Cloudflare Strategic Partners Panel Episode 2: PacketFabric
Presented by: Steven Pack, Anna Claiborne
Originally aired on September 6, 2020 @ 2:00 AM - 2:30 AM CDT
Steven and Anna discuss the recent PacketFabric partnership and what challenges PacketFabric is helping customers with today.
English
Transcript (Beta)
Hello Cloudflare TV viewers. Welcome, welcome, welcome to episode number two of the Cloudflare Strategic Partners panel where I'm joined by Anna Claiborne of Packet Fabric.
Say hello Anna. Hello. Thanks for joining me today. I'm your host, my name's Steve Pack.
I'm a solution engineer for the Cloudflare Strategic Partnership team but I also manage the Cloudflare Interconnect Partner program of which Packet Fabric is a founding member.
So very happy to have you along Anna. Happy to be here.
Yeah, so given the fact that we have a partnership, Cloudflare and Packet Fabric and that I sort of run this program, I have a pretty good idea of what Packet Fabric does but not all of our viewers may.
So why don't you start out with giving me, well actually first introduce yourself and your title and role at Packet Fabric and then give us your best shot at what Packet Fabric is.
Sure. So not just a partnership Steve, a glorious partnership.
Glorious. Let's be specific.
I appreciate the correction. Yes. So hi everybody, Anna Claiborne. I run product and engineering at Packet Fabric.
I am also a co-founder and Packet Fabric is a network as a service platform and what that means is that we have done for networking what AWS did for compute.
Meaning that we are turning it into a consumable service that works like your favorite software as a service, whatever.
And I like to think of it in terms of that, you know, there's three pillars to Internet infrastructure and it's compute, storage and network.
And you know, we did a really good job a while ago of virtualizing compute and storage and so now we're virtualizing the network and making it easy to use.
Okay, right. So network as a service.
Now I looked through some of your collateral and I noticed that sometimes you say network as a service, sometimes you go more specific and you say a carrier network delivered as a service.
Is that a like deliberate sort of word choice and if it is, could you explain why maybe?
Sure, because the word network is everywhere, right?
You know, we use it to describe social networks. We use it to describe wireless networks.
We use it to describe small land networks. We like network is a very amorphous term depending on where you're using it, but a carrier network is pretty specific because a carrier network means telecommunications.
It means that you're doing serious connectivity between multiple physical points, right?
And that's what we want to talk about is the wide area network. And even wide area network can be a little bit amorphous too in that it can mean wireless and other things, but you know, we are very specifically moving data over distance and over fiber lines.
So that's why the very deliberate choice there. Okay, and so carrier network delivered as a service, like what's the, how do I, like how do I, what's just the easiest way to differentiate between a current carrier network?
I don't know, like say like a AT &T or maybe even actually let's pick one that's maybe like even doesn't have as much of a consumer thing, say Cogent, right?
Like there's a big carrier network, but you're a carrier network as a service. So what's the major difference?
The big difference is that we make it easy. We put a nice software front end on everything that is built, of course, API first.
So whatever you can do over our UI, you can do over our API.
And it means that you can literally do things like click and build virtual circuits from Los Angeles to New York.
If you need to connect a data center in LA to New York at a hundred gigs, you can click a couple of times and you can do that connection in minutes.
Okay. Right. So instead of say ordering somebody to lay cable, you're clicking on a dashboard to order virtually.
Yes. Or instead of waiting 90 days for a circuit to turn up. And the same thing goes for like cloud, like a lot of times, you know, hybrid cloud scenarios where you'll have some compute and say a co-location like a QTS, and then you need to connect to your compute in Azure, AWS, Google, et cetera.
We make that really easy to whether it's 50 megs or 10 gigs, you know, it's just a, it's a virtual circuit away.
So it's very point, you know, point and click API, API call oriented thing, or you can build that connection and have it up super quick and move your workloads around.
Okay. Got it. Cool. I think I get the big picture and we're going to dive in a little bit later to some of the use cases.
But I wanted to take a little moment, a little detour to talk about how Packet Fabric got started because you know, despite, despite our partnership being glorious, it's not, it's not purely one-to-one.
There are other partners on the program and some of them are, some of them are big and some of them have been around for a while.
And Packet Fabric is a little younger.
So interested to know like what, like what the origin story is and how, how you guys got started.
Sure. So, you know, I talked a little bit before about those, those three pillars that exist.
And one of the like fantastic things that has happened in the last, you know, 12 years about now is cloud computing, right?
You know, it's, it's been hot for a long time and it's allowed, it's allowed for us as in meaning humankind us to do all this sort of technological advancement at a super rapid pace, right?
