Latest from Product and Engineering
Presented by: Jen Taylor, Annika Garbers
Originally aired on June 17, 2022 @ 10:00 AM - 10:30 AM EDT
Join Cloudflare's Head of Product, Jen Taylor and Product Manager,Annika Garbers, for a quick recap of everything that shipped in the last week. Covers both new features and enhancements on Cloudflare products and the technology under the hood.
Original Airdate: August 21, 2020
English
Product
Transcript (Beta)
Hi, I'm Jen Taylor, Chief Product Officer at Cloudflare, welcoming you again to the latest installment of Latest from Product and Engineering.
This week I'm joined by Annika Garbers who's our Product Manager for Magic Transit.
Annika, you want to take a couple minutes to introduce yourself?
Hello, sure. I'm Annika, like Jen said, Product Manager for Magic Transit.
I just graduated from Rochester Institute of Technology back in May, so I've been with Cloudflare for a couple of months and I'm totally loving it so far.
It's been an awesome experience and I also actually interned at Cloudflare last summer and worked on a project called Origin Monitoring which helps customers know when their origin servers are down.
So excited to be back and working on some new stuff.
Well and I'm super excited that you're here at Cloudflare.
It's such a pleasure to work with you but I'm even more excited that you're here today to talk with us about Magic Transit because I believe we just celebrated the one-year anniversary of the launch of Magic Transit, is that correct?
Yeah, last week we were super pumped. Okay, so what is Magic Transit?
Great question. So when people think about Cloudflare and Cloudflare's products, the first thing that probably comes to mind is things on the web.
So our CDN and our cache and our web application firewall are all examples of things that help protect and secure your web properties.
But there's things on the Internet other than just websites or things that are making HTTP requests.
There's a whole OSI model that is dedicated to understanding how these layers of the stack all work together to deliver all kinds of different traffic, including just web traffic.
And so Cloudflare, sort of Cloudflare classic products, work at layer seven.
So that's the application layer. We have Spectrum that we introduced a couple of years ago which allows you to proxy any traffic that is GPP or UDP.
So that's down at layer four of the OSI model. And then Magic Transit is really our product for networks.
So that's layer three. And what that means is that any IP traffic, so any packets that are running on the Internet, can be secure and faster with Magic Transit.
And so we're protecting now customers not only their websites but actually their entire data centers and all of their infrastructure that's connected to and communicating with the Internet.
So we've got this great business at the application layer.
Like why did we decide to tackle the network layer?
Yeah, so part of the reason is that we actually already built the product.
We already built Magic Transit for our internal use. So Cloudflare has this big Anypass network.
We have tons of servers that are all over the world.
And while most of the traffic that we're doing because we're serving these applications to our customers is at the application layer, we also needed to be able to protect and secure and accelerate our own networks and our own data centers.
So over the past 10 years we built all of this technology that's dedicated to protecting our own infrastructure from things like DDoS attacks, to do firewall and all of these sort of other network functions.
And so we already had this great thing and then customers over time were asking us more and more like, hey you're doing great stuff for me at layer seven.
You're protecting my websites and Spectrum is awesome.
I can protect my gaming applications or anything that I have running sort of custom protocols.
Can you do that same stuff at layer three?
And we sort of took a step back and looked at it and we're like, oh actually we're already doing this for our own data centers.
Can we extend it to customers?
So it was sort of the serendipity of like, oh man we already have this battle-tested product.
It works. It's awesome, you know, working for us.
And then customers really have this need to protect not only their websites but also everything else.
Now why is protecting networks hard for people? That's a good question.
There's a couple of different ways that people have accomplished this goal of protecting their networks in the past.
One of those is they can buy boxes.
So that means there's hardware boxes that they can purchase and install in their data centers and those sort of sit in front of the rest of their infrastructure and filter DDoS attacks.
But the issue with those is that they're expensive.
They take a lot of time to maintain and then also the ability to handle attacks is still based on the capacity of the network that you have behind that device.
