS Mitigation

Top analyst research firms consistently rank Cloudflare as a leader in DDoS mitigation because of Cloudflare’s recorded ability to block attacks of all sizes and kinds, unique architecture, rapid onboarding, and fine-grained controls.

Robust Security

Magic Transit runs as a service on every server in the Cloudflare network—meaning there’s no need to divert traffic to latency-inducing scrubbing centers. Better yet, traffic routed over the Cloudflare network benefits from faster routing than over the public Internet.

Lower Total Cost of Ownership

Security, performance and reliability functions are built on the same global anycast network across 200 cities. They are designed to integrate seamlessly and via the same dashboard. With zero CAPEX required, security and performance functions can be deployed more efficiently.

Magic Transit makes your network smarter, better, stronger, and cheaper to operate

Protecting network infrastructure from DDoS attacks demands a unique combination of strength and speed. Volumetric attacks can easily overwhelm hardware boxes and their bandwidth-constrained Internet links. And most cloud-based solutions redirect traffic to centralized scrubbing centers, which impacts network performance significantly.

Cloudflare Magic Transit provides DDoS protection and traffic acceleration for on-premise, cloud, and hybrid networks. With data centers spanning 200 cities and over 59 Tbps in mitigation capacity, Magic Transit can detect and mitigate attacks close to their source of origin in under 3 seconds globally on average — all while routing traffic faster than the public Internet.

Cloudflare Magic Transit Features:

Ultra-low Time to Mitigate (TTM)
Threat intelligence
Protect your websites, networks and TCP/UDP apps
Network protection and acceleration
Magic Transit provides BGP-based DDoS protection
Intuitive interface
Advanced analytics

  • Over 192 Tbps of network capacity

  • Sub-second threat detection

  • Mitigate most attacks in under 3 seconds

  • Integrate via BGP routing and GRE encapsulation
  • Native integration with L7 services (CDN, WAF, Bot Management, etc.)
  • 24×7 SOC

  • Always-on and on-demand options

  • Data centers in over 285 cities across 100 countries

  • Support for all IP services (TCP, UDP, IPSec, VoIP, custom protocols)

  • Dashboard and API access

  • Industry-leading DDoS mitigation

  • All your private & hybrid network assets are safeguarded

Get Magic Transit Today – REQUEST FREE DEMO

Magic Transit makes your network smarter, better, stronger, and cheaper to operate

Protecting network infrastructure from DDoS attacks demands a unique combination of strength and speed. Volumetric attacks can easily overwhelm hardware boxes and their bandwidth-constrained Internet links. And most cloud-based solutions redirect traffic to centralized scrubbing centers, which impacts network performance significantly.

Cloudflare Magic Transit provides DDoS protection and traffic acceleration for on-premise, cloud, and hybrid networks. With data centers spanning 200 cities and over 59 Tbps in mitigation capacity, Magic Transit can detect and mitigate attacks close to their source of origin in under 3 seconds globally on average — all while routing traffic faster than the public Internet.

Cloudflare Magic Transit Features:

Ultra-low Time to Mitigate (TTM)
Threat intelligence
Protect your websites, networks and TCP/UDP apps
Network protection and acceleration
Magic Transit provides BGP-based DDoS protection
Intuitive interface
Advanced analytics

  • Over 192 Tbps of network capacity

  • Sub-second threat detection

  • Mitigate most attacks in under 3 seconds

  • Integrate via BGP routing and GRE encapsulation
  • Native integration with L7 services (CDN, WAF, Bot Management, etc.)
  • 24×7 SOC

  • Always-on and on-demand options

  • Data centers in over 285 cities across 100 countries

  • Support for all IP services (TCP, UDP, IPSec, VoIP, custom protocols)

  • Dashboard and API access

  • Industry-leading DDoS mitigation

  • All your private & hybrid network assets are safeguarded

GET MAGIC TRANSIT TODAY REQUEST FREE DEMO

Cloudflare Magic Transit Vs Competitors

Feature Comparison Cloudflare Others
Use BGP and BYOIPs yes yes
Return traffic over GRE yes yes
Global network > 59 Tbps network capacity yes yes
Sub-second threat detection and TTM< 3 sec yes yes
Integrated performance benefits yes yes
Native integration of L3/4/7 products yes yes
Built-in L3 firewall yes yes

FAQs

How much extra delay will I have when using Magic Transit always-on solution?

