Email a colleague    

August 2018

Netrolix Harnesses the Net’s Wild Mustang: Optimized Internet & Private/Secure Service at Low Cost

Netrolix Harnesses the Net’s Wild Mustang: Optimized Internet & Private/Secure Service at Low Cost

We think of the Internet as a big machine, but that’s not quite true.

If the Internet were a machine, you could easily fine tune and optimize that machine.  But as we know, the thousands of ISPs who collectively operate the Internet don’t share their performance data and routing choices with each other.

Ironically then: even though the Internet is massively interconnected around the world, Internet routing/performance intelligence is mostly local and proprietary.

More accurately, the Internet is a human marketplace where thousands of ISPs autonomously control their inter-connected machines.  And miraculously, this unguided, unplanned marketplace delivers a decent best-effort service.

Now there’s a happy — and unintended — consequence of all these intelligence-blind ISPs merrily operating and following their own self-interest: they have created a massive, high-capacity Internet that’s waiting for someone to come along and take it to the next level of performance.

So what if somebody actually took that next step to collect inter-ISP intelligence and map out an optimization plan?  How would they do it?  Well, here are three success factors on that path:

  1. Capture real-time and historical views of global Internet performance and routing across tens of thousands of ISP/data center nodes — and sensitive to time-of-day and key performance metrics;
  2. Use artificial intelligence to configure a user with multiple “most optimal” paths through the Internet; and,
  3. Include enterprise-grade security and connectivity options to satisfy the need for a safe, reliable, and full-featured service.

Is this an ambitious plan?  You bet it is.  But such a low-cost Internet optimization service exists today and is being delivered by Netrolix, a 20-person AI-based networking team based in Chicago.

At the ITW show, I met Wes Jensen, Netrolix’s CEO who briefed me on his story by saying, “Dan, we have actually harnessed the Internet...”

Well, hearing the words, “harnessed the Internet”, certainly flashed a hype-alert neuron in my brain.  But as Wes walked through his story, the pieces came together and made sense.  And I began to see how “harnessing the Internet” is a fitting metaphor for Netrolix’s invention:

The jockey of a Kentucky Derby race horse can’t hold back a half-ton thoroughbred pounding down the track at 35 miles an hour.  Instead he uses the harness and reins to steer that power in a winning direction.

In truth, Netrolix is not alone in this achievement.  It got a big technology and publicity boost from Intel Corporation who supplies the crucial network interface and chipsets for Netrolix’s AI-based platform.

In our discussion, Wes not only shows how Netrolix’s unique Internet optimization solution was developed and designed, he also compares his AI-based WAN approach to SD-WAN solutions, delves into the defense-in-depth features of the solution, and reveals some interesting things about how the Internet really operates.

Dan Baker, Editor, Top Operator: Wes, what is the basic mission of Netrolix in the WAN space?  And what’s your progress to date?

Wes Jensen: Dan, we have actually harnessed the Internet and I want to prove to you that statement is accurate.

What we offer is a big data and machine learning-based platform called AI-WAN that collects Internet data across 20,000 nodes and 68 global data centers.  And our mission is to collect data on the entirety of the internet.

From the billions of points of data we collect across ISPs from around the world, we have created a global fabric for connectivity.  Think of it as a foundation.  And we layer security and common services on top of that, like MPLS, Metro Ethernet, and Private Line.

We’re already up and running in North America, Europe, and the Middle East.  By the end of the year we’ll be in another 100 data centers as well as 38 countries in Africa, all countries in AsiaPac, and 33 locations in Latin America.

The big problem you address is getting the Internet to behave like a private managed circuit.  People have been wrestling with this problem for some time.

Yes, the funny thing about the internet is you are never guaranteed anything.  Sure, if it’s dedicated internet access from their location to you, then you can guarantee it.  But the local internet access providers don’t control upstream providers.

Your local cable provider may provide 100 Meg interconnection to your home, but with ten people in your neighborhood that’s 1 Gig of traffic and if there are another 10 neighborhoods nearby, then a 10 Gig capacity is filled up.

So there’s always an oversubscription, yet your cable provider will never tell you what that oversubscription is.  Moreover, you are not in control.

But with AI-WAN, we have full visibility into this problem and deep into the internet area beyond your neighborhood.

