O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
F5 Synthesis
Information Session
February, 2014
Agenda
• Welcome and Introduction to Customer Technology Challenges
• Software Defined Application Services
• Reference Ar...
Advanced
threats

SDDC/Cloud

Mobility

© F5 Networks, Inc

“Software defined”
everything

Internet of
Things

HTTP is the...
Impact on Data Center Architecture: Applications
MICRO-ARCHITECTURES

API DOMINANCE

Each service is isolated and requires...
Impact on Data Center Architecture: Network
SOLUTION SPRAWL

OPERATIONAL INCONSISTENCY

Increasing threats and client plat...
SDN Division of Labor

Architect
© F5 Networks, Inc

Foreman

Workers
6
Components of SDN
Controller

SDN Applications /
Mgmt

“I manage switches,
and tell them how to
connect to each other”

“I...
Core Benefits
• Automation & orchestration
• Repeatability, speed
• Less risk (avoid human error)
• Reduced operating cost...
Who are the Players?
SDN Applications /
Mgmt

Controller

• VMware NSX

• VMware NSX

• Cisco/Insieme

Switches
• Cisco Ne...
Application SDN: L4-7
• L2-3 is just “plumbing”
• Dynamic L2-3 == easy, generally solved
• Dynamic L4-7: Application SDN
•...
Deliver the most secure, fast,
and reliable applications to anyone
anywhere at any time.

© F5 Networks, Inc

11
Driving Efficiency into Application Development
Agile Development & Development & Operation (DevOps)
• In the past 5 years...
Application Environment

Agile
Development
Speed, customerdriven, and quality of
app development

Rapid deployment─
networ...
Application Environment

Agile
Development

Cloud and
DevOps

Speed, customerdriven, and quality of
app development

Accel...
Application Environment

Agile
Development

Cloud and
DevOps

SDN and
Private Cloud

Speed, customerdriven, and quality of...
The Time Is Right
F5 VISION
Agile
Development

Cloud and
DevOps

SDN and
Private Cloud

Speed, customerdriven, and quality...
“Leave No Application Behind”
1000
Average number of
applications deployed
within an enterprise

DDoS

© F5 Networks, Inc

WAF

SSL

Acceleration

LTE

...
The selected few

© F5 Networks, Inc

19
ADC
© F5 Networks, Inc

ADC

ADC

ADC

ADC

ADC
20
High-Performance
Fabric
BIG-IP
© F5 Networks, Inc

BIG-IP

BIG-IP

BIG-IP

BIG-IP

BIG-IP
21
© F5 Networks, Inc
Inc.

22
The 4th Phase of the Evolution

4
3
2
1
© F5 Networks, Inc
Inc.

Software Defined Application Services
Cloud Ready

Broade...
Software Defined Application Services Elements

HighHigh-Performance
Services Fabric

Simplified
Business Models

© F5 Net...
Software Defined Application Services Elements

HighHigh-Performance
Services Fabric

© F5 Networks, Inc

25
High-Performance Services Fabric

Virtual Edition

Network

Appliance

Chassis

[Physical • Overlay • SDN]
High-Performance Services Fabric

On-Demand Scaling

All-Active Clustering

Multi-Tenancy

TMOS

TMOS

TMOS

ScaleN

Netwo...
High-Performance Services Fabric

Throughput

*40K when combining
admin instances with vCMP

Connections
per second

Netwo...
High-Performance Services Fabric

Programmability
Data Plane

Virtual Edition

Network

Control Plane

Appliance

Manageme...
High-Performance Services Fabric

Programmability
Data Plane

Virtual Edition

Network

Control Plane

Appliance

Manageme...
Software Defined Application Services
Software Defined Application Services

F5 Software Defined
Application Services (SDAS)
A rich set of services that address...
Software Defined Application Services

Global Server LB Load
Global
Server LB CGNAT Balancing

Availability

Global Load B...
Software Defined Application Services

Compression
Traffic
Management

Caching

Acceleration

Performance

Optimization

W...
Software Defined Application Services
.