Because we're not racking and stacking servers and carefully plugging them in and sitting there with a CD and formatting them anymore.
We're, you know, we're clicking a button to spin up a new server and then we're developing our app on it, right?
Like we don't have to devote the brain share and the time anymore to doing that.
And there was this whole problem, right?
Because if you look at storage, compute, and network as the three pillars of, of infrastructure that all of our technology is based on, right?
The whole enablers to do all this cool stuff, like, you know, massive gene sequencing and looking at, you know, what genomes, what cancer genomes look like and, and going through, you know, what could be possible cures and things.
That's all based on those three pillars.
And we did a really good job of making compute and storage easy to use.
And then the network lag really far behind and it was still horribly difficult to set up any sort of connectivity between different buildings or cloud providers and other buildings, or even between cloud providers, right?
All these things were horribly difficult.
And so there was a huge opportunity there to come in and make it better.
Okay. So you still saw, still saw space basically in the network, like it was far behind the more competitive storage and compute.
And there was still plenty of space for innovation.
And since then, it looks like you've been growing really fast, raising lots of money.
And we'll talk a little bit later about how you're spending it as well.
Cool. Okay, that's helpful. So I'm gonna share a little bit now.
I'm gonna share my screen. And we're gonna just sort of share a little bit of how, I guess, our two companies came to be in partnership.
And so we, we talked about this, but we're going to come back to the, we're going to come back to the Packet Fabric story.
What I want to go to is Magic Transit, because this is a big part of the story of how Cloudflare and Packet Fabric got talking.
And this is a fun slide.
When we introduced Magic Transit, the original Internet, things, things have changed.
And anyone who's sort of seen Cloudflare presentations will be familiar with this.
So we run a very large network, 200 cities, 100 plus countries.
It's one of the most interconnected networks in the world.
And as within 99 seconds of the, sorry, 99%, it is within 100 milliseconds of 99% of the world's Internet connected population in the developed world.
There you go.
So we, you know, are about 10 years old, and, you know, became, I guess, really big and known for CDN and DDoS, and particularly the fact that we had a free offering.
And that's how, you know, we grew quickly in the early days and ended up with 26 million, you know, websites or so on us now.
And, you know, always use that data to improve our products and to get insights about the Internet and to, you know, learn about threats.
And, you know, that's why some of our security products are so innovative that we see so much traffic that we're able to identify sort of threats before others.
And so during the course of that time, a couple of things happened.
We did occasionally have particularly large customers come and say, hey, you know, you're populating your cash from my origin, and that's currently over the Internet.
And I don't like that. I want to hide my origins completely. And, you know, what can you do for me?
And, you know, the first few times it happened, a sales guy came along with a big enough check to the network team is like, make this happen.
And so they scrambled and, you know, came up with some way to do sort of PNI.
So private network interconnect between, you know, Cloudflare's edge and, you know, our customers infrastructure.
And that happened a few times. And then as we went further and further up market, and we sold to bigger and bigger customers, and if anyone saw our earnings call recently, that's our fastest growing segment is customers spending over $100 ,000.
And so, you know, that sort of demand for security, performance, reliability, it's only going up.
But another thing that happened during that time was customers said, okay, you protect my websites, my HTTP traffic.
And then with the spectrum product, you protect like my TCP and UDP applications, but I want you to protect my whole IP space.
And, you know, the sort of product and engineering team we're looking at and said, well, actually, we already protect our own IP space, right?
Like we get attacked, like we're constantly getting attacked, we get the attacks that are going to our customers, as well as attacks on ourself.
And so, you know, it was really sort of that lightbulb moment where we realized, well, why don't we offer that same protection that we provide to our own IP space to our customers.
And that's, that's a magic transit came about.
And this sort of slide here I'm showing is like a sort of, you know, high level summary of that, where we advertise the IP addresses, the IP address space of our customers' infrastructure.
And that gets advertised all around the world on our Anycast traffic, on our Anycast network.
And so any traffic, any IP traffic destined for our customers' network, it hits our pops first, and we're able to identify attacks, you know, scrub traffic and just provide only clean traffic to our customers.
And, you know, this was launched a bit over two years ago, I think it was, and it's been super successful.
But as you can imagine, like a lot of the sort of customers that have this, like distributed IP space in multiple locations that need distributed denial of service protection, like they're sophisticated customers, and they have sophisticated requirements.
And, you know, some of the early deals where when we got to the nitty gritty of the architecture, when the customer learned that Cloudflare would be providing this cleaned traffic over the Internet, the security teams of some of those customers weren't so impressed.
And so very quickly became clear that Cloudflare needed to productize the sort of the network interconnect.
