Latest from Product and Engineering
Presented by: Jen Taylor, Annika Garbers
Originally aired on September 27, 2021 @ 7:30 AM - 8:00 AM EDT
Join Cloudflare's Head of Product, Jen Taylor and Product Manager,Annika Garbers, for a quick recap of everything that shipped in the last week. Covers both new features and enhancements on Cloudflare products and the technology under the hood.
Original Airdate: August 21, 2020
English
Product
Transcript (Beta)
Hi, I'm Jen Taylor, Chief Product Officer at Cloudflare, welcoming you again to the latest installment of Latest from Product and Engineering.
This week I'm joined by Annika Garbers who's our Product Manager for Magic Transit.
Annika, you want to take a couple minutes to introduce yourself?
Hello, sure. I'm Annika, like Jen said, Product Manager for Magic Transit.
I just graduated from Rochester Institute of Technology back in May, so I've been with Cloudflare for a couple of months and I'm totally loving it so far.
It's been an awesome experience and I also actually interned at Cloudflare last summer and worked on a project called Origin Monitoring which helps customers know when their origin servers are down.
So excited to be back and working on some new stuff.
Well and I'm super excited that you're here at Cloudflare.
It's such a pleasure to work with you but I'm even more excited that you're here today to talk with us about Magic Transit because I believe we just celebrated the one-year anniversary of the launch of Magic Transit, is that correct?
Yeah, last week we were super pumped. Okay, so what is Magic Transit?
Great question. So when people think about Cloudflare and Cloudflare's products, the first thing that probably comes to mind is things on the web.
So our CDN and our cache and our web application firewall are all examples of things that help protect and secure your web properties.
But there's things on the Internet other than just websites or things that are making HTTP requests.
There's a whole OSI model that is dedicated to understanding how these layers of the stack all work together to deliver all kinds of different traffic, including just web traffic.
And so Cloudflare, sort of Cloudflare classic products, work at layer seven.
So that's the application layer. We have Spectrum that we introduced a couple of years ago which allows you to proxy any traffic that is GPP or UDP.
So that's down at layer four of the OSI model. And then Magic Transit is really our product for networks.
So that's layer three. And what that means is that any IP traffic, so any packets that are running on the Internet, can be secure and faster with Magic Transit.
And so we're protecting now customers not only their websites but actually their entire data centers and all of their infrastructure that's connected to and communicating with the Internet.
So we've got this great business at the application layer.
Like why did we decide to tackle the network layer?
Yeah, so part of the reason is that we actually already built the product.
We already built Magic Transit for our internal use. So Cloudflare has this big Anypass network.
We have tons of servers that are all over the world.
And while most of the traffic that we're doing, because we're serving these applications to our customers, is at the application layer, we also needed to be able to protect and secure and accelerate our our own networks and our own data centers.
So over the past 10 years we built all of this technology that's dedicated to protecting our own infrastructure from things like DDoS attacks, to do firewall and all of these sort of other network functions.
And so we already had this great thing and then customers over time were asking us more and more like, hey you're doing great stuff for me at layer seven.
You're protecting my websites and Spectrum is awesome.
I can protect you know my gaming applications or anything that I have running sort of custom protocols.
Can you do that same stuff at layer three?
And we sort of took a step back and looked at it and we're like, oh actually we're already doing this for our own data centers.
Can we extend it to customers?
So it was sort of the serendipity of like, oh man we already have this battle-tested product.
It works. It's awesome you know working for us.
And then customers really have this need to protect not only their websites but also everything else.
Now why is protecting networks hard for for people?
That's a good question. There's a couple of different ways that people have accomplished this goal of protecting their networks in the past.
One of those is they can buy boxes.
So that means there's hardware boxes that they can purchase and install in their data centers and those sort of sit in front of the rest of their infrastructure and filter DDoS attacks.
But the issue with those is that they're expensive.
They take a lot of time to maintain and then also the ability to handle attacks is still based on the capacity of the network that you have behind that device.
So if somebody sends you a really huge attack, it doesn't matter how amazing your DDoS device is, it just might your network might not be big enough to handle the attack.
So then there's a second option that was introduced to handle this problem which is sort of cloud scrubbing which is similar to Magic Transit but the difference is that these companies will have a couple of data centers around the world that are dedicated to scrubbing this traffic.
And so incoming traffic or attack traffic, good traffic, whatever, will come into these services but then be dispatched sort of around the world to these dedicated scrubbing centers and then eventually send on the good traffic eventually sent on to the end destination.
So that solves the volumetric problem but then now it's introducing latency because you're sending traffic all over the world before it gets to where it needs to go.