Unlike other providers where the tunnel connections are done with only 1 or 2 scrapping centers and added delay can be up to 30-70ms, Magic Transit uses anycast technology which means that customer’s tunnels are connected to all Cloudflare Points of Presence (250+ POPs) at the same time and with added delay being as low as 1-2ms.

Magic Transit quarantines mitigation time (TTM) under 3 seconds for any L3/L4 DDOS attacks.

Yes, Matworks can offer Magic Transit as a POC (Proof of Concept) for a period of up to 45 days with no commitment. All configuration and consultancy will be provided from our expertise team.

You need to provide a signed LOA (Letter of Authorization) that gives Cloudflare the authority to advertise your organization IPs on your behalf.

Matworks will provide the customer (even during POC) access to a custom portal with access to all configuration and analytics.

Magic Transit can be switched on/off immediately, but it depends in the underline BGP (Border Gateway Protocol) to fully converge (usually 1-3 minutes).

We can help you identify the needed bandwidth plan during the POC period.

We calculate the needed bandwidth based on 95th percentile of the clean download traffic. This means that no matter how high is your traffic during business hours, we only calculate the 95th percentile of the clean traffic at the end of the month.

Unlike other DDOS providers that charge based on the volume or time of the attack, Magic Transit will protect you no matter how big or how long a DDOS attack will last, with no extra cost. We only use clean traffic for our calculations.

Your services will continue to work with no interactions and with no extra cost.

We will inform you about the new statistics and can help you move to a more appropriate plan based on your needs.

Yes, as long as the IPs are behind BGP advertisement and you provide a valid LOA from the IPs owner.

We can also provide IPs from our own pool, or even help you acquire your own permanent IPs registered to your company.

By default we will alert you over email, but if needed we can help you setup other means of alerting (i.e. SMS/webhooks/call etc.).

Cloudflare

Magic Transit vs Competitors

Feature Comparison Cloudflare Others
Use BGP and BYOIPs yes yes
Return traffic over GRE yes yes
Global network > 59 Tbps network capacity yes yes
Sub-second threat detection and TTM < 3 sec yes yes
Integrated performance benefits yes yes
Native integration of L3/4/7 products yes yes
Built-in L3 firewall yes yes

FAQs

How much extra delay will I have when using Magic Transit always-on solution?

Unlike other providers where the tunnel connections are done with only 1 or 2 scrapping centers and added delay can be up to 30-70ms, Magic Transit uses anycast technology which means that customer’s tunnels are connected to all Cloudflare Points of Presence (250+ POPs) at the same time and with added delay being as low as 1-2ms.

Magic Transit quarantines mitigation time (TTM) under 3 seconds for any L3/L4 DDOS attacks.

Yes, Matworks can offer Magic Transit as a POC (Proof of Concept) for a period of up to 45 days with no commitment. All configuration and consultancy will be provided from our expertise team.

You need to provide a signed LOA (Letter of Authorization) that gives Cloudflare the authority to advertise your organization IPs on your behalf.

Matworks will provide the customer (even during POC) access to a custom portal with access to all configuration and analytics.

Magic Transit can be switched on/off immediately, but it depends in the underline BGP (Border Gateway Protocol) to fully converge (usually 1-3 minutes).

We can help you identify the needed bandwidth plan during the POC period.

We calculate the needed bandwidth based on 95th percentile of the clean download traffic. This means that no matter how high is your traffic during business hours, we only calculate the 95th percentile of the clean traffic at the end of the month.

Unlike other DDOS providers that charge based on the volume or time of the attack, Magic Transit will protect you no matter how big or how long a DDOS attack will last, with no extra cost. We only use clean traffic for our calculations.

Your services will continue to work with no interactions and with no extra cost.

We will inform you about the new statistics and can help you move to a more appropriate plan based on your needs.

Yes, as long as the IPs are behind BGP advertisement and you provide a valid LOA from the IPs owner.

We can also provide IPs from our own pool, or even help you acquire your own permanent IPs registered to your company.

By default we will alert you over email, but if needed we can help you setup other means of alerting (i.e. SMS/webhooks/call etc.).

Interested in Magic Transit?

Magic Transit detects and mitigates DDoS attacks of any size and kind at the network edge, closest to the source of origin—so service providers and their customers have increased uptime and performance. Send us a quick message and book a free demo now!