Automatic Return Routing (ARR) solves the common enterprise challenge of overlapping private IP addresses by using stateful flow tracking instead of traditional routing tables. This userspace-driven approach ensures return traffic reaches the correct origin tunnel without manual NAT or VRF configuration.

Cloudflare's platform is a leading provider of internet security and performance solutions, offering insights into web security, content delivery, and DNS management. Through documentation, blog posts, and webinars, Cloudflare provides insights into protecting websites and applications from cyber threats and improving performance. Developers and IT professionals can learn about CDN (Content Delivery Network), DDoS mitigation, and firewall configurations to secure and accelerate web traffic.

Cloudflare

Cloudflare introduces Automatic Return Routing (ARR), a closed beta feature for Cloudflare One that solves the enterprise problem of overlapping private IP address spaces. Instead of relying on routing tables (which can't distinguish between two identical IP routes), ARR uses stateful flow tracking to remember which tunnel originated each network conversation and routes return traffic back to that same tunnel. This eliminates the need for NAT or VRF configuration when handling IP conflicts from mergers, extranets, or cookie-cutter branch architectures. ARR is built on Cloudflare's new Unified Routing framework, which moved WAN routing decisions from kernel-level into userspace (Apollo), enabling programmable, session-aware packet handling. Internal deployment showed 3-5x performance improvements for Cloudflare One Clients.

How Automatic Return Routing solves IP overlap

Introducing Automatic Return Routing (ARR)