So if somebody sends you a really huge attack, it doesn't matter how amazing your DDoS device is, it just might your network might not be big enough to handle the attack.
So then there's a second option that was introduced to handle this problem which is sort of cloud scrubbing, which is similar to Magic Transit but the difference is that these companies will have a couple of data centers around the world that are dedicated to scrubbing this traffic.
And so incoming traffic or attack traffic, good traffic, whatever, will come into these services but then be dispatched sort of around the world to these dedicated scrubbing centers and then eventually send on the good traffic eventually sent on to the destination.
So that solves the volumetric problem but then now it's introducing latency because you're sending traffic all over the world before it gets to where it needs to go.
So those are the reasons, those are the kind of problems that customers face or like either, you know, I have these boxes, they're expensive, they take a long time to maintain and they maybe can't fill the full need that I have or I'm introducing a lot of latency by sending traffic all over the place for different functions and so Magic Transit solved those problems for customers.
Got it, but like how did we, I mean, how did we solve it? How did we approach it?
You know, what's different about the way that we solve it than maybe some of these other solutions?
Yeah, the really key thing is that Magic Transit runs on every single server at all of our data centers and we also advertise our customers IP addresses from every single router at every one of our data centers.
So incoming traffic is attracted to the closest router so that's really likely to be somewhere that's very close to where the end user is as opposed to being, you know, somewhere far away across the world where the traffic takes a long time to go.
So incoming traffic comes in fast, it gets processed really fast and then it dispatches to the customer fast.
So we're basically localizing all of that stuff to locations that are really, really close to the customer so that traffic doesn't have to get sent around all over the place.
Got it, so many of the same advantages we've had in providing DDoS solutions for layer seven and layer four, we were able to extend down to the network layer as well.
Yeah, exactly. Yeah, yeah. Now, I mean, obviously, you know, when products run out the door in their infancy, you know, there's a lot of work that we do and we, as we sort of round out and kind of flesh out the offering.
What are some of your, what are some of your favorite product enhancements that we've released?
Oh, recently? Yeah. Yeah, a couple of really, really exciting things.
So when we introduced Magic Transit originally, it was available to customers only in sort of an always-on option.
So basically, Cloudflare advertises your IP addresses, all the traffic comes to us all the time.
One of the things that we introduced after that was the ability to use Magic Transit on demand, so you can trigger your advertisement, your IP advertisement, which decides whether traffic gets attracted to Cloudflare or your data centers whenever you want.
And you can do that via API or now via our new UI, which is really exciting.
We've also recently introduced some tools that help with diagnostics, so lots of weird stuff happens on the Internet.
There are lots of, we've talked so far about the eyeballs, the end users, Cloudflare, and then the origin data centers, but there's lots of other intermediary people that are in between all of those links.
There's other transit providers, other cloud providers, and so being able to diagnose what's going on in the middle of all that stuff is really difficult, and we've given our users some tools to be able to do that, which is really exciting.
And then a big one that came out a couple of weeks ago was that we announced an integration with Cloudflare Network Interconnect, which allows customers to actually connect to Cloudflare with a physical cable.
So now we're down at layers one and two, either a physical cable or a sort of a virtual cable through one of our partners that's connected to both Cloudflare and you, and actually get your traffic that's sent from Cloudflare to you over this really secure private link.
So now the clean traffic has no exposure whatsoever to the public Internet, which is really great for our super security content customers.
That's amazing. So tell me more. What is Cloudflare Network Interconnect?
How does that fit into the puzzle here? Yeah, sure. So in pre -Cloudflare Network Interconnect, pre-CNI world, and also a lot of our new continuing Magic Transit customers are going to prefer this option.
You can do either, but traffic is sent to origin servers to our customers from Cloudflare through what's called a GRE tunnel, Generic Routing Encapsulation.
And that basically just means there is a private endpoint at Cloudflare and a private endpoint at our customer.
And so nobody outside of the Internet knows those addresses, but we send traffic to and forth through that connection.
And some of our customers were like, okay, cool.