And so, you know, the way I described it earlier, being the sales team running to the network team and everyone running around trying to figure out what to do, you know, that was productized into Cloudflare Network Interconnect, you know, just recently.
And so, there is still the physical option, you know, for some customers physical is still makes sense, particularly for the very largest of, you know, customers with say, like multi gig sustained traffic.
But, you know, we also sort of looked at what are the other ways to ease, like, adoption of Magic Transit and just basically to provide, you know, interconnection the way our customers want, like, we want to, like, interconnect with them the way they want to be connected with, I guess you would say.
And as we looked, we looked around, we could see that, you know, lots of customers were plugged in to platforms like Packet Fabric.
And so, you know, as you sort of alluded to before, Anna, like, you know, you, you know, customers can plug into you and get access to all sorts of services.
And we'll look at those that it made sense that if, well, customers, if they're already physically connected to Packet Fabric, then if we were physically connected to Packet Fabric, then that sort of beautiful virtual sort of, you know, use case that you described earlier, that that could be available for Cloudflare, you know, customers as well.
And so, that's sort of how the conversation sort of came to be from my point of view.
Do you think that makes sense, Anna, the way I described that?
Absolutely. You know, everything you said in my startup many, many, many, many lives ago, I did DDoS mitigation.
And so, this is like one of, you know, one of the grails is to be able to return traffic, is to be able to keep your actual, you know, if you want, you know, your www server, your origin server for everything totally off the Internet so that you don't have to deal with this anymore, right?
You know, so it doesn't even have a public IP. And that's the great thing about these services is that they allow customers to do exactly that, is that you can, they can, the true servers that are, you know, guarding the content can stay totally hidden.
And everything can be handled, you know, from public IP space on Cloudflare.
And then, thanks to the magic of Cloudflare and Packet Fabric, that can pretty easily be routed back to wherever those origin servers are, because between the two of us, we have a huge footprint.
Yeah, true. And actually, so this is one thing, actually, let's edit this slide in live, because this might sort of help explain some of this.
So, as, don't mind me while we edit slides live on Cloudflare TV, but, you know, as we've, like I mentioned, sort of gone upmarket, and as we've talked to more and more customers about, you know, their needs, particularly for Magic Transit, start to find that, like, almost every company that's not sort of, you know, born in the last, I guess, five, maybe seven years is on some part of the, like, hybrid journey, right?
So, they've probably got infrastructure on-prem, maybe in a shared data center, and in at least one cloud, possibly more.
And so, like, we are more and more part of the conversation of how do we protect all of that, and how do we sort of set policies at our network edge that apply to all of our resources.
And then, I think, you know, you're in the same conversation, but, like, how do I, you know, manage connectivity to these things, but without, you know, constantly laying cables and, you know, waiting 90 days for circuits to get turned up, right?
Like, that's one of the trends that we've sort of seen recently, or we've learned.
Yeah, and we absolutely see the same trend that, you know, like, the big barriers right now are, you know, connecting co -location data center to cloud, and then, you know, connecting multiple clouds, right?
Because nobody has infrastructure in just one location anymore, or is just using one thing.
Because, as we all know, as shocking as this is, sometimes one things fail, right?
So, there's, you're always going to have your primary location, your disaster recovery location, you need to go between those two.
You're always going to need to move data between, you know, colo and cloud, and often several colos and several clouds.
So, it's only getting, the footprint for most data is only getting bigger, not smaller.
Yeah, okay. So, you hinted at a few things there, but one I picked out was cloud, right?
Like, and so, this is from Packet Fabrics collateral.
You've sort of shown here, like, you know, you're connected to multiple clouds, and you mentioned backup, right?
That you wanted to backup, say, from, like, I guess, one cloud to another, or one cloud to a colo facility.
Now, I'm interested in this, and I haven't prepped you for this, and I haven't really done, like, all of the research either.
So, let's see how we go. But, I love shooting from the hip.
That's expensive, right? Like, this part, no one needs preparation for.
Egressing data from a cloud is expensive. It is, it is. And one of the ways that, one of the ways that it helps doing direct connectivity in a lot of cases, is that the egress data charges are actually lower for going out over any sort of direct connectivity than they are for egressing out the Internet.
So, that's one of the nice ways that a solution like Packet Fabric can help save money, is the fact that you're just reducing those data egress charges.
And not only that, you're getting a lot better performance, because you aren't going out over a VPN connection that is, you know, limited in how much throughput it has by whatever, right?
You can actually get some decent performance out of that link at a lower cost.
Yeah. And so, you mentioned the cost.
Like, when I, like, in my head picture the cost, it's like, you always see, if you look up, you know, that page, basically, with the egress cost, it's like six cents.