To get a better feel for what you’re up to, can you explain the difference between your AI-WAN technology and SD-WAN?

Think of AI-WAN as almost a layer above SD-WAN.  Whereas SD-WAN’s point of view is the information gathered from the device at the access location.  AI-WAN pulls and leverages available real time and historical information from multiple ISPs, core and edge devices.  Then, machine-learned artificial intelligence (AI) determines the best route in real time.

Here’s an analogy.  Let’s say you commute to Atlanta.  And before you go to work each day, you climb onto your roof to check the congestion in the local network of roads.  And today maybe you see your neighbor is digging up her driveway and causing a traffic jam.  So you now know you need to alter your route to work this morning.

So the rooftop is your SD-WAN point of view.  Now, by contrast, the Netrolix AI-WAN point of view is a helicopter above your house.  From there, you can see way beyond the local roads to real-time congestion events on the highways leading to Atlanta.

Also, routing decisions benefit from having the AI-WAN helicopter in the air for the past three years.  For example, if a bridge on the I-85 interstate highway into Atlanta must be closed for maintenance, many thousands of people need to alter their routes to work.  And at that time, the Netrolix helicopter records and analyzes the detour routes to determine which were optimal given the time of day and other conditions.

So whatever your architecture is: SD-WAN, MPLS, Internet — AI-WAN improves performance because its point of view is much broader as it gathers performance and routing intelligence across the Internet.

It’s the difference between proactive avoidance vs. reactive redirection.

Why don’t the SD-WAN players and ISPs worry more about achieving greater end-to-end performance across the WAN?

The ISPs and SD-WAN providers would love to have this intelligence, but getting there is not as easy as it sounds.  Analyzing IP records as they pass through data centers sounds like a good way to go, but Netrolix tried this approach early-on and discovered that collecting static data wasn’t enough.

Only when we made the leap to a real-time, machine-learning approach that analyzes IP traffic from all data centers simultaneously did we achieve a true breakthrough in optimizing routing choices.

And once we built that AI-WAN fabric, another key problem we faced was connecting to that fabric in real-time.  Here we worked closely with Intel to develop a Software Defined Gateway (SDG) that provides the network interface.  Powered by Intel chipsets, these SDGs connect existing network appliances to the AI-WAN fabric.

The SDGs can also act as routers, switches, firewalls, and other edge compute devices — and can be configured to deliver MPLS, VPLS, and Virtual Private Enterprise (VPE) connections.

AI-WAN User Cases

I’ll bet when you aggregate this machine learning data, it reveals some interesting facts about how the Internet actually functions.

Absolutely.  When I meet SD-WAN guys I tease them with the question: what’s the difference between the East Coast vs. West Coast Internet of the U.S.

SD-WAN providers have no visibility to a question like that, but AI-WAN does.  Interestingly, there are 150 disparate internet (local and long distance) networks on the East Coast and only 47 on the West coast.  And a key reason the East Coast has three times more is it’s a patchwork of many smaller regional networks.

If you suggest that AT&T or Verizon route its enterprise traffic across Zayo, you’d hear, “Never.  Are you saying those internet connections are better than private networks?” But our performance data suggests AI-WAN runs an Internet service on a par with private networks.

How many Fortune 100 companies, headquartered in Omaha, NE, can you name?  There is one actually: Berkshire Hathaway, because that’s where its chairman Warren Buffet lives.  But everyone knows Omaha is just a small city, nothing like New York, Chicago or Atlanta.  However, tremendous internet capacity flows through Omaha because it’s a major crossroads.  And that’s precisely why Netrolix is collecting tons of intelligence there.

There are all kinds of configuration anomalies AI-WAN picks up.  For example, we know that in some metros, ISPs change their routing tables by time of day; they may route to a different upstream ISP every weekday around 5 PM, when offices close.  That’s an anomaly — but also a learning event — and our AI-WAN system makes changes and chooses different optimal providers accordingly.

By the way, the brains of AI-WAN are never kept on the user’s site.  The devices we ship to users talk to the brain and collect and share local intelligence (the rooftop view) back to our AI core.  The brains need to be in the core and collecting data from the 20,000 nodes we are connected to.

I suppose it’s easy to get excited about the optimized routing of internet traffic through your AI-WAN network, but you’ve also gone the extra step to bake-in security and enable a full-blown enterprise private network.

