Cloudflare TV

Cloudflare Strategic Partners Panel Episode 2: PacketFabric

Presented by Steven Pack, Anna Claiborne
Originally aired on 

Steven and Anna discuss the recent PacketFabric partnership and what challenges PacketFabric is helping customers with today.


Transcript (Beta)

Hello Cloudflare TV viewers. Welcome, welcome, welcome to episode number two of the Cloudflare Strategic Partners panel where I'm joined by Anna Claiborne of Packet Fabric.

Say hello Anna. Hello. Thanks for joining me today. I'm your host, my name's Steve Pack.

I'm a solution engineer for the Cloudflare Strategic Partnership team but I also manage the Cloudflare Interconnect Partner program of which Packet Fabric is a founding member.

So very happy to have you along Anna. Happy to be here.

Yeah, so given the fact that we have a partnership, Cloudflare and Packet Fabric and that I sort of run this program, I have a pretty good idea of what Packet Fabric does but not all of our viewers may.

So why don't you start out with giving me, well actually first introduce yourself and your title and role at Packet Fabric and then give us your best shot at what Packet Fabric is.

Sure. So not just a partnership Steve, a glorious partnership.

Glorious. Let's be specific.

I appreciate the correction. Yes. So hi everybody, Anna Claiborne. I run product and engineering at Packet Fabric.

I am also a co-founder and Packet Fabric is a network as a service platform and what that means is that we have done for networking what AWS did for compute.

Meaning that we are turning it into a consumable service that works like your favorite software as a service, whatever.

And I like to think of it in terms of that, you know, there's three pillars to Internet infrastructure and it's compute, storage and network.

And you know, we did a really good job a while ago of virtualizing compute and storage and so now we're virtualizing the network and making it easy to use.

Okay, right. So network as a service.

Now I looked through some of your collateral and I noticed that sometimes you say network as a service, sometimes you go more specific and you say a carrier network delivered as a service.

Is that a like deliberate sort of word choice and if it is, could you explain why maybe?

Sure, because the word network is everywhere, right?

You know, we use it to describe social networks. We use it to describe wireless networks.

We use it to describe small land networks. We like network is a very amorphous term depending on where you're using it, but a carrier network is pretty specific because a carrier network means telecommunications.

It means that you're doing serious connectivity between multiple physical points, right?

And that's what we want to talk about is the wide area network. And even wide area network can be a little bit amorphous too in that it can mean wireless and other things, but you know, we are very specifically moving data over distance and over fiber lines.

So that's why the very deliberate choice there. Okay, and so carrier network delivered as a service, like what's the, how do I, like how do I, what's just the easiest way to differentiate between a current carrier network?

I don't know, like say like a AT &T or maybe even actually let's pick one that's maybe like even doesn't have as much of a consumer thing, say Cogent, right?

Like there's a, there's a big carrier network, but you're a carrier network as a service.

So what's the, what's the major difference? The big difference is that we make it easy.

We put a nice software front end on everything that is built, of course, API first.

So whatever you can do over our UI, you can do over our, over our API.

And it means that you can literally do things like click and build virtual circuits from Los Angeles to New York.

If you need to connect a data center in LA to New York at a hundred gigs, you can click a couple of times and you can do that connection in minutes.

Okay. Right. So instead of say ordering somebody to lay cable, you're clicking on a dashboard to, to order virtually.

Yes. Or instead of waiting 90 days for a circuit to turn up. And the same thing goes for like cloud, like a lot of times, you know, hybrid cloud scenarios where you'll have some compute and say a co-location like a QTS, and then you need to connect to your compute in Azure, AWS, Google, et cetera.

We make that really easy to whether it's 50 megs or 10 gigs, you know, it's just a, it's a virtual circuit away.

So it's very point, you know, point and click API, API call oriented thing, or you can build that connection and have it up super quick and move your workloads around.

Okay. Got it. Cool. I think I get the big picture and we're going to dive in a little bit later to some of the use cases.

