Cloudflare Docs
Magic Transit
Visit Magic Transit on GitHub
Set theme to dark (⇧+D)

Health checks

Magic Transit health checks monitor network status and the health of specific network components. To monitor the health of a specific route, each Cloudflare edge server associated with your network sends a multicast “heartbeat” every few seconds to construct a list of live, peer IP addresses. This approach utilizes consistent hashing, and as a result, Magic Transit can consistently assign tunnels to servers in a way that is resilient to server failures and does not require extra coordination between servers beyond heartbeats.

Because Cloudflare sends probes asynchronously, origin routers typically receive several hundred per minute. This allows Magic Transit to detect failures almost immediately.

Magic Transit performs two types of health checks: endpoint health checks and tunnel health checks.

​​ Endpoint health checks

Endpoint health checks evaluate connectivity from Cloudflare distributed data centers to your origin network. Designed to provide a broad picture of Internet health, endpoint probes flow over available tunnels and do not inform tunnel selection or steering logic.

Cloudflare edge servers issue endpoint health checks outside of customer network namespaces and typically target endpoints beyond the tunnel-terminating border router. Each server sends one endpoint health check every ten minutes.

During onboarding, you specify IP addresses to configure endpoint health checks.

​​ Tunnel health checks

Tunnel health checks monitor the status of the Generic Routing Encapsulation (GRE) tunnels that route traffic from Cloudflare to your origin network. Magic Transit relies on health checks to steer traffic to the best available routes.

During onboarding, you specify the tunnel endpoints the tunnel probes originating from Cloudflare’s edge network will target.

Tunnel health check results are exposed via an API. These results are aggregated from individual health check results done on Cloudflare servers.