Connecting to Cloudflare with Megaport

Megaport makes it easy to provision fast, secure, and private connections to Cloudflare through our global Software Defined Network (SDN). As part of the Cloudflare Network Interconnect (CNI) Partner program, Megaport provides customers with direct, private access to the Cloudflare infrastructure.

Cloudflare connection

The benefits of direct connectivity to Cloudflare through Megaport include:

Private access that bypasses the public internet.
High performance and predictability for your network.
Improved data and operational security.
Flexible and scalable cloud networking.
Consistent connectivity while scaling bandwidth to Cloudflare. This means no downtime when you need to increase or decrease your speed.
Connect to multiple regions from a single interconnection point, which leverages multi-region redundancy at a fraction of the cost.

Availability

Cloudflare Network Interconnect is available in these locations with Megaport:

Asia Pacific
Singapore, Equinix SG1
Sydney, Equinix SY 1/2
Tokyo, Equinix TY2

Europe
Amsterdam, Equinix AM1
Frankfurt, Equinix FR5
London, Telehouse North

North America
Ashburn, Equinix DC/6
Chicago, Equinix CH1/2/4
Los Angeles, Equinix LA1
Miami, Equinix MI1
New York City, Digital Realty NYC2
San Jose, Equinix SV1/5/10
Seattle, Equinix SE2
Toronto, Equinix TY2

Prerequisites

Before you begin, notify Cloudflare. If you are an existing Cloudflare customer, contact your Cloudflare Account Manager.

If you are a new business looking to use Cloudflare Network Interconnect (CNI) to connect securely and reliably with Megaport, you can email Cloudflare directly. In addition to performance benefits, Cloudflare services include Magic Transit, authenticated origin pulls for large content delivery network (CDN) customers, and Cloudflare for Teams.

If you are a new business that requires a public peering service, you can request peering service. Examples include ISPs, service providers, large networks, and CDNs that exchange a significant amount of data.

After you notify Cloudflare, ensure you have a Megaport connection:

Port – You can create a 1 Gbps or 10 Gbps Port onto the Megaport network, with Virtual Cross Connects (VXCs) that connect your data center and a Cloudflare location. If you haven’t already created one, see Creating a Port. 100 Gbps Ports are available in limited locations.
MCR – An MCR enables data transfer between multi-cloud and hybrid cloud environments, network service providers, and cloud service providers. For details, see Creating an MCR.

Note

Public ASNs are required.

Creating a connection to Cloudflare

The easiest way to create a connection between Megaport and Cloudflare is with a service key. A service key includes the essential configuration details and automates much of the configuration process. After obtaining the service key from Cloudflare, you can create a VXC from the Port or MCR to Cloudflare.

To request a connection to Cloudflare

Contact Cloudflare to obtain a service key.
In the Megaport Portal, go to the Services page.
Select the Port or MCR for the connection and click +Connection.
Click Enter Service Key and click Next.
Enter the key provided by Cloudflare.

Megaport validates the key. For details on using a service key, see Creating a VXC with a service key.
Click Next.
Provide these connection details:
- Connection Name – This is a free text field allowing you to assign an easily identifiable name for this connection.
- Service Level Reference (optional) – Specify a unique identifying number for the VXC to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.
  
  Note
  
  Partner managed accounts can apply a Partner Deal to a service. For details, see Applying a Deal to a Service.
- Rate Limit – This is the speed of your connection in Mbps. Accepted values range from 1 Mbps to 5 Gbps in 1 Mbps increments. Note the sum of all hosted virtual VXCs to a service can exceed the Port capacity (1 or 10 Gpbs) but the total aggregate will never burst beyond the Port capacity.
- Preferred A-End VLAN – This is the VLAN for this connection that you will receive through the Port. This must be a unique VLAN ID on this Port and can range from 2 to 4093. If you specify a VLAN ID that is already in use, the system displays the next available VLAN number. The VLAN ID must be unique to proceed with the order. If you don’t specify a value, Megaport will assign one. Alternatively, you can click Untag. This selection removes the VLAN tagging for this connection but also means that only one VXC can be deployed on this Port.
Click Next.
A summary page appears that includes the monthly cost.
Click Add VXC to move the configuration to your cart.
Click Order to continue through the checkout process, or create a new connection.
Review the Order Services agreement and click Order Now.

Once you deploy a VXC connection to Cloudflare, you need to configure the Layer 3 BGP connectivity between your network equipment and Cloudflare, including a Public ASN and Public IPs to peer with Cloudflare.

Redundancy

To establish full redundancy between your data center and Cloudflare, we recommend deploying redundant VXCs between two different Cloudflare regions (or availability zones within a region) and two corresponding Ports at each Megaport-enabled data center.

Cloudflare redundant connection

Cloudflare Frequently Asked Questions (FAQs)

Does Cloudflare offer BYOIP?
Cloudflare is a public service, so you can use your own public IPs.

Does Cloudflare support public or private ASNs?
Cloudflare supports public ASNs. If you are using a public ASN, you must own it. Cloudflare will verify ownership for Magic Transit before announcing network routes.

Additional resources

Last update: 2021-11-12