But I wanted to take a little moment, a little detour to talk about how Packet Fabric got started because you know, despite, despite our partnership being glorious, it's not, it's not purely one-to-one.

There are other partners on the program and some of them are, some of them are big and some of them have been around for a while.

And, and Packet Fabric is a little younger.

So interested to know like what, like what the origin story is and how, how you guys got started.

Sure. So, you know, I talked a little bit before about those, those three pillars that exist.

And one of the like fantastic things that has happened in the last, you know, 12 years about now is cloud computing, right?

You know, it's, it's been hot for a long time and it's allowed, it's allowed for us as in meaning humankind us to do all this sort of technological advancement at a super rapid pace, right?

Because we're not racking and stacking servers and carefully plugging them in and sitting there with a CD and formatting them anymore.

We're, you know, we're clicking a button to spin up a new server and then we're developing our app on it, right?

Like we don't have to devote the brain share and the time anymore to doing that.

And there was this whole problem, right?

Because if you look at storage, compute and network as the three pillars of, of infrastructure that all of our technology is based on, right?

The whole enablers to do all this cool stuff, like, you know, massive gene sequencing and looking at, you know, what genomes, what cancer genomes look like and, and going through, you know, what could be possible cures and things.

That's all based on those three pillars.

And we did a really good job of making compute and storage easy to use.

And then the network lag really far behind and it was still horribly difficult to set up any sort of connectivity between different buildings or cloud providers and other buildings, or even between cloud providers, right?

All these things were horribly difficult.

And so there was a huge opportunity there to come in and make it better.

Okay. So you still saw, still saw space basically in the network, like it was far behind the more competitive storage and compute.

And there was still plenty of space for innovation.

And since then, it looks like you've been growing really fast, raising lots of money.

And we'll talk a little bit later about how you're spending it as well.

Cool. Okay, that's helpful. So I'm gonna share a little bit now.

I'm gonna share my screen and we're gonna just sort of share a little bit of how, I guess, our two companies came to be in partnership.

And so we, we talked about this, but we're going to come back to the, we're going to come back to the Packet Fabric story.

What I want to go to is Magic Transit, because this is a big part of the story of how Cloudflare and Packet Fabric got talking.

And this is a fun slide.

When we introduced Magic Transit, the original Internet, things, things have changed.

And anyone who's sort of seen Cloudflare presentations will be familiar with this.

So we run a very large network, 200 cities, 100 plus countries.

It's one of the most interconnected networks in the world.

And as within 99 seconds of the, sorry, 99%, it is within 100 milliseconds of 99% of the world's Internet connected population in the developed world.

There you go.

So we are about 10 years old and became, I guess, really big and known for CDN and DDoS, and particularly the fact that we had a free offering.

And that's how we grew quickly in the early days and ended up with 26 million websites or so on us now.

And always use that data to improve our products and to get insights about the Internet and to learn about threats.

And that's why some of our security products are so innovative that we see so much traffic that we're able to identify sort of threats before others.

And so during the course of that time, a couple of things happened.

We did occasionally have particularly large customers come and say, hey, you know, you're populating your cache from my origin, and that's currently over the Internet.

And I don't like that. I want to hide my origins completely.

And, you know, what can you do for me? And, you know, the first few times that happened, a sales guy came along with a big enough check to the network team is like, make this happen.

And so they scrambled and came up with some way to do sort of PNI.

So private network interconnect between, you know, CloudFlows edge and, you know, our customers infrastructure.

And that happened a few times.

And then as we went further and further up market, and we sold to bigger and bigger customers, and if anyone saw our earnings call recently, that's our fastest growing segment is customers spending over $100,000.

And so, you know, that sort of demand for security performance reliability, it's only going up.

But another thing that happened during that time was customers said, okay, you protect my websites, my HTTP traffic.

And then with the spectrum product, you protect like my TCP and UDP applications, but I want you to protect my whole IP space.

And, you know, the sort of product and engineering team we're looking at and said, well, actually, we already protect our own IP space, right?