I think it's six cents a gig for at least one major cloud over the Internet.
And it's two cents a gig over a partner interconnect.
Well, that, unless that's direct. I can't remember. I think it's a partner.
Yes, it is. Yeah, that's true. And so, in your head, you're like, oh my god, like, you know, that's like a third of the price, like, I have to do this.
But then you dig in further, and you find like, oh, actually, to do that, like, I need to have some virtual appliance or like some, you have to, you have to set up your cloud in a certain way.
And like, there is charges, not just, it's like, it ends up being not just two cents, right?
It's two cents plus. Like, if you're a, you know, a customer with this problem, it's like, okay, I pay a shed load of money to egress data from my cloud, and this could help me, you know, reduce that.
Like, how do you, how do you actually go about calculating the real cost?
Well, that's why there's actually companies out there that will sit there and analyze your Amazon bill, and like, that you have to pay them a load of money to analyze your Amazon bill, just in how to reduce it.
But in general, in general, at least from, at least from what I have found for most, you know, for most setups, is that it's pretty simple to just reduce, you know, to reduce a good chunk of money by switching from egress over VPN egress over, over a private link through a partner.
And, you know, of course, that comes, you know, of course, that comes with all the details, you know, is it, is it exactly right?
Does it apply to your use case? Most of the time, yes.
But, you know, there are also, you know, there are, there's always edge cases out there.
So that's... Do you have any, like, any sort of rule of thumb of, like, you know, once you've, like, done the calculations a few times, you get to see, like, okay, it looks like it's from six cents to two cents, but actually, you know, add everything up, and it's more like three cents, four cents?
Or does it really depend case by case?
Most of the time, most of the time, it's not too much over two cents, you know, it's like, maybe like two and a half cents, because if anything, you're just adding, you're adding some, like, virtual routing resources, like, that's usually about all you're adding.
But like I said, there are also edge cases out there and when it's not what in, which is not that simple.
But for the most part, yeah, it's a pretty, it's a pretty small, it's a pretty small increase over that, over that seemingly nice marketing number of two cents.
Yeah, yeah.
What, what are the, like, what are they usually called in the cloud world? Like, what's the virtual routing infrastructure?
Do you know? It's cloud router is pretty much what everybody calls it.
Okay, cool. All right. Okay, so that's a pretty, a pretty, like, I think, easy to visualize sort of use case, then for the cloud connectivity part, particularly anyone who pays a cloud bill with an egress line on it.
Who regretfully pays a cloud bill. Yeah, who doesn't, who doesn't describe the bill or the relationship with the cloud as glorious.
Well, yes, yes, less glorious.
It's actually really funny because that you, that you bring this up, because one of the things that I've noticed as a, as a trend lately, you know, every time anyone talks about cloud, oh, cloud is up and to the right forever.
And, you know, colocation is dead, everything's going to be in the cloud.
And you had people trying to do wacky things like put their AS 400, you know, database in the cloud.
And now everyone's sort of come to this realization that that's actually not the answer for everything.
You know, and there are, there are real use cases for why you put things in the cloud, you know, why you still run your own equipment and colocation and why you might shift those around.
So it's definitely like, I think we're coming into a new age of balance between those things and understanding that not everything belongs in the cloud.
Yeah, I, and actually I, I heard, I heard, and I don't have a source for this.
So, but I'm interested if you've come across this, that like occasionally, like a CIO will basically get handed from the board, a directive to, to not be bound, well, not to have a single relationship with the cloud because it's a vendor risk.
Right. And, you know, like, that's almost like, if that, if that becomes sort of standard corporate practice, if it already is like, then basically a hybrid cloud is already baked in, right.
As, as the future. Yeah. I'm like, I'm genuinely surprised that it's taken so long for CIOs to get handed that directive.
But I have heard that I have heard echoing of that a lot lately because there are a ton of those relationships out there and it rightfully so makes boards and it should make boards and customers and everybody nervous.
Maybe it's maybe it was all the S1 filings that had payments to cloud providers in the sort of quarter of a billion dollar.
Yeah. I remember a specific one that was rather large.
Okay, cool. So another one here I'm interested in is data center interconnection.
So that's a bit broad. What have you said here? Build your own network backbone, backhaul data from anything.
Okay. Tell me, tell me about this.
Okay. So data center connection prop popularly abbreviated as DCI is when you just have multiple co-location facilities geographically and different providers in different geographies.
It doesn't, it doesn't matter. And you need to connect them in order to exchange data because a lot of times, again, just building VPN tunnels over the Internet isn't optimal for a lot of reasons because, you know, you have to maintain those VPN tunnels.