So those are the reasons those are the kind of problems that customers face or like either you know I have these boxes they're expensive they take a long time to maintain and they maybe can't fill the full need that I have or I'm introducing a lot of latency by sending traffic all over the place for different functions and so Magic Transit solved those problems for customers.
Got it and kind of like how did we I mean how did we solve it how did we approach it you know what's what's different about the way that that we solve it than maybe some of these other solutions?
Yeah the really key thing is that Magic Transit runs on every single server at all of our data centers and we also advertise our customers IP addresses from every single router at every one of our data centers.
So incoming traffic is attracted to the closest router so that's really likely to be somewhere that's very close to where the end user is as opposed to being you know somewhere far away across the world where the traffic takes a long time to go.
So incoming traffic comes in fast it gets processed really fast and then it dispatches to the customer fast so we're we're basically localizing all of that stuff to locations that are really really close to the customer so that traffic doesn't have to get sent around all over the place.
Got it so so many of the same advantages we've had in providing DDoS solutions for layer seven and layer four we were able to extend down to the network layer as well.
Yeah exactly. Yeah yeah now I mean obviously you know when products run out the door in their in their infancy you know there's there's a lot of work that that we do and we as we sort of round out and and kind of flesh out the the offering.
What are some of your what are some of your favorite product enhancements that we've we've released?
Oh recently? Yeah yeah a couple of really really exciting things so when we introduced Magic Transit originally it was available to customers only in sort of an always on option so basically quad flare advertises your IP addresses all the traffic comes to us all the time.
One of the things that we introduced after that was the ability to use Magic Transit on demand so you can trigger your advertisement your IP advertisement which decides whether traffic gets attracted to quad flare or your data centers whenever you want and you can do that via API or now via our new UI which is really exciting.
We've also recently introduced some tools that help with diagnostics so lots of weird stuff happens on the Internet.
There are lots of we've talked so far about the the eyeballs that end users Cloudflare and then the origin data centers but there's lots of other intermediary people that are in between all of those links there's other transit providers other other cloud providers and so being able to diagnose what's going on in the middle of all that stuff is really difficult and we've given our users some tools to be able to do that which is really exciting and then a big one that came out a couple of weeks ago was that we're we announced an integration with Cloudflare network interconnect which allows customers to actually connect to Cloudflare with a physical cable so now we're down at layers one and two either a physical cable or a sort of a virtual cable through one of our partners that's connected to both Cloudflare and you and actually get your traffic that's sent from Cloudflare to you over this really secure private link so now the clean traffic has no exposure whatsoever to the public Internet which is really great for our super security content customers.
That's amazing so tell me more what is Cloudflare network interconnect is like how does that how does that fit into the puzzle here?
Yeah sure so in in a pre Cloudflare network interconnect cni pre cni world and and also a lot of our our you know new continuing magic transit customers are going to prefer this option you can do either but traffic is sent to to origin service to our customers from Cloudflare through what's called a GRE tunnel generic routing encapsulation and that basically just means there is a private endpoint at Cloudflare and a private endpoint at our customer and so nobody you know outside of the Internet knows those addresses but we send traffic to and forth through that that connection and some of our customers were like okay cool like I understand this is this is neat but it would be awesome if that that tunnel you know that it still technically runs on the Internet so it still transpire goes through some intermediary networks I can't you know necessarily like if one of those networks in the middle is flapping or having issues there might not be anything I can do to control that so what if I made that tunnel like an actual physical cable in a data center and you just sent me information through that we're like sure and so now you have cloud flare network interconnect which means yeah you can you can plug a cable or you can get somebody else to sort of plug a cable into both ends to connect to cloud flare directly that's awesome that's I mean just like that added layer of security and the thing that I really love in in the way that you talked about kind of some of the investments that we've made over the course the last year is that I feel like so many of them are guided by the journey that we've had with with some of our customers on on magic transit you know without naming names because we don't know where we are in terms of being able to name names you know can you give me can you talk to me maybe about a customer that you've been working with uh on magic transit and and sort of some of the insights and and the learnings from those conversations yeah uh let me think of a good example um I'm I'm trying to think of so like one that we we actually can name names for that we published a case study about last week which we're super excited about is uh is Wikimedia and so yeah under attack um last uh last September so magic transit was like a really baby product at that point we launched it in August and then um we uh we heard you know in September of this major DDoS attack that was affecting Wikimedia and we were able to help them through big team effort on board with magic transit and stop the attack and get back online after a couple days of being offline and so um that was that was a huge huge deal for for both us and Wikimedia and our relationship with them since then has been really awesome and uh I like how you said like yeah what we're working on with the product is sort of as you know growing with our customers and learning more about what they need and um and and they'll come to us you know with new use cases once in a while and be like hey we found this other