Like we get attacked, like we're constantly getting attacked, we get the attacks that are going to our customers, as well as attacks on ourself.

And so, you know, it was really sort of that lightbulb moment where we realized, well, why don't we offer that same protection that we provide to our own IP space to our customers.

And that's, that's a magic transit came about.

And this sort of slide here I'm showing is like a sort of, you know, high level summary of that where we advertise the IP addresses, the IP address space of our customers infrastructure.

And that gets advertised all around the world on our Anycast traffic on our Anycast network.

And so any traffic, any IP traffic destined for our customers network, it hits our pops first, and we're able to identify attacks, you know, scrub traffic and just provide only clean traffic to our customers.

And, you know, this was launched a bit over two years ago, I think it was, and it's been super successful.

But as you can imagine, like a lot of the sort of customers that have this, like distributed IP space in multiple locations that need distributed denial of service protection, like they're sophisticated customers, and they have sophisticated requirements.

And, you know, some of the early deals where when we got to the nitty gritty of the architecture, when the customer learned that Cloudflare would be providing this clean traffic over the Internet, the security teams of some of those, some of those customers weren't so impressed.

And so very quickly became clear that Cloudflare needed to productize the sort of the network interconnect.

And so, you know, the way I described it earlier, being the sales team running to the network team, and everyone running around trying to figure out what to do, you know, that was productized into Cloudflare network interconnect, you know, just recently.

And so there is still the physical option, you know, for some customers, physical is still makes sense, particularly for the very largest of, you know, customers with, say, like multi gig sustained traffic.

But, you know, we also sort of looked at what are the other ways to ease, like, adoption of magic transit, and just basically to provide, you know, interconnection the way our customers want, like, we want to, like interconnect with them the way they want to be connected with, I guess you would say.

And as we looked, we looked around, we could see that, you know, lots of customers were plugged in to platforms like Packet Fabric.

And so, you know, as you sort of alluded to before, Anna, like, you know, you, you know, customers can plug into you and get access to all sorts of services.

And we'll look at those that it made sense that if well, customers, if they're already physically connected to Packet Fabric, then if we were physically connected to Packet Fabric, then that sort of beautiful virtual sort of sort of, you know, use case that you described earlier, that that could could be available for Cloudflare, you know, customers as well.

And so that's, that's sort of how the conversation sort of came came to be from from my point of view.

Do you think that makes sense?

I know the way the way I described that? Absolutely. Yeah, everything said in my, in my startup, many, many, many, many lives ago, I did DDoS mitigation.

And so this is like one of, you know, one of the grails is to be able to return traffic is to be able to keep your actual, you know, if you want, you know, your WWW server, your origin server, for everything totally off the Internet, so that you don't have to deal with this anymore, right?

You know, so it doesn't even have a public IP.

And that's the great thing about these services is that they allow customers to do exactly that is that you can, they can, the true servers that are that are, you know, guarding the content can stay totally hidden.

And everything can be handled, you know, from public IP space on Cloudflare. And then, thanks to the magic of Cloudflare and Packet Fabric, that can pretty easily be routed back to wherever those origin services service servers are, because between the two of us, we have a huge footprint.

Yeah, true. And actually, so this is one thing, actually, let's let's edit this slide in, in live, because this might sort of help explain some of this.

So as don't don't don't mind me while we edit slides live on on Cloudflare TV.

But, um, you know, as we've, like I mentioned, sort of gone up market, and as we've talked to more and more customers about, you know, their needs, particularly for Magic Transit, start to find that like almost every company that's not sort of, you know, born in the last, I guess, five, maybe seven years is on some part of the like hybrid journey, right?

So they've probably got infrastructure on prem, maybe in a shared data center, and in at least one cloud, possibly more.

And so, like, we are more and more part of the conversation of how do we protect all of that?

And how do we sort of set policies at our network edge that apply to all of our resources?

