Magic Transit: Network functions at Cloudflare scale

On August 13, 2019, Cloudflare announced Magic Transit, a service that extends the company's network to any IP traffic on the internet. This announcement follows nine years of building a robust global network spanning over 193 cities in more than 90 countries. Magic Transit operates at the IP layer and applies various network functions such as DoS mitigation, firewalling, routing, etc., on a packet-by-packet basis. The service is built on Cloudflare's existing network using techniques like anycast networking and homogeneous server architecture, allowing customers to run their network functions at the company's scale. Magic Transit leverages network namespaces for isolation and control, creating virtual instances of system resources that can be shared among a group of processes. This enables rapid application of customer-defined network configurations in isolation without any performance hit from userspace packet forwarding or proxying. The service also uses GRE tunneling to deliver traffic over the public internet, with anycast IP addresses allowing for multiple points of failure and redundancy. Overall, Magic Transit offers a powerful new way to deploy network functions at scale by leveraging Cloudflare's global network infrastructure.