I understand this is neat, but it would be awesome if that tunnel, it still technically runs on the Internet, so it's still goes through some intermediary networks.
I can't necessarily, like if one of those networks in the middle is flapping or having issues, there might not be anything I can do to control that.
So what if I made that tunnel like an actual physical cable in a data center and you just sent me information through that?
And we're like, sure.
And so now you have Cloudflare Network Interconnect, which means, yeah, you can plug a cable or you can get somebody else to sort of plug a cable into both ends to connect to Cloudflare directly.
That's awesome. That's, I mean, just like that added layer of security.
And the thing that I really love in the way that you talked about kind of some of the investments that we've made over the course the last year is that I feel like so many of them are guided by the journey that we've had with some of our customers on Magic Transit.
You know, without naming names, because we don't know where we are in terms of being able to name names, you know, can you give me, can you talk to me maybe about a customer that you've been working with on Magic Transit and sort of some of the insights and the learnings from those conversations?
Yeah, let me think of a good example.
I'm trying to think of, so like one that we actually can name names for that we published a case study about last week, which we're super excited about, is Wikimedia.
And so we were under attack last September. So Magic Transit was like a really baby product at that point.
We launched it in August and then we heard, you know, in September of this major DDoS attack that was affecting Wikimedia.
And we were able to help them through a big team effort on board with Magic Transit and stop the attack and get back online after a couple days of being offline.
And so that was a huge, huge deal for for both us and Wikimedia and our relationship with them since then has been really awesome.
And I like how you said like, yeah, what we're working on with the product is sort of as, you know, growing with our customers and learning more about what they need.
And they'll come to us, you know, with new use cases once in a while and be like, hey, we found this other cool thing.
Are you thinking about this? Can you do this? And so we're really excited that we're getting sort of consistent feedback from them that really aligns with our roadmap as well as with our other customers.
And so everything, you know, all the new stuff that we're working on, we're putting out, they're also like down to test out with us and talk to us about, which is really, really great.
And we're grateful for that relationship.
That's fantastic. You know, one of the things you mentioned a few minutes ago before we started talking about Network Interconnect was the investments that we've been making around diagnostics and giving customers sort of greater visibility.
Just like stepping back, like when a customer who's using Magic Transit talks about needing diagnostics, like what are the kinds of information that they need visibility into?
And what do they end up doing with that information?
Yeah, totally. So without Cloudflare, the world sort of looks like this.
You have the customer, you have their router and their origin servers, and then you have the Internet that's sending them traffic.
And so in this case, they're getting all of the traffic, good and bad, directly to them, to their infrastructure.
And so they can see all of it, like they see what's happening.
They see the good, they see the bad, they see, you know, when there are problems on the network, they can run what's called a trace route, so a tool that basically tells them about the health of each intermediate step along the network path from a customer to them.
And so, you know, although it might be rough because it means that they're getting like a lot of attack traffic that they don't want, they have total visibility into everything that's happening between a customer and them.
But then what happens when you put Cloudflare in the middle is that all of a sudden, all of that traffic is coming to Cloudflare, and then all of the traffic that's going to the customer is now like 100% with Magic Transit from Cloudflare.
And so customers are now like, okay, hang on, I had all of this visibility before into like what's going on over here, what's going on with the Internet, and now like I just know the thing, what I'm getting from Cloudflare, but maybe I do actually want to know more about what came in originally.
So like if I was under attack, it's awesome that you just stopped the attack automatically for me, but like tell me more about that.
Who was attacking me? How much were they attacking me?
What kind of things did you do to stop the attack? You know, if I tell you specifically to filter a given kind of traffic, like how much of that traffic am I actually getting?
Like none, you know, none from what I can see, but like how much is coming into Cloudflare?
So all of those sorts of things around like what's coming in basically, what are we doing about it?
And then the third thing is the link between Cloudflare and our customer too.
They again can see what's going on at their origin server and their origin router, but if there's a problem in the middle between Cloudflare and them, they don't have a lot of visibility into that either.