And then I think, you know, you're in the same conversation, but like, how do I, you know, manage connectivity to these things, but without, you know, constantly laying cables and, you know, waiting 90 days for the circuits to get turned up?

All right. Like, that's, that's one of the trends that we've sort of seen recently.

Yeah. Yeah. And we absolutely seem to see the same trend that, you know, like, the big, the big barriers right now are, you know, connecting, connecting co-location data center to cloud, and then, you know, connecting multiple clouds, right?

Because nobody has infrastructure in just one location anymore, or is just using one thing.

Because as we all know, as shocking as this is, sometimes one things fail, right?

So there's, you're always going to have your primary location, your disaster recovery location, you need to go between those two.

You're always going to need to move data between, you know, colo and cloud, and often several colos and several clouds.

So it's only getting the footprint for most data is only getting bigger, not smaller.

Yeah. Okay. So you hinted, you hinted at a few things there, but one I picked out was cloud, right?

Like, and so this is from, this is from Packet Fabrics collateral, you've sort of showing here, like, you know, you're, you're connected to multiple clouds.

And you mentioned backup, right, that you wanted to back up, say, from like, I guess, one cloud to another or one cloud to a colo facility.

Now, I'm interested in this. And I haven't prepped you for this.

And I haven't really done like all the research either. So let's see how we go.

But I'm shooting from the hip. That's expensive, right? Like, this part, no one needs preparation for, egressing data from a cloud is expensive.

It is, it is.

And one of the ways that, one of the ways that it helps doing direct connectivity in a lot of cases is that the egress data charges are actually lower for going out over any sort of direct, direct connectivity than they are for egressing out the Internet.

So that's one of the nice ways that a solution like Packet Fabric can help save money is the fact that you're just reducing those data egress charges.

And not only that, you're getting a lot better performance because you aren't going out over a VPN connection that is, you know, limited and how much throughput it has by whatever, right?

You can actually get some decent performance out of that link at a lower cost.

Yeah. And so you mentioned the cost, like when, when I, like, in my head picture, the cost, it's like you always see, if you look up, you know, that, that page, basically, with the egress cost, it's like 6 cents, I think it's 6 cents a gig for at least one major cloud over the Internet.

And it's 2 cents a gig over a partner interconnect.

Well, that, unless that's direct, I can't remember.

I think it's the partner. Yes, it is. Yeah, that's true. And so in your head, you're like, oh my God, like, you know, that's like a third of the price, like I have to do this.

But then you dig in further and you find like, oh, actually to do that, I need to have some virtual appliance or like some, you have to, you have to set up your cloud in a certain way.

And like, there is charges, not just, it's like, it ends up being not just 2 cents, right?

It's 2 cents plus. Like, if you're a, you know, a customer with this problem, it's like, okay, I pay a shed load of money to egress data from my cloud.

And this could help me, you know, reduce that.

Like, how do you, how do you actually go about calculating the real cost?

Well, that's why there's actually companies out there that will sit there and analyze your Amazon bill.

And like that you have to pay them a load of money to analyze your Amazon bill, just in how to reduce it.

But in general, at least from what I've found for most, you know, for most setups is that it's pretty simple to just reduce, you know, to reduce a good chunk of money by switching from egress over VPN, egress over a private link through a partner.

And, you know, of course that comes, you know, of course that comes with all the details, you know, is it exactly right?

Does it apply to your use case? Most of the time, yes. But, you know, there are also, you know, there are, there's always edge cases out there.

So that's, uh, do you have any, like any sort of rule of thumb of like, you know, once you've like done the calculations a few times, you get to see like, okay, it looks like it's from 6 cents to 2 cents, but actually, you know, add everything up and it's more like 3 cents, 4 cents, or is it really dependent case by case?

Most of the time, most of the time, it's not too much over 2 cents, you know, it's like maybe like two and a half because if anything, you're just adding, um, you're adding some like virtual routing resources, like that's usually about all you're adding.

Uh, but like I said, there are also edge cases out there and when it's not, which is not that simple.