cool thing are you thinking about this can you do this um and so we're we're really excited that uh that we're getting sort of consistent feedback from them that really aligns with our roadmap as well as with our other customers and so everything you know all the new stuff that we're working on we're putting out they're also like down to test out with us and talk to us about which is really really great and we're grateful for that relationship that's fantastic you know one of the things you mentioned uh a few minutes ago before we started talking about network interconnect was the investments that we've been making around diagnostics and and giving customers sort of greater visibility just like stepping back like when when a customer who's using magic transit talks about needing diagnostics like what are the kinds of information that they need visibility into um and and what do they end up doing with that information yeah totally so without cloud flare uh the the world sort of looks like this you have the customer you have their their router and their origin servers and then you have the the Internet that's sending them traffic and so in this case they're getting all of the traffic good and bad directly to them to their infrastructure and so they can see all of it like they see what's happening they see the good they see the bad they see you know when there are problems on the network they can run what's called a trace route so a tool that basically tells them about the health of each intermediate step step along the network path from a customer to them and so you know although it might be rough because it means that they're getting like a lot of attack traffic that they don't want they have total visibility into everything that's happening between a customer and them but then what happens when you put Cloudflare in the middle is that all of a sudden all of that traffic is coming to and then all of the traffic that's going to the customer is now like 100% with magic transit from from Cloudflare and so uh so customers are now like okay hang on what i had all of this visibility before into like what's going on over here what's going on with the Internet and now like i just know the thing what i'm getting from Cloudflare but maybe i do actually want to know more about what came in originally so like if i if i was under attack it's awesome that you just stop the attack automatically for me but like tell me more about that who was attacking me how much were they attacking me what kind of things did you do to stop the attack um you know if i'm if i tell you specifically to filter a given kind of traffic like how much of that traffic am i actually getting like none you know none from what i can see but like how much is coming into Cloudflare so all of those sorts of things around what's coming in basically what are we doing about it and then the third thing is the link between Cloudflare and our customer too they again can can see uh what's going on at their origin server and their origin router but if there's a problem in in the middle between Cloudflare and them they don't have a lot of visibility into that either so that's what's been going into a lot of the tooling that we've been building around magic transit and then also just sort of zooming out to like networks in general is the ability of our our customers that customers have better understanding yeah it's one of those things where it's like don't worry about it we're doing such a good job about the details but don't worry about it like you'll just get the clean traffic you'll be fine right yeah it's like here from really commonly like um you know i just i forget that it's there right like magic it's on and i used to get paged all the time for like random stuff or attacks that come in or whatever and now i i don't get paged anymore i can sleep through the night and that's awesome almost all the time except for if i you know happen to be curious about what's going on with my incoming traffic yeah because then you got to keep you got to keep abreast of of kind of that that whole thing yeah um you know it's as i said i think you know in in a in a short time i think the team has covered a great deal of of space specifically i think in this this diagnostic space if i understand correctly these capabilities are available in product today with with the analytics as well as as the logs yeah yeah so magically the customers can go to the network analytics dashboard and see currently what's going on with all of the incoming uh attack traffic so they get the ability to look at the high level like how how much traffic is coming in and how much are we mitigating um and and dropping versus how much was coming through to me and there's still lots of things that we want to add to that dashboard um there's there's new uh brand new ddos mitigation capabilities that we've introduced that we want to provide more visibility around to customers of what are what's allowing and uh dropping and other kinds of actions that we're taking to to make sure that the traffic is legitimate um so so we want to provide that visibility and more visibility into um things like our the magic firewall as well um so that's all coming up but there is definitely more now than when we launched uh information available to the customers that's fantastic you know you already sort of started touching on this but you know i'm always kind of curious it's like great we've you know it seems like we've made made a ton of progress over the course of the past year you know obviously kind of making headway on on all sorts of different levels in terms of kind of the protections we offer the relate the ways in which our customers can can um can activate and use the service um and then the visibility they get from that you know without without a great deal of specificity so we don't want to disclose too much about a roadmap but like as you look forward what are some of the key questions the team is is curious about what are some of the things that the team is exploring yeah um a couple a couple of different sort of buckets of things so we've already talked about the visibility bucket there's definitely work we want to do there we think our analytics are already pretty awesome we want to make them even more awesome another bucket is around uh around control of traffic so right now customers can turn on and off their um ip prefix advertisements with the api or with the ui um but turns out network engineers really love using bgp which is the border gateway patrol the or a protocol and protocol that um dictates how traffic flows around the Internet between routers network engineers want to use that protocol to control everything everything that's