So that's what's been going into a lot of the tooling that we've been building around Magic Transit, and then also just sort of zooming out to like networks in general is the ability of our customers that better understanding.
Yeah, it's one of those things where it's like, don't worry about it, we're doing such a good job about the DDoS, but don't worry about it, like you'll just get the clean traffic, you'll be fine, right?
And it's like here from customers really commonly like you know, I just, I forget that it's there, right?
Like Magic Transit's on and I used to get paged all the time for like random stuff or attacks that come in or whatever, and now I I don't get paged anymore, I can sleep through the night and that's awesome almost all the time, except for if I, you know, happen to be curious about what's going on with my incoming traffic.
Yeah, because you got to keep you got to keep abreast of kind of that whole thing.
You know, it's as I said, I think, you know, in a in a short time, I think the team has covered a great deal of space, specifically I think in this diagnostic space.
If I understand correctly, these capabilities are available in product today with the analytics as well as as the logs?
Yeah, so Magic Transit customers can go to the network analytics dashboard and see currently what's going on with all of the incoming attack traffic.
So they get the ability to look at the high level, like how how much traffic is coming in and how much are we mitigating and dropping versus how much is coming through to me.
And there's still lots of things that we want to add to that dashboard.
There's new, brand new DDoS mitigation capabilities that we've introduced that we want to provide more visibility around to customers of what's allowing and dropping and other kinds of actions that we're taking to make sure that the traffic is legitimate.
So we want to provide that visibility and more visibility into things like the Magic Transit firewall as well.
So that's all coming up, but there is definitely more now than when we launched information available to the Magic Transit customers.
That's fantastic. You know, you already sort of started touching on this, but you know, I'm always kind of curious.
It's like, great, we, you know, it seems like we've made a ton of progress over the course of the past year.
You know, obviously kind of making headway on all sorts of different levels in terms of kind of the protections we offer, the ways in which our customers can activate and use the service, and then the visibility they get from that, you know, without a great deal of specificity, because we don't want to disclose too much about our roadmap.
But like, as you look forward, what are some of the key questions the team is curious about?
What are some of the things that the team is exploring?
Yeah, a couple of different sort of buckets of things.
So we've already talked about the visibility bucket.
There's definitely more that we want to do there. We think our analytics are already pretty awesome.
We want to make them even more awesome.
Another bucket is around control of traffic. So right now customers can turn on and off their IP prefix advertisements with the API or with the UI.
But it turns out network engineers really love using BGP, which is the border gateway patrol, or protocol and protocol that dictates how traffic flows around the Internet between routers.
Network engineers want to use that protocol to control everything, everything that's talking to their routers, including Cloudflare.
So BGP control from Cloudflare's edge to the customer and vice versa is one really big thing.
And there's lots of things that could mean that can be just sort of similar to what our dynamic advertising API does now, like turn on and off my advertisement.
Or it could mean things like advertise my IPs in specific places or advertise only specific parts of my IP.
So there's sort of different kinds of fine grained control that you can get with BGP that we're exploring, which is exciting.
We are looking more into the network firewall capabilities. So right now you have the ability as a Magic Transit customer to configure rules that allow or block certain types of traffic, like things from certain IP addresses or ports or protocols.
But we want to get even smarter than that. We want to do more sort of like things in line with like next gen firewall capabilities.
And so we're looking at expanding our existing firewall to get smarter over time.
And then the third thing that I'm super pumped about is at layer seven and at layer four, we have Argo smart routing, which is like ways for the Internet.
It allows us to send traffic around the fastest ads that we can because we see so much of the Internet.
We can actually see where congestion is happening and then make decisions to route traffic in specific ways.
And that's been a huge benefit to our customers that are using it at layer seven and layer four.
And we want to bring those same smart routing benefits to customers at layer three by integrating Argo with Magic Transit.
So we're really psyched about that one too.
That's cool. So you know one of the things I'm kind of curious about, you know, obviously now we're playing at layer seven, at layer four, and layer three, you know, are there are the kind of synergies or benefits that that we get from from offering customers kind of the like more of the stack?