They're, they're subject to, you know, changes in latency loss jitter as the Internet naturally changes past around as it does.
And so they're just not as stable as a private link. And you certainly can't, and it's certainly much more difficult to do things like 10 gigs or some large volume of traffic over VPN connection.
In fact, most of the little, you know, most of the little VPN appliances, you know, like to, like to be around like a gig, you know, they're not, they're not very happy at more than that.
Okay.
So it's like, I've got two, I've got infrastructure and two data centers. I need to connect them.
VPNs are slow, unreliable. So I can plug both those locations into Packet Fabric and provision like, you know, more reliable connection and at whatever speed I want.
Yep. What, what about the, what about the security part of the VPN?
Because it's not, it's not like, it's not just a tunnel, if you will, it's like it's encrypted.
But there's this little thing called man in the middle attacks that you can, you can very easily get around any secure tunnels with.
And the fact is, is that, I mean, I don't know, we're going into conspiracy theory territory here, but there is no such thing as an SSL as a, as a real secure SSL certificate, at least from me, who comes from the paranoid security background and knowing what goes on with various governments.
So any traffic that runs over the Internet, you should, I mean, you know, that it, it is for a fact offloaded to somebody to analyze.
That is just the way the world works. Whereas Packet Fabric is a fully private network.
There is nobody that sniffs our traffic. Don't worry.
I'm the, given the nature of Cloudflare customers and just people interested, I can assure you many Cloudflare TV viewers are in the same camp.
I'm in good company then. Yeah. Okay. But there is still like, and we're getting short of time, but I'm interested in this.
So like, say I established Packet Fabric, but then if I still want, like, if I still want to be assured that no one's saying Packet Fabric or anyone else can look at my data, do I still put a VPN on both sides of that?
But it's now more reliable because it's over a private network or like what?
A VPN, like certainly you could do that. You could put a VPN over it and it's going to be much more reliable because it's over a private network.
I would say, you know, it's also very difficult to it's pretty difficult to set up traffic sniffing unless you're like really invested in that.
Like, you know, I mentioned before a lot of the world governments and, you know, people who benefit from this sort of data, but it requires things like fiber taps and, you know, relatively expensive devices.
And it's really hard to mirror, you know, if you're going to set up a simple server and a mirror port to look at traffic, it's really hard to get good throughput on that unless you invest some time and money into it.
So, and you also have to have physical access to the equipment, which, you know, everything of ours is safely locked in cages that only we have access to.
So, you know, I can kind of give that color to, you know, to help put people's minds at ease.
And like I said, I do come from the crazy old security world. So, I know that I have some pretty extreme views on this.
Okay, cool. All right. We're getting short on time.
Looks like two minutes by my count. So, let me just sum up with a couple of things.
So, you know, who is this for? And this, you know, being like, you know, the partnership and Cloudflare, from my point of view, anyone who is interested in magic transit, and, you know, part of that conversation will be how will you connect your infrastructure to Cloudflare's edge?
And, you know, depending on your level of security and performance and reliability requirements, private network interconnection is probably going to be for you.
Packet Fabric, you know, great option.
And if you're already particularly on the Packet Fabric network, then it's super easy.
So, that's number one. Number two, we talked about earlier, CDN customers, you can take your origin off the Internet and have a secure, private, reliable path between Cloudflare and the origin via Packet Fabric.
And soon, we didn't really get to talk much about Teams, but Teams is sort of Cloudflare's approach to securing employees, you know, and applications.
And so, we think there's going to be a lot of demand for sort of like branch and HQ to the edge demand.
But we won't go too much into that because we didn't cover it very well.
So, Anna, if you're an existing Packet Fabric customer, and you're interested in, you know, connecting to Cloudflare over the Packet Fabric network, what do I do?
So, if you're an existing Packet Fabric customer and an existing Cloudflare customer, all you need to do is go into the Packet Fabric portal, go to Marketplace and select connect to Cloudflare and the magical engineers over at Cloudflare will handle the rest of that connection process and make sure that, you know, your origin or your WWW server is safe and secure nestled behind both of our networks.
Okay, sounds good.
And if I'm not a Packet Fabric customer yet, but I'm interested in what I've heard today.
It's really easy. You can go to www.packetfabric.com and hit register and create yourself an account and get connected to Packet Fabric today.
Very good.
And for the Cloudflare folks, here's your intro, here's your information, existing customers, talk to your account team, new customers, here's the best way to get in touch.
All right, Anna, it's been a pleasure. I think I'm about to get the hook to pull me off stage.
So it's really been a pleasure to talk and looking forward to this partnership.