SAML Federation

Cloud Federation
Access Control
Anti-Malware

Endpoint Inspectio...
Software Defined Application Services

Cloud Bridging MDM
Service Chaining

VO LTE

Subscriber
Traffic Control Policy Enfo...
Software Defined Application Services

Anti-Fraud
Programmability

DNS Firewall

SSL Inspection
Firewall
AntiAnti-Phishing...
Software Defined Application Services Elements

© F5 Networks, Inc

38
Intelligent Services Orchestration
Orchestration
Connectors

Fabric Connectors

BIGBIG-IQ

Module Connectors

Cloud Connec...
Completing the SDN Stack
BIG-IQ
Device™

Software-Defined Data Center

Application Plane
NBI

Control Plane

Virtual Netwo...
Centralized Management Platform

BIG - IQ

BIG-IP
BIG-IP
Data Center

Hybrid Cloud

Public Cloud
Orchestration Modules

BIG-IQ Platform Services

BIG-IP Devices
Application Services Modules
Simplify License Orchestration
VE License Pools

• Pools available in 25packs of Good, Better,
or Best offers

vSwitch
vSw...
Software Defined Application Services Elements

Simplified
Business Models
Simplified Business Models

Perpetual

BYOL

Subscriptions

Cloud Licensing Program
Flexibility

BIG-IP Local Traffic Manager

Make it easier to adopt
advanced F5
functionality

Simplicity

Appliance
Compar...
Better
BIG-IP Local Traffic
Manager
BIG-IP Global Traffic
Manager
BIG-IP Application
Acceleration Manager
BIG-IP Advanced ...
Best
BIG-IP Local Traffic
Manager
BIG-IP Global Traffic
Manager

• PCI Compliant Web
Application Firewall
• Web scraping p...
Synthesis and Good/Better/Best Licensing
Streamline the architecture process

1

Match Reference Architecture
To Business ...
Reference
Architectures
For Today’s Customer Challenges
Reference Architectures
Device, Network, Applications
S/Gi Network
Simplification

DDoS
Protection

Bill of Materials

© F...
Reference Architectures

Solution Documents…
© F5 Networks, Inc

53
DDoS Protection Reference Architecture
Next-Generation
Firewall

Tier 2

Tier 1
Network attacks:
ICMP flood,
UDP flood,
SY...
DDoS Protection Reference Architecture
Next-Generation
Firewall

Corporate Users

TIER 1 KEY FEATURES
Tier 2
• The first t...
DDoS Protection Reference Architecture
Next-Generation
Firewall

Corporate Users

TIER 2 KEY FEATURES

• The second tier i...
Recommended Practices Configuration Guide
2. 3. 2.4 En for ce R e al Br ow se r s
2. 4
Besides authentication and tps-base...
Technical Validation & Performance Testing

UDP Flood
2x Competition
ICMP Flood
10x Competition
Blended Attacks
25 + new D...
Mapping F5 Products to Synthesis Solutions

Use Reference
Architectures to
Implement F5
Synthesis
Solutions

© F5 Networks...
Key Customer Benefits
Maintain application
availability

Protect network
infrastructure

Defend against
targeted attacks

...
TCO Study─Details
Data Center Consolidation

DDoS

83% Lower TCO

81% Lower TCO

85% Savings
• Service Contracts
92% Savin...
Making it Happen with Global
Services
F5 Global Services and Synthesis
PRODUCT FOCUSED

SERVICE LED

SOLUTION DRIVEN

4
3
2
1
© F5 Networks, Inc

Advanced
Servi...
Services to Support Reference Architecture Lifecycle
IMPLEMENT

ARCHITECT
Solution Definition Workshop

Installation and M...
Multi-network Environment and
Partner Ecosystem
F5 Synthesis Partner Ecosystem

/

DevOps

© F5 Networks, Inc
Inc.

66
Completing the SDN Stack
BIG-IQ
Device™

Software-Defined Data Center

Application Plane
NBI

Control Plane

Virtual Netwo...
Partner Integration with Synthesis
Auto-scaling, application
provisioning, and
automated system
maintenance and
patching.
...
Cisco ACI Design Philosophy
Why Cisco/ACI matters for Customers
• Cisco and F5 share a common vision for simplifying networking end to
end by taking a...
VMware NSX and F5 joint solution
Overview

Any Application
(without modification)

Virtual Networks
Any Cloud Management P...
F5 + NSX : Application delivery needs for enterprise
virtualized workloads in NSX environments
Context Aware
Network Servi...
Benefits
Drive

© F5 Networks, Inc.