Yeah, absolutely.
One of the big things that is not like super fun or interesting to talk about, but it's actually a huge deal for customers, is that all of the configuration for all of those products lives in a single pane of glass in the Cloudflare dashboard.
So instead of having, you know, provider A and provider B and provider C and like all these different things that you have to open and different tabs you have to manage and like trying to correlate across those when the data formats are different and like the timestamps and all of these little sort of details about using multiple products to manage your stack of everything that's connected to the Internet, now I can just use Cloudflare and go to the dashboard and see all of my stuff in one place.
If I have a question about, you know, layer seven and then I think that there's a correlation with what's going on in layer seven, there's something going on in layer three, that's just a button click away as opposed to a whole separate dashboard and a different like view and way of thinking about things.
So that's huge. And then also all of our products, you know, integrate with each other and works sort of really seamlessly and we built them to be able to do that, again, because we built our layer three stack to support our layer seven products in the first place.
And so you can do things like if you're using Magic Transit with Spectrum, so let's say you have some of your IP space that you're advertising with Magic Transit is dedicated to serving some gaming applications and you want those to be faster and more secure with Spectrum, you can say, okay, only, you know, from this entire IP space that's Magic Transit, only a part of that, take a part of that and connect it to Spectrum and then when the traffic arrives at Cloudflare, you automatically, it automatically gets routed through the correct products and again, everything runs on every server so we're not dispatching traffic around all over the world to handle different kinds of functions.
That's awesome. What's it like to collaborate with those other teams?
Like, how does that work? Like, you know, I mean, because, you know, I know enough about the inside of Cloudflare to know that, like, you've got somebody who's focused on layer seven, you've got somebody who's focused on layer four and all those other things.
Like, how do you guys, how do you collaborate? How much coordination does it take?
What does that look like? Yeah, I mean, there's a huge amount of coordination.
I mean, just just serving Magic Transit is a huge amount of coordination between not only the team that's directly working on Magic Transit but also our system reliability engineering, our network, our IP address management, you know, DevOps teams, like all kinds of people touch just Magic Transit so you can imagine it once you add other products to that and start stagging and integrating them, it just gets more complicated and wilder.
But I honestly love it so much because I'm constantly learning from that process.
I think all of our engineers are constantly learning from that process.
Some of the engineers that have been working on, you know, our Spectrum team and are super familiar with layer four capabilities have started helping out on some of the things that are related to layer three and so they get the opportunity to explore new parts of the stack, which is awesome for their own learning and growth.
And then I think also you mentioned like what is it like specifically to collaborate and I think the really awesome thing that I love about being at Cloudflare is that everybody, regardless of what product they're working on, really cares about our customer's experience and so if you frame the conversation in that way, like, hey, we want to plug Magic Transit and Spectrum into each other not just because we think it would be cool but because the customer experience is going to be so much better and we're going to have all these kinds of customers that are going to be able to do new things that they haven't been able to do before, like everyone gets on board with that super fast, which is really exciting.
That's super cool. So one of the things, sorry, it's live web video from home and my dog was so excited and wants to collaborate with you.
She's especially interested on an application layer, application layer security, but things are maybe deeper opportunities for the network, so she's here to help us with this call.
So one of the things that I kind of wanted to just pivot on as we have, we only have a few minutes left here, but I'm sure many people are listening to this and reflecting on one of the things you mentioned at the beginning is, you just started here at Cloudflare a few months ago, but I have to say you have a huge understanding of the product and the customer.
I imagine many other people that are watching this may also be in the process of looking for a role or starting a role.
What are some of the things that you have found kind of helpful for you in building out these relationships and this collaboration in this situation?
Yeah, I think it's definitely been easier because Cloudflare's culture is awesome.
People love answering questions, people don't treat you like you're dumb if you ask what you think is a dumb question, and so I think that's part of it, is just reaching out to people, being super honest and transparent and humble, and just like, hey, there's this thing that I don't understand, can you help me figure out and work through it?