talking to their routers including Cloudflare so um bgp control from uh from uh Cloudflare's edge to the customer and and vice versa is one really big thing and there's lots of lots of things that could mean that can mean just uh sort of similar to what our dynamic advertising api does now like turn on and off my advertisement or it could mean um things like you know advertise my ips in specific places or advertise only specific parts of my ip so like there's sort of different kinds of fine-grained control that you can get with bgp that we're exploring which is exciting um uh we are looking more into the network firewall capabilities so uh so right now you have the ability as a magic transit customer to configure rules that allow or block certain types of traffic like things from certain ip addresses or ports or protocols um but we want to we want to get even smarter than that we want to we want to do um uh more more sort of like things in line with like next gen firewall capabilities and so we're looking at expanding our existing firewall to get smarter um over time and then uh the third thing that i'm super pumped about is at layer 7 and at layer 4 we have uh our go smart routing which is like ways for the Internet it allows allows us to send traffic around the fastest ads that we can because we see so much of the Internet we can actually see where congestion is happening and then make decisions to route traffic in specific ways and that's been a huge benefit to our customers that are using it at layer 7 and layer 4 and we want to bring those same smart routing benefits to customers at layer 3 by integrating our go with magic transit so we're really psyched about that one too that's cool so you know one of the things i'm kind of curious about you know obviously now we're playing at at layer 7 at layer 4 and layer 3 you know are there are the kind of synergies or benefits that that we get from from offering customers kind of the like more of the stack yeah absolutely one of the big things um that is not like super fun or interesting to talk about but it's actually a huge deal for customers is that all of the configuration for all of those products lives in a single pane of glass in the Cloudflare dashboard so instead of having you know provider a and provider b and provider c and like all these different things that you have to open and different tabs you have to manage and like trying to correlate across those when the data formats are different and like the time stamps and all of these little sort of details about using multiple products to manage your your uh your stack of everything that's connected to the Internet now i can just use Cloudflare and go to the dashboard and see all of my stuff in one place if i have a question about you know layer 7 and then i think that there's a correlation with what's going on in layer 7 with something going on layer 3 that's just a button click away as opposed to a whole separate dashboard and a different like view and way of thinking about things um so that's huge and then also uh all of our our products you know integrate with each other and and worked sort of really seamlessly and we built them to be able to do that again because we built our layer 3 stack to support our layer 7 products in the first place and so um you can do things like if you're using magic transit with uh spectrum so let's say you have some of your ip space that you're advertising with magic transit is dedicated to serving uh some some gaming applications and you want those to be faster and more secure you can say okay only you know from this entire ip space that's magic transit only uh a part of that take a part of that and connect it to spectrum and then when the traffic arrives at Cloudflare you automatically it automatically gets routed through the correct products and again everything runs on every server so we're not dispatching traffic around all over the world to handle different kinds of functions that's awesome what's it like to collaborate with those other teams like how did like how does that work like you know i mean because you know i i know enough about the inside of Cloudflare to know that like you've got somebody's focused on layer 7 somebody's focused on layer 4 and all those other things um like how um how do you guys how do you collaborate how much coordination does it take what does that look like yeah i mean there's a huge amount of coordination i mean just just serving magic transit is a huge amount of coordination between not only the team that's directly working on magic transit but also our uh system reliability engineering our network our ikea uh address management um you know devos seems like all kinds of people touch just magic transit so you can imagine it once you add other products to that and start stagging and integrating them it just gets more complicated and and and wilder but i honestly love it so much because i'm constantly learning from that process i think all of our engineers are constantly learning from that process um some of the engineers that have been working on you know our spectrum team and are super familiar with layer 4 capabilities have started helping out on some of the things that are related to layer 3 and so they get the opportunity to explore new parts of the stack which is awesome for their own learning and growth and then i think also you mentioned like what what is it like specifically to collaborate and i think the really awesome thing that i love about being at Cloudflare is that everybody regardless of what product they're working on really cares about our customers experience and so if you frame the conversation in that way like hey we want to plug magic transit and spectrum into each other not just because we think it would be cool but because the customer experience is going to be so much better and we're going to have all these kinds of customers that are going to be able to do new things that they haven't been able to do before like everyone gets on board with that super fast which is really exciting that's super cool so one of the things sorry uh it's it's uh it's it's live live web video from home and and my dog was so excited and uh wants to collaborate with you she's especially interested uh on an application layer uh application layer security but uh things are maybe deeper opportunities for the network so uh she's she's here to help us with this call um so you know one of the things that uh i kind of wanted to just pivot on as we have you know i have a few minutes left here but um you know i'm sure many people are are listening to this and and reflecting on you know one of the things you mentioned at the beginning is you know you just started here at