Blog > NetConnect IP Transit Solutions

NetConnect IP Transit Solutions

Unitas Global's CTO and Co-Founder, Grant Kirkwood, discusses donut peering, bypassing traditional telcos, and next-level security in Netrality’s new IP transit service.

Netrality’s Vice President of Interconnection and Network Solutions, Jonathan Martone, sat down with Grant Kirkwood, CTO and Co-Founder of Unitas Global to discuss NetConnect, Netrality’s IP Transit solution powered by Unitas Global.


Grant Kirkwood (00:05):

I’m here today with Jonathan Martone, VP of Interconnection and Network Solutions at Netrality Data Centers and I’m Grant Kirkwood, Chief Technology Officer at Unitas Global. And we’re here to talk a little bit about our partnership around NetConnect. So Jonathan, why don’t you tell us about the NetConnect offering?

Jonathan Martone (01:16):

Absolutely. Great to be with everybody. NetConnect, powered by Unitas, is a multi-homed SDN IP service. Interconnections are made in all relevant peering points in over 150 countries, including our own data centers and other peering partners. It has direct connectivity to over 5,500 other networks and over 4,000 SaaS providers, and the speeds range anywhere from 100 Mbps up to 100 gigs. It’s available in 1102 grand in Kansas City, 210 North Tucker in St. Louis, 717 South Wells in Chicago, 401 North Broad in Philadelphia, and 1301 Fannin in Houston. So now that we know a little bit about what it is and where it’s available, a question for you Grant from a technical perspective, a lot of our consumers of data center and network services understand the value peering brings to network connectivity, including reduction of latency improvement of performance, etc. How does your famous donut peering further enhance the value and performance of our NetConnect SDN fabric and what is donut peering anyway?

Grant Kirkwood (02:27):

I’m glad you asked. So, it’s kind of interesting. As the Internet has evolved over the past couple decades, the way that networks connect with each other has changed along with the requirements that users have. Historically it was very centralized in a small number of tier-one network providers. And these are the very largest networks in the world. But today the Internet’s comprised of over 75,000 individual networks. The vast majority of those are end-users, but there’s a big number of them that are kind of outside the core of traditional tier-one providers. So, whereas there might be 15, 20, 25 of the traditional tier-one Telco’s, there’s about 5,000 what are called tier-two networks that kind of sit further afield. If you envisioned all those core networks in the middle and put all those tier-two networks around them, almost like a halo or a donut, in this case, you’d see that there are thousands of those.

Grant Kirkwood (03:30):

And what’s interesting is that a lot of the traffic on the internet today actually starts and ends at those tier-two networks. So the whole concept of donut peering is if you envision the Unitas network and the NetConnect product as one of the sprinkles on that donut and those other 5,000 networks around the tier-one cores as sprinkles as well, what we’ve done is create direct connections into those thousands of networks. What that means is the traffic that goes between Netrality customers and any of the users that set in that in that kind of ring around the core, the traffic goes there directly. So it bypasses traditional telcos which means fewer hops, lower latency, and better throughput. All that translates into better performance for the customers. A question for you, what types of applications or use cases are you finding that Netrality customers are looking to use NetConnect for?

Jonathan Martone (04:38):

That’s a really good question. I would say, you know, the vast majority of our customers are using NetConnect in a multitude of fashions specifically production environments where they actually need to stay a hundred percent uptime and they’re using NetConnect because of the multi-home design that it possesses. And it mitigates single points of failure from a backbone standpoint. They’re really liking using it to leverage that SDN fabric to connect and reach peers that actually sit in our data center. So all that traffic never leaves the four walls of the data center which is awesome because obviously it increases performance, reduces latency, and keeps all that traffic localized in that central business district. I would say that we have a mix of customers using it for static routes.

Jonathan Martone (05:32):

Others are using it for BGP where they already have their own AS provider. They already have their own AS number from ARIN and they’re bolting on NetConnect to add additional diversity to their network. Some are using it for out-of-band management and some are using it if they get in a bind and they’ve turned up new compute, some new edge compute or edge storage, and they need quick provisioning for just-in-time applications and unexpected traffic. The nice thing about the NetConnect tool it is SDN based. We pre-provision all the cross-connects in the data center, so customers can literally get NetConnect turned up the same day if somebody’s in a bind. We can offer that in that data center. So its been a very flexible source for our customers to leverage in the data center.

Grant Kirkwood (06:20):

That’s great.

Jonathan Martone (06:22):

So, you’ve established direct peering in our Netrality ecosystem. I talked about that a little bit earlier. I don’t want to put you on the spot, but what percentage of traffic from a typical data center customer would benefit from your donut peering versus is relying on traditional telco providers?

Grant Kirkwood (06:40):

Well, it depends a lot on the use case. I like to use an example that I think everybody’s familiar with in their after-work hours, hopefully. Imagine you’re sitting at home and you want to watch some streaming video content. Again, after work, I wouldn’t encourage that during the day. That transaction is video traffic that’s flowing from something like a Netflix to your home ISB, which could be a cable service, or DSL, or any number of other access mediums. In that transaction, you’ve got a large amount of data flowing from a content provider, to an eyeball network, or a broadband network. It’s a very common use case. Watching a movie is probably an extreme example in terms of the imbalance in traffic, but it’s a good one.

