DevelopersDevOpsFeaturedLet's TalkSecurityVideo

An ‘Internet’ For DevOps: With Mesh VPN, Tailscale Is Fixing The Broken Internet


Modern developers while working on creating internet-scale applications often don’t need the “internet”. That internet, as we know it today, is broken, according to Avery Pennarun, CEO and Co-Founder of Tailscale. Back in the 90s, the internet was quite different than what it is today. Originally, the idea behind the internet was a decentralized space where everything was connected to everything – it was peer-to-peer via IP addresses. Now it has become heavily centralized with very few companies as its gatekeepers.

The modern internet poses connectivity challenges for modern DevOps teams who just want to easily and securely connect to the services they are building with simple things like peer-to-peer connections. In most cases, all they want is an SSH (Secure Shell) connection. But they can’t due to firewalls and other limitations or restrictions that come by default with modern internet that is scaled to cater to billions of users. That’s the problem Tailscale is solving for them. Pennarun calls it the opposite of internet scale.; it’s ‘tail scale’. Tailscale is focussing on solving connectivity for 10, 100, or 1,000 users; not for a billion users.

Tailscale has created what Pennarun calls a mesh VPN that is different from the ‘traditional’ enterprise VPN in the sense that every node is a peer instead of there being a center point like clients and servers. As a result, there is no single point of failure in the middle. The architecture of Tailscale is a hybrid of centralized and decentralized control systems, hence reaping the benefits of decentralized and distributed systems like torrents without incurring their flaws, and adding strong security for developers.

The company is enjoying growing demand and is serving customers across the globe. The evidence of their success can be seen in the latest $100 million Series B funding round led by Insight Partners and CRV. In this episode of Let’s Talk, Pennarun details the working of Tailscale and how it’s solving connectivity and security problems for DevOps teams.

Guest: Avery Pennarun (LinkedIn, Twitter)
Company: Tailscale (Twitter)
Show: Let’s Talk
Keywords: VPN, Virtual Private Network

About Avery Pennarun: Avery is CEO and Co-founder of Tailscale. He spent the previous 8 years at Google where he launched Google’s first P2P payments transfer for Google Wallet, spearheaded the development of Google Fiber, and provided strategic analysis for several high-profile Alphabet projects.

About Tailscale: Tailscale is building the new Internet with a zero trust DevOps VPN: small, trusted, interconnected, human-scale networks. We combine WireGuard with 2-factor authentication, a distributed mesh, centralized security policies, and magic.

Useful links: Tailscale raises $100M… to fix the Internet


Here is the automated and unedited transcript of the recording. Please note that the transcript has not been edited or reviewed. 

Swapnil Bhartiya: Hi, this is your host, Swapnil Bhartiya, and welcome to TFiR Let’s Talk. And today we have with us Avery Pennarun, co-founder and CEO of Tailscale. Avery, it’s great to have you on the show.

Avery Pennarun: Hi, it’s great to be here.

Swapnil Bhartiya: Today, there is so much to talk about. You folks closed the series B funding, and of course, the work that you folks are doing there is also exciting. Before we talk about all of those, since you’re also a co-founder, I would love to know a bit about the company. What do you folks do? What problem you saw in that space that you wanted to solve, that you co-created this company?

Avery Pennarun: The story always starts off with what is the meaning of Tailscale? It’s sort of a joke. It’s the opposite of Internet Scale? So, the kinds of problems we set out to solve are the ones that don’t need to scale to a billion users. And I think every development team, even at big companies whose product scale to a billion users, has a bunch of little internal projects that don’t need to scale to a billion users. So for example, just your development team, being able to SSH into the services, running in your production cluster is not a billion user problem. It’s a 1000 user problem or a 100 user problem, or a 10 user problem. So, Tailscale specializes in specifically that stuff. And inside that range, we started off on the connectivity and security problems. So, like getting people into your devices and dashboards and stuff, and keeping people who shouldn’t be getting in from getting in.

Swapnil Bhartiya: How do you enable these teams to have their own version of scale down version of Internet? So talk about what are you offering them?

Avery Pennarun: So what Tailscale does, the simplest way to describe it is it’s a tool that connects your devices to your other devices or your services to your other services or your devices to your VMs or your containers. So it’s a connectivity tool, but it doesn’t matter where physically in the world those things are located. So, the simplest way to use Tailscale is you download it from the app store on your phone and your laptop, and you log in using your Google or your GitHub account. And then immediately those two devices are connected to each other across space and time. And, so if you then run a web service on your laptop, you can reach it from your phone and you can just keep adding devices that way. Your coworkers can keep adding devices that way. Or you can share devices with people on other networks and you don’t have to worry about keys and encryption and NATS and firewalls and opening ports and dynamic DNS, or any of that stuff. It just magically makes the two things connect.