Cloudflare um a few months ago but i i have to say uh you're have a huge understanding of kind of the product and the customer um i imagine many other people that are watching this may also be in the process of looking for a role or starting a role like what are some of the things that that you have found kind of helpful for you in in building out these relationships in this this collaboration kind of in this situation yeah um i think it's definitely been uh uh easier because Cloudflare's culture is awesome like people love answering questions um people don't treat you like you're dumb if you ask what you think is a dumb question um and so i think like that that is that's part of it is just like reaching out to people being super you know honest and transparent and humble and just like hey there's this thing that i don't understand can you help me figure out and work through it and everyone's been been awesome in just being like yeah yeah let me explain it to you actually this is really hard and like let's look at a you know a jam board session and work through it together which is awesome and then i think sort of in the reverse direction of that uh being like for me it's been really helpful to be really transparent about the things that i do feel comfortable and confident in and feel like i understand and then the places where i feel like i am um struggling or have knowledge gaps and not trying to sort of like fudge my way through or like get through anything when i'm when i clearly like don't know what's going on magic transit again like networking product most of my experience uh before this was doing stuff sort of closer to layer seven and so there's been a lot of um of uh of learning curve in working on this product but i think just sort of being like straightforward and honest with people you know especially the people that i'm working with all the time every single day like um nick who's the engineering manager on magic transit who's amazing and rustin who's the product director for our group and just being like yeah i don't really get how bgp works like really what is it like can you explain it again um and and you know people are friendly and they can tell when you are trying hard to understand something and they're not gonna shame you for needing an explanation again that's okay well i think that you know one of the things so you know i i've been here longer i've been here almost three years but uh i also kind of you know i came in the door and i was a little like whoa you know i know some of this i don't know all of this you know one of the things that i think um really uh really captures a lot of our culture is just this kind of inherent curiosity that i think uh so many people inside our organization have i think that it's it's a big part of what ends up kind of fueling the collaboration and uh people being able to be like i understand this and i don't understand that i also think that it's a big part of what fuels our innovation um because we're constantly kind of curious about like how does that work can we make it better yeah yeah yeah yeah yeah um you know and the other thing i wanted to to spend a moment touching on because i i also know that that many of the folks watching may be in a place where they're considering pursuing an internship or or um or you know kind of some some work experience kind of while they might be you know maybe taking classes from home and stuff like that you talk to us a little bit about kind of how you thought about and how you pursued i know you did internships at a variety of different companies how did you approach looking for an internship picking an internship um you know what what what made for a good internship for you oh that's a good question yeah i did do a bunch of internships because i i went to uh rit which is the co-op school so it's like part of the graduation requirement that you spend at least a full year during internships for me some people spend that whole year at one company for me that meant jumping around to a bunch of different places so i think i got a lot better at sort of the the the process um after like the process of looking for one and trying to figure out what a good bet would be after the first couple but thinking back to um to those first few years of college what that was like um i think uh in in in um in talking to uh talking to people at companies and in interviewing or like starting to look around for internships i think um one thing that was helpful for me was asking about not only like what what are you doing today and what does a normal day in your life look like and stuff but also like what is kind of a bold question but what problems do you have like what are you what do you experience in your job that is difficult that keeps you up at night that's annoying that you feel like you know i shouldn't have to spend a bunch of time doing this manually and then like think through that you know the things that the that person has just said to you and think about like what could i do as an intern in a 10 week or 12 week or several month period whatever to like fix that problem for that person and whether that means you know whether that you're in a project management or product management which is most of my experience but or also engineering role um being able to articulate back to them like okay so what i hear you saying is you're having this problem let me think about that for a second like these are some things that i think i could help you do to solve that problem that's you're making a really compelling case for yourself as a candidate at that point when you're adding real value to to the organization and and i think you know um you know one of the things that we spend a lot of time thinking about as we put together our internship programs is making sure that we do have a very specific problem that we're going to have people kind of come in and and work against and and um and deliver something on which i think is uh you know frankly i've just been so impressed with the intern class we've had in the past the intern class we have this year um you know i think about the impact that magic trans you know interns have had on on things like magic transit and some of the diagnostics um and uh you know i'm i'm thrilled that you know you're on board now with us and clearly you know definitely like fully in the seat here with magic transit um uh you know we're just about now at time but i wanted to to thank you again for for taking a taking some time to reflect on magic transit on its one year anniversary where we'll come and where we're going and um kind of how we're changing the face of the Internet so thank you very much i hope you have a great weekend thank you too