Cloudflare "Magic" IP Transit

Hello NANOG!

Does anybody have any experience with Cloudflare's "Magic" IP Transit? Good, bad or ugly?


Hi Jared,

We have contacted them, and I can just tell you the price is expensive, not magic :smiley:



Yep second that opinion - $5000/mo for 1gbps of filtered traffic over
gre tunnel.

Is the pricing any different if PNI or an IX is used for the hand-off
instead of GRE?

DDoS-filtered transit is generally expensive, compared to not-filtered

More expensive, by leaps and bounds. Don't know who could or would
possibly pay these prices but we're out for sure.

I just find it soooooo hypocritical that cloudflare actively protects
the very DDOS / Booter services that were being used to order DDOS hits
against our customer networks in the first place. They have this to state:

    Why are booter services hard to trace?

The person buying these criminal services uses a frontend website for
payment, and instructions relating to the attack. Very often there is
no identifiable connection to the backend initiating the actual
attack. Therefore, criminal intent can be hard to prove. Following the
payment trail is one way to track down criminal entities.

Well guess what cloudflare? Thats a very good idea. Please open your
books and allow us to 'follow the payment trail'....

And a quick google shows up first result, and a cloudflare protected site:


You find it hypocritical that they host booter services? I find it hypocritical (and criminal, if anyone could prove it more than laughably strong correlation) that Cloudflare sales reps had such an impressive knowledge of when sites were getting DDoSed that they could show up to offer service before the admin even knew the site was down.

I’ll never give them a penny.