Swapnil Bhartiya:That sounds like a VPN, is it a VPN?

Avery Pennarun: It is a VPN. When we ask our customers, like how would you describe Tailscale? They’re like, “Look, it’s kind of a VPN, but it’s the best VPN you’ve ever used in your life. It’s the sort of VPN that redefines what a VPN is.” So initially we actually didn’t want to call it a VPN because we know VPNs have a lot of negative connotations, but customers describe it back to us as VPN. It’s technically a mesh VPN because there is no center point. All the devices connect directly to each other. They don’t go through some funnel in the middle.

Swapnil Bhartiya: You brought up the term mesh VPN, how different is it from the VPN we all know and user, well there are two kinds of VPNs – one we use for enterprise and other is more for consumers for so-called anonymity.

Avery Pennarun: The most important thing about a mesh VPN is that every node is a peer instead of there being a center point like clients and servers. So there’s no single point of failure in the middle. There’s no place where you funnel all the traffic through that can get overloaded. Every time you add a node, the capacity of your VPN increases because the traffic to that node is handled entirely by that node. The hard part about setting up a mesh VPN typically is getting through firewalls and that’s getting all the keys in place. And then the nodes actually being able to discover each other.

So, the architecture for Tailscale is what we call hybrid, centralized, decentralized the control system, which is as small as possible. The control plane is what we use for distributing public keys between the nodes and helping nodes find each other. That’s what we run in the cloud, but the actual what we call the data plane, the place where all the packets go is completely distributed and decentralized because each of your nodes send packets directly to each of your other nodes. So it’s kind of a neat, you hear a lot about decentralized design, BitTorrent, for example, is a decentralized design, but it has all these downsides by not having a centralized control plane. Companies would like to have a centralized control plane. So they know exactly which nodes are in their network and can kick them out and control them based on people’s identity and set ACLs and stuff. But you don’t want to have a centralized data plane, which most VPNs do, because then you’ve got all these huge performance problems.

Swapnil Bhartiya: That’s great. Can you also talk about what kind of organizations or companies are leveraging your technologies?

Avery Pennarun: So Tailscale is a strangely horizontal product in the sense that it works for individual users at home, we have a free plan. People can play with their Raspberry Pi up to like companies with 2 or 5 or 10 or 100 or 1,000 employees all the way up to companies with 10,000 employees. And they’re not in any particular market. The thing they all have in common is that most of them have Dev teams and all of them have IT teams, right? And so Tailscale is in its simplest definition of VPN, every company above a certain size has a VPN, has a budget for their VPN, has someone responsible for their VPN and really doesn’t like their VPN, right? So, it makes it a pretty easy conversation to say like, “Look, Tailscale, just try it. Now, you know how much better it is than your current VPN. Why don’t you buy this, right?” It’s a very simple discussion and it doesn’t really matter what market people are in.

But we do have companies in the financial world. Our very first customer was a company called VersaBank, which is a bank in Canada. We specifically designed a bunch of the Tailscale features specifically to work with them. We started working with an airline early on. There is a company in Norway that does IOT traffic cameras called the Finter. Let’s see, I’m trying to remember which other logo is on our website. There’s a bunch of companies, the bigger they are, the less they want to tell anybody which security products they use internally. So, we have several pretty big companies who we haven’t revealed their names. The biggest customers so far is the international mining company that operates in dozens of countries around the world and needs to have really reliable VPNs even in situations where the Internet itself is really unreliable.

Swapnil Bhartiya: When I look at all these users, I wonder how you position yourself in this crowded space of VPNs so that your target audience reaches you. What’s your strategy?

Avery Pennarun: Right. So, the weirdest thing about the term VPN is there are two completely different kinds of products that people call VPNs. So, the original definition of VPN virtual private network is what corporations use to be able to connect privately to the companies private network and access the private resources sitting on that network. It had nothing to do with accessing the Internet through the VPN. It was everything about accessing your company’s network. So, that’s fundamentally what kind of VPN Tailscale is. The other kind of VPN that nowadays most people have heard more about because there’s so much advertising is the so-called privacy VPN, which is a very strange term because what a privacy VPN, a consumer oriented VPN, does is it grabs all of your Internet traffic, routes it through some other point on the Internet and then out from there. And this is to make it so that your local ISP or the cafe you’re sitting in or whatever cannot see your traffic.