Increase

Reduce

Future

73
SDDC/Cloud
Coming to a City Near You….
Cloud and Security Events
Ask your Account Team for More Information…
F5 Synthesis Toronto February 2014 Roadshow
Próximos SlideShares
Carregando em…5
×

F5 Synthesis Toronto February 2014 Roadshow

2.330 visualizações

Publicada em

February 2014 Update on F5 Synthesis Program, delivered by Pat Fiorino in Toronto at the Hockey Hall of Fame. Prepared for IT decision- makers and administrators.

Publicada em: Tecnologia
  • http://www.sendspace.com/file/8kn03w
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui

F5 Synthesis Toronto February 2014 Roadshow

  1. 1. F5 Synthesis Information Session February, 2014
  2. 2. Agenda • Welcome and Introduction to Customer Technology Challenges • Software Defined Application Services • Reference Architectures for Today’s Customer Challenges • Total Cost of Ownership and New Business Models • Multi-network Environment and Partner Ecosystem • Making it Happen with Global Services • Q&A
  3. 3. Advanced threats SDDC/Cloud Mobility © F5 Networks, Inc “Software defined” everything Internet of Things HTTP is the new TCP 3
  4. 4. Impact on Data Center Architecture: Applications MICRO-ARCHITECTURES API DOMINANCE Each service is isolated and requires its own: • Load balancing • Authentication / authorization • Security • Layer 7 Services • May be API-based, expanding services required APIProxies are used in emerging API-centric architectures for: • API versioning • Client-based steering • API Load balancing • Metering & billing • API key management More applications need services More intelligence needed in services API v1 Service A Service C Service B © F5 Networks, Inc Service D API v2 4
  5. 5. Impact on Data Center Architecture: Network SOLUTION SPRAWL OPERATIONAL INCONSISTENCY Increasing threats and client platforms result in need for: • Mobile device management • Mobile access management • Mobile security • DDoS • Application layer threats • Malware offIntroduction of off-premise cloud solutions without architectural parity results in: • Inconsistent enforcement of business and operational policies • Unpredictable application performance and security • Increased OpEx as new management paradigms are introduced SaaS © F5 Networks, Inc 5
  6. 6. SDN Division of Labor Architect © F5 Networks, Inc Foreman Workers 6
  7. 7. Components of SDN Controller SDN Applications / Mgmt “I manage switches, and tell them how to connect to each other” “I can use feedback to make adjustments to the blueprint as I see fit” “I take orders, and route packets accordingly” “I also collect and manage state, and can report back to the architect.” “I define the blueprint for what the network should look like to achieve some goal” “I can also report back info to the foreman” API API Architect © F5 Networks, Inc Switches Foreman (REST, OpenFlow) Workers 7
  8. 8. Core Benefits • Automation & orchestration • Repeatability, speed • Less risk (avoid human error) • Reduced operating cost • Compliance • Agility • Faster app lifecycles and transient usage (dev/test) • Security • Network isolation • Resource Utilization • Dynamic allocation of resources © F5 Networks, Inc 8
  9. 9. Who are the Players? SDN Applications / Mgmt Controller • VMware NSX • VMware NSX • Cisco/Insieme Switches • Cisco Nexus 9300/9500 • Cisco/Insieme APIC • NSX vSwitch (OVS) • OpenStack • Arista • Smaller Startups • Smaller Startups Anunta Networks • BigSwitch • PlumGRID Controller • Smaller Startups / Whitebox Architect © F5 Networks, Inc Foreman • Pluribus • • PlumGRID Workers 9
  10. 10. Application SDN: L4-7 • L2-3 is just “plumbing” • Dynamic L2-3 == easy, generally solved • Dynamic L4-7: Application SDN • Fundamentally harder! • No good solution today
  11. 11. Deliver the most secure, fast, and reliable applications to anyone anywhere at any time. © F5 Networks, Inc 11
  12. 12. Driving Efficiency into Application Development Agile Development & Development & Operation (DevOps) • In the past 5 years we’ve seen the push to Agile Development. • Focused on speed and customer driven application solutions. • Drove more efficient application development • Agile wasn’t focused on rapid deployment of those applications • This gap was closed by many by either deploying their applications on the cloud and/or evolving their development and IT organizations with the creation of DevOps • DevOps describes what has also been called “agile system administration” or “agile operations” joined together with the values of agile collaboration between development and operations staff. • The goal of DevOps was simply to getting applications deployed quicker. © F5 Networks, Inc code release 12
  13. 13. Application Environment Agile Development Speed, customerdriven, and quality of app development Rapid deployment─ network and operations velocity © F5 Networks, Inc 13
  14. 14. