Source from repo

Cloudflare Platform Skill

Comprehensive Cloudflare platform skill covering Workers, D1, R2, KV, AI, Durable Objects, and security.

cloudflareGitHub cloudflareSource repo Original GitHub link Publisher page

Files

321

Skill

n/a

Size

1.4 MB

Entrypoint

SKILL.md

Format

git-repo

Open file

references/network-interconnect/patterns.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown167 linesFree

references/network-interconnect/patterns.md

1# CNI Patterns
2 
3See [README.md](README.md) for overview.
4 
5## High Availability
6 
7**Critical:** Design for resilience from day one.
8 
9**Requirements:**
10- Device-level diversity (separate hardware)
11- Backup Internet connectivity (no SLA on CNI)
12- Network-resilient locations preferred
13- Regular failover testing
14 
15**Architecture:**
16```
17Your Network A ──10G CNI v2──> CF CCR Device 1
18                                     │
19Your Network B ──10G CNI v2──> CF CCR Device 2
20                                     │
21                            CF Global Network (AS13335)
22```
23 
24**Capacity Planning:**
25- Plan across all links
26- Account for failover scenarios
27- Your responsibility
28 
29## Pattern: Magic Transit + CNI v2
30 
31**Use Case:** DDoS protection, private connectivity, no GRE overhead.
32 
33```typescript
34// 1. Create interconnect
35const ic = await client.networkInterconnects.interconnects.create({
36  account_id: id,
37  type: 'direct',
38  facility: 'EWR1',
39  speed: '10G',
40  name: 'magic-transit-primary',
41});
42 
43// 2. Poll until active
44const status = await pollUntilActive(id, ic.id);
45 
46// 3. Configure Magic Transit tunnel via Dashboard/API
47```
48 
49**Benefits:** 1500 MTU both ways, simplified routing.
50 
51## Pattern: Multi-Cloud Hybrid
52 
53**Use Case:** AWS/GCP workloads with Cloudflare.
54 
55**AWS Direct Connect:**
56```typescript
57// 1. Order Direct Connect in AWS Console
58// 2. Get LOA + VLAN from AWS
59// 3. Send to CF account team (no API)
60// 4. Configure static routes in Magic WAN
61 
62await configureStaticRoutes(id, {
63  prefix: '10.0.0.0/8',
64  nexthop: 'aws-direct-connect',
65});
66```
67 
68**GCP Cloud Interconnect:**
69```
701. Get VLAN attachment pairing key from GCP Console
712. Create via Dashboard: Interconnects → Create → Cloud Interconnect → Google
72   - Enter pairing key, name, MTU, speed
733. Configure static routes in Magic WAN (BGP routes from GCP ignored)
744. Configure custom learned routes in GCP Cloud Router
75```
76 
77**Note:** Dashboard-only. No API/SDK support yet.
78 
79## Pattern: Multi-Location HA
80 
81**Use Case:** 99.99%+ uptime.
82 
83```typescript
84// Primary (NY)
85const primary = await client.networkInterconnects.interconnects.create({
86  account_id: id,
87  type: 'direct',
88  facility: 'EWR1',
89  speed: '10G',
90  name: 'primary-ewr1',
91});
92 
93// Secondary (NY, different hardware)
94const secondary = await client.networkInterconnects.interconnects.create({
95  account_id: id,
96  type: 'direct',
97  facility: 'EWR2',
98  speed: '10G',
99  name: 'secondary-ewr2',
100});
101 
102// Tertiary (LA, different geography)
103const tertiary = await client.networkInterconnects.interconnects.create({
104  account_id: id,
105  type: 'partner',
106  facility: 'LAX1',
107  speed: '10G',
108  name: 'tertiary-lax1',
109});
110 
111// BGP local preferences:
112// Primary: 200
113// Secondary: 150
114// Tertiary: 100
115// Internet: Last resort
116```
117 
118## Pattern: Partner Interconnect (Equinix)
119 
120**Use Case:** Quick deployment, no colocation.
121 
122**Setup:**
1231. Order virtual circuit in Equinix Fabric Portal
1242. Select Cloudflare as destination
1253. Choose facility
1264. Send details to CF account team
1275. CF accepts in portal
1286. Configure BGP
129 
130**No API automation** – partner portals managed separately.
131 
132## Failover & Security
133 
134**Failover Best Practices:**
135- Use BGP local preferences for priority
136- Configure BFD for fast detection (v1)
137- Test regularly with traffic shift
138- Document runbooks
139 
140**Security:**
141- BGP password authentication
142- BGP route filtering
143- Monitor unexpected routes
144- Magic Firewall for DDoS/threats
145- Minimum API token permissions
146- Rotate credentials periodically
147 
148## Decision Matrix
149 
150| Requirement | Recommended |
151|-------------|-------------|
152| Collocated with CF | Direct |
153| Not collocated | Partner |
154| AWS/GCP workloads | Cloud |
155| 1500 MTU both ways | v2 |
156| VLAN tagging | v1 |
157| Public peering | v1 |
158| Simplest config | v2 |
159| BFD fast failover | v1 |
160| LACP bundling | v1 |
161 
162## Resources
163 
164- [Magic Transit Docs](https://developers.cloudflare.com/magic-transit/)
165- [Magic WAN Docs](https://developers.cloudflare.com/magic-wan/)
166- [Argo Smart Routing](https://developers.cloudflare.com/argo/)
167

Preparing the source view

Cloudflare Platform Skill

references/network-interconnect/patterns.md