The huge downside of that kind of VPN is that the VPN provider does necessarily see all your traffic. They see your decrypted traffic that goes through their exit node out onto the Internet. So, we’re the first kind. Now that said, Tailscale has a feature called exit nodes. You can operate your own exit nodes as part of your company if you want and send all of your public facing Internet traffic through one of your own exit nodes. Then, we don’t see your Internet traffic. Only you see it. So, it’s in some sense the best of both worlds other than you having to operate that exit node yourself, but companies like that. They like the fact that they have this privacy.

Swapnil Bhartiya: You often talk about fixing the internet, as you believe it’s broken. So explain why you think its broken and how are you trying to fix it?

Avery Pennarun: So I guess one of the things that we were really aware of starting Tailscale, because the founders are a little older, we’re not 20 year olds starting things for the first time. So, we were around back in the 1990s when the Internet was quite different than it is today. And one of the dreams of the original Internet was this idea of like everything being connected to everything else, everybody’s an equal, there’s peer-to-peer, everybody has an IP address. You can connect to the IP address, it’s  a service and you don’t have to pay anybody rent, you don’t have to ask anybody permission to publish something. The Internet since then has gotten increasingly centralized. At this point, virtually everything you do on the Internet ends up going through one of maybe three companies that somebody is paying rent to in order to provide this service.

So, this has happened in many ways because of the limitations of the technical infrastructure of the Internet. We ran out of IP addresses. IPv6 never got fully deployed. Firewalls and NATS have to be there for security reasons. But because of that, I can’t make a peer-to-peer connection, right? So, what Tailscale is doing is it’s creating this overlay network on top. It’s going back to the original concept of the Internet, which is called that because it’s a network of networks, right? You create a private network that’s yours and you connect it to other people’s private networks in a controlled way, not in an uncontrolled way, right? And you don’t have to care about physical location and Tailscale, just sort of when you’d use it, when you try Tailscale, it has this feeling of being like the way the Internet was supposed to be back in the 1990s. But with this sort of modern slant to it, where we actually do encryption, we actually have access controls, we actually tie things to your identity. And so people accessing your services, you can control exactly who those people are allowed to be.

Swapnil Bhartiya: We are seeing the emergence of 5G private networks and I want to understand what role can Tailscale play withing private 5G networks?

Avery Pennarun: Sure. 5G is great technology. It basically is at a most fundamental level. 5G is a performance improvement over traditional LTE, right? And in general, on traditional LTE networks, every device is isolated from every other device because the purpose of an LTE connected device is usually to connect to a server that is probably running in the cloud somewhere. When you add Tailscale to that, it makes it possible for LTE or 5G connected devices to actually talk to other LTE or 5G connected devices.

So, you’re forming this private overlay network from a network that generally doesn’t let the devices talk to each other at all, right? So you get this really nice behavior where you can now deploy say 100 different IOT devices, all on the same 5G network that normally wouldn’t be able to talk to each other except through the cloud. Now, they can bypass the cloud and all the costs and overhead associated with that and just form a direct peer-to-peer connection. So, Tailscale handles all the problems of associating those devices to each other. So you can just do things in the easy, simple way.

Swapnil Bhartiya: Let’s talk about security as that’s one of the core components of VPNs and we are already seeing shift left movement, zero trust networks and so on. So talk about security with Tailscale.

Avery Pennarun: Sure. First of all, I think zero trust is such a funny term because everybody knows they want it, but nobody knows what it is and it would be pretty presumptuous of me to tell you what it is. I can tell you what I think it is. I think zero trust, the purpose of zero trust is to eliminate the so-called like encryption added and removed here problem. A zero trust network is not really zero trust. It’s just zero trust of the physical network by default. The only devices I’m willing to talk to are ones that I do trust, right? How do you establish that trust is an interesting problem. Tailscale has an approach to how I establish trust between devices that I think is really innovative and makes things easier. But there’re many different ways to establish that trust and every company that has a different way of establishing trust or distributing encryption keys describes themself as a zero trust product.

One of the things that I think Tailscale does really well, that is rare even among zero trust companies, is that it’s so easy to use that most people who adopt Tailscale adopted because it makes their life easier, right? It’s like I needed to connect these different devices to each other. When I use Tailscale, it’s trivially easy to connect these devices together. But the nice thing is that along with that feature rides this zero trust security. So when I connect devices to each other using Tailscale, I don’t trust the physical network. I do have an identity associated with them.

