Direct CNI
Direct CNI allows you to connect your network infrastructure directly with Cloudflare — rather than using the public Internet — for a more reliable and secure experience.
Connecting to Cloudflare directly with a Direct CNI reduces latency, makes your network more stable by bypassing Internet performance potential bottlenecks, and may even reduce your ISP bandwidth bills. Direct CNI also gives you more control over how Cloudflare routes traffic back to your network.
The use case for Direct CNI is Magic Transit or Magic WAN. If you have publicly routable origins that are behind Magic Transit over a Direct CNI, then all Cloudflare services that work with public origins will run over the CNI (for example, Load Balancer, WAF, Cache, etc).
In the Cloudflare dashboard you can find Cloudflare's nearest Cloudflare data center, and order a Direct CNI connection with speeds up to 100 gigabits per second, as well as create a Letter of Authorization (LoA).
- Small Form-factor Pluggable (SFP) optics supported
- 10GBASE-LR optics will support up to 10 Km
- 100GBASE-LR4 optics will support up to 10 Km
- Maximum MTU is 1500 bytes
The following functionality is not yet supported on Direct CNI's dedicated ports.
- Virtual LAN (VLAN) tagging (802.1Q)
- Link Aggregation Control Protocol (LACP) and link aggregation (Use ECMP instead)
- Bidirectional Forwarding Detection (BFD)
- IPv6 (you cannot create CNIs in an account with IPv6 beta enabled)
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
