Workers VPC - Reach Cloudflare WAN destinations from Workers VPC
1mo ago
Source
CloudflareWorkers VPC - Reach Cloudflare WAN destinations from Workers VPCcloudflare.comYou can now use VPC Network bindings with network_id: "cf1:network" to reach your full private network from Workers, including: Cloudflare Mesh nodes and client devices Subnet routes and hostname routes announced through Cloudflare Tunnel or Cloudflare Mesh Destinations connected through Cloudflare WAN on-ramps — GRE, IPsec, and CNI This means a single VPC Network binding can route Worker requests to private services regardless of how those services are connected to Cloudflare: through a Cloudflare Tunnel from a cloud VPC, a Mesh node on a private subnet, or a Cloudflare WAN on-ramp from your data center or branch site. wrangler.jsonc { " vpc_networks " : [ { " binding " : "PRIVATE_NETWORK" , " network_id " : "cf1:network" , " remote " : true , }, ], } wrangler.toml [[ vpc_networks ]] binding = "PRIVATE_NETWORK" network_id = "cf1:network" remote = true At runtime, the URL you pass to fetch() determines the destination: // Reach a service behind a Cloudflare WAN IPsec on-ramp const response = await env . PRIVATE_NETWORK . fetch ( " ) ; Note For destinations behind Cloudflare WAN on-ramps (GRE, IPsec, or CNI), your network must route the Cloudflare source IP range back through the on-ramp so reply traffic returns to Cloudflare. Without this route, stateful flows will fail. This is part of standard Cloudflare WAN onboarding. For configuration options, refer to VPC Networks .


Comments
Sign in to join the conversation.
No comments yet. Be the first.