And so it actually solves all these security problems by default. And so Tailscale has this really nice secure by default, but easier than what you were doing before, which makes security teams really happy because usually they’re fighting with say the IT team or the Dev team to please, please stop deploying this terrible idea because it’s a security hole and we really need to slow you down, but it’s for your own good, right? With Tailscale, we don’t need to slow you down because it’s really exciting that Tailscale is doing all this stuff that I’ve been trying to convince you to do for years, but also making your life easier. So, there’s no fight.

Swapnil Bhartiya: Let’s now talk about the big news which is Series B funding of $100 millions. Congratulations.

Avery Pennarun: Sure. This is our series B and we are raising a $100 million US. The round is led by CRV and Insight Partners. But it also has participation from all of our previous investors who are eager to put in more money. That includes Excel, Heavybit and Unqork Capital as well as a bunch of angel investors in smaller checks. It’s unusually large for a series B, but I think it reflects how excited everybody is about the potential of Tailscale not just to do the things that it’s doing right now, but just create a platform for everybody to solve a bunch of problems that they haven’t been able to solve for the last 20 years.

Swapnil Bhartiya:  What kind of adoption you have seen of Tailscale over the years, and what is driving this adoption.

Avery Pennarun: Yeah. Well, the adoption is way faster than I expected it to be when I started the company. At the moment, we’re growing at about 20% per month in active nodes and the revenues are growing. I think they more than doubled in the last six months and we’re on track to do that again. The kinds of people who use Tailscale are all the way across the board. So individuals use it for things like running their Raspberry Pi at home or connecting to a Minecraft server or controlling their 3D printer. Then, people use it at work to like SSH into their production systems or the development clusters or connect databases to dashboards when they’re in two different locations, for example. And then the next step up from that is the IT team rolling out across the entire company to replace whatever they’re currently doing with their existing VPN.

So you end up with these like really interesting, completely distinct use cases, but all of our growth comes from that very first use case of people playing with it at home, getting super excited about how this changes everything. I can’t believe I can do all this stuff I couldn’t do before, telling their friends, some of those friends end up bringing it to work. And that’s where we make money. It’s fascinating to me that the free plan is used completely differently from our paid plans but is the fundamental vehicle for growth across the whole company.

Swapnil Bhartiya: What’s your plan with the funding what are the areas you are going to focus on with this round?

Avery Pennarun: I think a little bit unusually for a company raising this much money we’re not going to immediately start dumping it all into marketing and sales. We did make a joke at one point. It’s like, we calculated we could actually reserve seven minutes of Super Bowl time with a $100 million, which would really annoy everybody watching the Super Bowl. But it’s amazing to try to put this much, the scale of this much money in perspective, but the truth is Tailscale is already working really well. And the thing that works really well for us is having extremely high quality goals and building the product that people actually want and getting out of their way, right? So we’re going to keep on investing in that and keep on solving adjacent problems to the core one that we started with.

And we believe the growth is sort of going to follow naturally from that. And so of course, we’re going to hire a few more sales people and a bit more on marketing, but the core of the product is not going to change. And the nature of the free plan is going to stay the free plan. And it’s all about, we have really lofty goals, like the Internet is broken. If you’re going to fix the Internet, it needs to be for everybody in the world. How do you get a product like this to be helping everybody in the world?

Swapnil Bhartiya: Any closing thoughts?

Avery Pennarun:

Yeah. The funniest thing about Tailscale is that people don’t… You can tell them what it does and they don’t get it. They don’t believe you. And we often get feedback that their friends have been telling them to try Tailscale for weeks or months, and they never got around to it. And then they finally tried it and it’s like, “Whoa, this was first of all way easier to get started than I thought it was. And secondly, way more useful than I thought it would be.” And so my best advice is like, don’t listen to anything I’ve said, just go into the app store, download Tailscale, test it out. And in five minutes, if you don’t believe that it’s good, then you can give up because almost everybody who just finally pushes that button to try it out immediately understands.

Swapnil Bhartiya: Swapnil Bhartiya: Avery thanks for joing me today and I look forward to our next conversation. Thank you.

Avery Pennarun: Yeah. Thank you very much. And of course, we’re always happy to come back whenever you need us.


Don't miss out great stories, subscribe to our newsletter.

Tachyum Running Applications In Linux Interactive Mode On Prodigy FPGA

Previous article

Kubernetes 1.24 Is The First Release To Officially Use sigstore

Next article
Login/Sign up