That’s the point, Dan.  The real value of AI-WAN is to connect many enterprise users to each other in a private network.  That way, AI-WAN delivers end-to-end traffic that’s optimized and secure — from one Software Defined Gateway (SDG) to another.

Now much of the excitement over SD-WAN is its low cost and ease of deployment.  Trouble is: many SD-WAN appliances lack adequate security protection.  And if only one SD-WAN appliance is compromised, it could enable access to the entire private network.

This is why Netrolix has made defense-in-depth security integral to AI-WAN, for example:

  • Data is encrypted automatically using IKEv2 elliptic curve cryptography, the most powerful encryption method in use today.
  • Our Key Management System (KMS) generates encryption keys for every device, every element of the AI-WAN network, every storage instance, and every network configuration.  What’s more, each key in the global AI-WAN is automatically re-keyed every 30 minutes.
  • The Hardware Security Module (HSM) authentication provides the same hardware-based authentication used in credit and debit card chips.  This ensures access is only allowed when our gateway device is connected over the AI-WAN to a Netrolix management console.
  • Finally, the Remote Authentication Dial-In User Service (RADIUS) provides centralized Authentication, Authorization, and Accounting (AAA) to control user access to any device that connects to the AI-WAN.
Great, so how does a service with the customer work?

Once people try our platform and log in with their account, there are three cost elements to creating a location.  There’s an initial flat rate of 5 Megabit per port, a price per/Meg, and a monthly equipment fee for the network interface box we ship to them.

In a typical Internet service contract, speed guarantees don’t really work because you have no visibility or control over the ’net performance.  But since Netrolix has significant visibility into the network, we can guarantee the customer a certain level of performance.

Take the case of Comcast.  There are multiple connections into Comcast through multiple upstream and downstream providers.  Some carriers have multiple peering with Comcast.  But through our historical and real-time information, Netrolix can tell you what’s optimal from a traffic performance perspective.

The connections are always from the end point to the edge of the Netrolix global fabric.  What happens is our platform looks at the six most optimal data centers from a geographic perspective.

It then selects the very best routes — based on real-time and historical factors such as latency, jitter, packet-loss — about 100 factors are loaded into our massive AI rating system.

Based on this scoring, the top three data centers are connected to the Netrolix device and internet service.  In short, the service comes with three failover connections.  And the whole process is reevaluated every 5 minutes to ensure you remain on the optimal path.

So they are connecting to three possible data centers for traffic.  And from that point, they can choose their preferred network topology.  If they want an MPLS network to be the topology for all connections, that is an option.  And all the configurations are supported by our portal.

Wes, congratulations on your success with AI-WAN.  It’s really quite extraordinary since the Internet optimization problem is a riddle thousands of network engineers have been trying to crack for a decade or more.

Thanks, Dan, I think there’s a myth out there that people are reluctant to use the internet to reach Cloud.

But I don’t think this is a philosophical objection.  Basically people experience poor performance in using the internet, they look elsewhere.  If they can get the performance, they will use the Internet to connect to the Cloud.

In fact, Microsoft Office365 is a cloud based public facing application.  So is SalesForce.  There are plenty of SaaS applications that run on public-facing networks.

The bottom line is you really can get a public facing network with massive security and significant optimization.  With public-facing internet available at a significantly reduced price, the momentum shifts away from private networks and toward more security-enhanced public networks.

Netrolix is a good fit for any company who wants a high performance, more secure public internet-based connection to anywhere.

Copyright 2018 Top Operator Journal


About the Experts

Wes Jensen

Wes Jensen

Wes Jensen is the Co-Founder and CEO of Netrolix.  He has 20 years of experience leading engineering and service organizations responsible for designing, installing, and maintaining IT infrastructures for Fortune 500 enterprises and service providers.

He has had held technical leadership positions at Global Cloud Xchange, Level 3, XO and more where he played a critical role working with executive leadership to drive and close multi-million dollar sales.

At Level 3 he ran The Strategic and Financial Services vertical engineering team which included responsibilities for all global exchanges, top global banks, and all associated insurance, financial, trading and investment firms.

Prior to entering private enterprise Mr. Jensen served in Special Operations in the U.S.  Army.   Contact Wes via


Thanks to Mary Stanhope of iMarket2 who contributed her expertise to this story.

Recent Articles