Grant Kirkwood (07:36):

Think about what we’re doing today in our hybrid work from home/ work from office kind of model. We’re on Zoom and Teams and all these other video conferencing tools with a similar exchange of traffic, but that’s bidirectional nature. In all of those examples, you have traffic coming from one tier-two network going into another tier-two network, right. And that can be from a content provider to a broadband network or from a data center customer to a SaaS application or a cloud provider. Most commonly, those are tier-two networks that buy transit from tier-ones. Most of the industry analysts and people that study the evolution of the internet and traffic at large think that around three-quarters of all internet traffic actually starts or ends at a tier-two network, or it’s immediately attached downstream customers.

Grant Kirkwood (08:33):

For a common average data center application that would suggest that probably something like 60%, 70%, 80% of traffic is going to benefit by bypassing traditional telcos in the middle and going directly to those end destination networks. We are finding this is really super important particularly over the last couple of years as our global work environment has shifted to a more distributed workforce that’s created the need for new bandwidth in places that maybe didn’t demand it before. In particular, as more collaboration, things, like video conferencing, that probably was the case in the past.

Jonathan Martone (09:20):

That’s awesome.

Grant Kirkwood (09:24):

On that note, I’m curious. As you think about the past couple of years and the types of connectivity services that Netrality customers need, how have you seen that evolve if you have?

Jonathan Martone (09:37):

That’s an awesome question. Pre-COVID the vast majority of the workforce was in a commercial building. They were in the office, everybody was sharing T1’s and 10 mbps, and 100 mbps of internet. Boy how times have changed. Today everybody’s at home using 100 mbps or using gig. So, they’re used to very high performance, very low latency. So, in the data center, we’ve seen just this huge explosion of capacity needs. Out-of-band management used to be 10 mbps. Now it’s 100 mbps gig minimum. Customers were asking for 400 gig interfaces, 100 gig interfaces, and even 800 in terabits. It really has transformed and really accelerated the need for bandwidth in the data center. Everything from web applications that have to have enough bandwidth to be leveraged.

Jonathan Martone (10:33):

Businesses are moving workloads closer to the users, vis-a-vis edge computing, which obviously helps performance. Each one of those edge computing deployments requires a ton of bandwidth whether it’s IP transit, MPLS, SD-WAN, DWDM, dark fiber, etc. It’s incredible. The other thing is that our customers are demanding – peering in our data center. They want to peer with Netflix, you talked about them. They want to peer with Akamai, CDNs, Cloudflare, Fastly, Limelight, and other private peering participants which increases their performance. The nice thing about the NetConnect interface is that it natively peers with all the peering participants in our data centers and is serving a really nice SDN form factor that customers can consume in the data centers. It’s been quite a journey and it’s going to continue to grow as things get faster and compute continues to grow.

Grant Kirkwood (11:38):

Totally, totally agree.

Jonathan Martone (11:40):

So obviously cybersecurity is super important. Every day there’s a new breach. It’s on everybody’s top of mind. CNBC features cybersecurity breaches almost on a daily basis. So, how does the NetConnect DDoS attack detection help safeguard customers when they’re using it for IP transit?

Grant Kirkwood (12:06):

Yeah, there have been some interesting things over the past 12 months, certainly from a cybersecurity standpoint both in terms of ransomware, vulnerabilities, and widely used software, but certainly, from a DDoS perspective, we’ve seen a dramatic increase in the frequency of attacks on IP customers. I actually came across some stats from the UK National Cybersecurity Center that talked about three times as many ransomware attacks in the first quarter of 2021 compared to all of 2019 which is really a shocking statistic. Another study found that this was expected to continue increasing in 2022, believe it or not. We’ve certainly seen that. I think the number of attacks that we’ve seen on the network and network customers is probably five or six times what it was even 24 months ago.

Grant Kirkwood (13:09):

That means it’s beholden on us to take an action to actually protect our customers and provide them a level of safety. Now, we can’t inspect traffic payloads to make sure that traffic is legitimate, but what we have implemented is a system based on Kintek protect which is a very fast DDoS detection method. Within seconds it detects an attack and attacks that rise to the level of potentially impacting a customer’s connection, flooding their connection, or potentially even being large enough to impact multiple customers on the network. Those are immediately filtered proactively in real time. So there’s no lag time. We don’t need to go and declare some kind of event and send it off to a scrubbing center.

Grant Kirkwood (14:07):

We actually take proactive, immediate action to stop that, and that goes down to the individual specific IP address level. So it can be a single IP address that’s being attacked in a customer’s environment and we’re going to drop the traffic to that proactively to keep the rest of their environment up and running. That’s something that we’ve rolled out across the network and Netrality customers get access into the portal. They can see that traffic, what it looks like, and what’s happening within their network.

Jonathan Martone (14:37):

Wow. So you can null-write a specific IP address or a range proactively as opposed to scrubbing it and sending it off to another scrubbing center, which would introduce additional latency and performance issues. That’s awesome. Well, I think our time’s up, but as always I really like talking with Grant about technology and about what Netrality and Unitas are up to. I hope everybody thought this was informative, and if you need additional information about NetConnect, powered by Unitas, head to our website See you next time and thanks for having me.