Um, but for the most part, yeah, it's a pretty, it's a pretty small, it's a pretty small increase over that, over that seemingly nice marketing number of 2 cents.

Yeah. Yeah. What, what are the, like, what are they usually called in the cloud world?

Like what is the, what's the virtual routing infrastructure?

Do you know, like, uh, it's cloud router is pretty much what everybody calls it.

Okay. Cool. All right. Um, okay. So that's a pretty, um, a pretty, like, I think easy to visualize sort of use case then for the cloud connectivity part.

Um, particularly anyone who pays a cloud bill with an egress line on it.

Um, who regretfully paid a cloud bill. Yeah. Who doesn't, who doesn't describe the bill or the, uh, relationship with their cloud is glorious.

Um, well, yes, yes.

Less glorious. It's actually really funny because that you, that you bring this up because one of the things that I've noticed as a, as a trend lately, um, you know, every time anyone talks about cloud, oh, cloud is up and to the right, um, forever.

And you know, co -location is dead. Everything's going to be in the cloud.

And you had people trying to do wacky things, like put their AS 400, you know, database in the cloud.

And now everyone's sort of come to this realization that, uh, that's actually not the answer for everything.

Um, you know, and there are, there are real use cases for why you put things in the cloud, you know, why you still run your own, uh, equipment and co-location and why you might shift those around.

So it's definitely like, I think we're coming into a new age of balance between those things and understanding that not everything belongs in the cloud.

Yeah. And actually I, I heard, I heard, and I don't have a source for this, but I'm interested if you've come across this, that like occasionally, like a CIO will basically get handed from the board a directive to, um, to not be bound or not to have a single relationship with the cloud because it's a vendor risk.

Right. And, um, you know, like that's almost like, if that, if that becomes sort of standard corporate practice, or if it already is like, then basically a hybrid cloud is already baked in, right.

As, as the future. Yeah. I'm like, I'm genuinely surprised that it's taken so long for CIOs to get handed that directive.

But I have heard that, um, I have heard echoings of that a lot lately, um, because there are a ton of those relationships out there and, um, it rightfully so makes boards and it should make boards and customers and everybody nervous.

Um, Maybe it's, uh, maybe it was all the S1 filings that had, uh, uh, payments to cloud providers in the sort of quarter of a billion dollar.

Uh, yeah, I remember a specific one that was rather large.

Um, okay, cool. So another one here I'm interested in is data center interconnection.

So that's a bit broad. What have you said here?

Build your own network backbone, backhaul data from it. Okay.

Tell me, tell me about this. Okay. So data center connection prop popularly abbreviated as DCI, uh, is when you just have, um, multiple co-location facilities, uh, you know, either, you know, geographically and different providers, um, in different geographies, it doesn't, it doesn't matter.

And you need to connect them in order to exchange data because a lot of times, again, just building VPN tunnels over the Internet isn't optimal for a lot of reasons, uh, because, you know, you have to maintain those VPN tunnels.

There's they're subject to, um, you know, changes in latency, um, loss jitter as the Internet naturally changes past around as it does.

Um, and so they're just not as stable as a private link and you certainly can't, and it's certainly much more difficult to do things like 10 gigs or some large volume of traffic over a VPN connection.

In fact, most of the little, you know, most of the little VPN appliances, you know, like to, like to be around like a gig, you know, they're not, they're not very happy at more than that.


So it's like, I've got two, I've got infrastructure in two data centers. I need to connect them.

VPNs are slow, unreliable. So I can plug both those locations into Packet Fabric and provision, uh, like, you know, more reliable connection and at whatever speed I want.

Yep. What, what about the, what about the security part of the VPN?

Cause it's not, it's not like, it's not just a tunnel, if you will, it's like it's encrypted.

Um, but there's this little thing called man in the middle attacks that you can, you can very easily get around, um, any secure tunnels with.