And everyone's been awesome in just being like, yeah, let me explain it to you.
Actually, this is really hard and let's look at a Jamboard session and work through it together, which is awesome.
And then I think sort of in the reverse direction of that, for me, it's been really helpful to be really transparent about the things that I do feel comfortable and confident in and feel like I understand, and then the places where I feel like I am struggling or have knowledge gaps and not trying to sort of like fudge my way through or like get through anything when I'm when I clearly like don't know what's going on.
Magic Transit, again, like networking product, most of my experience before this was doing stuff sort of closer to layer seven, and so there's been a lot of learning curve in working on this product, but I think just sort of being like straightforward and honest with people, you know, especially the people that I'm working with all the time, every single day, like Nick, who's the engineering manager on Magic Transit, who's amazing, and Rustin, who's the product director for our group, and just being like, yeah, I don't really get how BGP works.
Like, really, what is it? Like, can you explain it again?
And, you know, people are friendly and they can tell when you are trying hard to understand something and they're not going to shame you for needing an explanation again.
That's okay. Well, and I think that, you know, one of the things, so, you know, I've been here longer.
I've been here almost three years, but I also kind of, you know, I came in the door and I was like, whoa, you know, I know some of this.
I don't know all of this. You know, one of the things that I think really captures a lot of our culture is just this kind of inherent curiosity that I think so many people inside our organization have.
I think that it's a big part of what ends up kind of fueling the collaboration and people being able to be like, I understand this and I don't understand that.
I also think that it's a big part of what fuels our innovation because we're constantly kind of curious about, like, how does that work?
Can we make it better? Yeah. Yeah. Yeah. Yeah. Yeah.
You know, and the other thing I wanted to spend a moment touching on, because I also know that many of the folks watching may be in a place where they're considering pursuing an internship or, you know, kind of some work experience kind of while they might be, you know, maybe taking classes from home and stuff like that.
Can you talk to us a little bit about kind of how you thought about and how you pursued?
I know you did internships at a variety of different companies.
How did you approach looking for an internship, picking an internship? You know, what made for a good internship for you?
Oh, that's a good question. Yeah, I did do a bunch of internships because I went to RIT, which is the co-op school, so it's like part of the graduation requirement that you spend at least a full year during internships.
For me, some people spend that whole year at one company.
For me, that meant jumping around to a bunch of different places, so I think I got a lot better at sort of the process after, like the process of looking for one and trying to figure out what a good fit would be after the first couple, but thinking back to those first few years of college, what that was like, I think in talking to people at companies and in interviewing or starting to look around for internships, I think one thing that was helpful for me was asking about not only what are you doing today and what does a normal day in your life look like and stuff, but also what is kind of a bold question, but what problems do you have?
What do you experience in your job that is difficult, that keeps you up at night, that's annoying, that you feel like I shouldn't have to spend a bunch of time doing this manually, and then think through the things that that person has just said to you and think about what could I do as an intern in a 10 week or 12 week or several month period, whatever, to fix that problem for that person and whether that means, whether you're in a project management or product management, which is most of my experience, but also engineering role, being able to articulate back to them, like okay, so what I hear you saying is you're having this problem.
Let me think about that for a second.
These are some things that I think I could help you do to solve that problem.
You're making a really compelling case for yourself as a candidate.
You're adding real value to the organization and I think one of the things that we spend a lot of time thinking about as we put together our internship programs is making sure that we do have a very specific problem that we're going to have people come and work against and deliver something on, which I think is frankly, I've just been so impressed with the intern class we've had in the past, the intern class we have this year.
I think about the impact that interns have had on things like Magic Transit and some of the diagnostics and I'm thrilled that you're on board now with us and clearly definitely fully in the seat here with Magic Transit.
We're just about now at time, but I wanted to thank you again for taking some time to reflect on Magic Transit on its one-year anniversary, where we've come and where we're going and kind of how we're changing the face of the Internet.
So thank you very much, I hope you have a great weekend. Thank you too.