And the fact is, is that, I mean, I don't know, we're going into conspiracy theory territory here, but there is no such thing as an SSL as a, as a real secure SSL certificate, at least from me who comes from the paranoid security background and knowing what goes on with various governments.

So, uh, any traffic that runs over the Internet, you should, I mean, you know, that it, it is for a fact offloaded to somebody to analyze.

That is just the way the world works.

Whereas Packet Fabric is a fully private network. There is nobody that sniffs our traffic.

Don't worry. I'm the, given the nature of Cloudflare customers and just people interested, I can assure you many Cloudflare TV viewers are in the same camp.

Well, I'm in good company then. Yeah.

Um, okay. But there is still like, and we're getting short of time, but I, I mentioned this.

So like, say I established Packet Fabric, but then if I still want, like, if I still want to be assured that no one's saying Packet Fabric or anyone else can look at my data, do I still put a VPN on both sides of that?

But it's now more reliable because it's over a private network or like a VPN, like certainly, um, you could do that.

You could put a VPN over it and it's going to be much more reliable because it's over a private network.

Um, I would say, you know, it's also very difficult to, um, it's pretty difficult to set up traffic sniffing unless you're like really invested in that.

Like, you know, I mentioned before a lot of the world governments and, you know, people who benefit from this sort of data.

Um, but it requires things like fiber taps and, you know, relatively expensive devices.

And it's really hard to mirror, you know, if you're going to set up a simple server and, uh, and a mirror port, um, to look at traffic, it's really hard to get good throughput on that unless you invest some, some time and money into it.

So, and you also have to have physical access to the equipment, which, you know, um, everything of ours is safely locked in cages, um, that only we have access to.

So, uh, you know, I can, I can kind of give that color to, you know, to help put people's minds at ease.

And like I said, I do come from the, I come from the crazy, the crazy old security world.

So I know that I have some pretty extreme views on this.

Okay, cool. Um, all right. We're getting short on time. It looks like two minutes by my count.

Um, so let me just sum up with a couple of things. So, you know, who is this for?

And this, you know, being like, you know, the partnership and cloud from, from my point of view, anyone who is interested in magic transit and, um, you know, part of that conversation will be how will you connect your infrastructure to Cloudflare's edge?

And, you know, uh, depending on your level of security and performance and reliability requirements, private network interconnection is probably going to be for you, Packet Fabric, you know, great option.

And if you're already particularly on the Packet Fabric network, then it's super easy.

Um, so that's number one. Number two, we talked about earlier CDN customers.

You can take your origin off the Internet and have a secure, private, reliable, um, path between Cloudflare and the origin by Packet Fabric.

Uh, and soon we didn't really get to talk much about Teams, but, um, Teams is sort of Cloudflare's approach to securing employees, uh, you know, and, um, and applications.

And so we think there's going to be a lot of demand for sort of like branch and HQ, uh, to the edge, um, demand.

Uh, but we, we won't go too much into that because we didn't, uh, cover it very well.

So, uh, Anna, if you're an existing Packet Fabric customer and you're interested in, you know, connecting to Cloudflare over the Packet Fabric network, what do I do?

So if you, if you're an existing Packet Fabric customer and an existing Cloudflare customer, all you need to do is go into, is go into the Packet Fabric portal, go to marketplace and select connect to Cloudflare and the magical engineers over at Cloudflare will handle the rest of that connection process and make sure that, you know, your origin or your DubDub server is safe and secure nestled behind both of our networks.

Okay. Sounds good.

And if I'm not a Packet Fabric customer yet, but I'm interested in what I've heard today.

Uh, it's really easy. You can go to dubdubdub.packetfabric .com and hit register and create yourself an account and get connected to Packet Fabric today.

Very good. And for the Cloudflare folks, here's your intro is your information, existing customers, talk to your account team, new customers.

Uh, he's the best way to get in touch.

All right, Anna, it's been a pleasure. I think, uh, I'm about to get the hook to, to pull me off stage.

So, uh, it's really been a pleasure to talk and looking forward to this partnership.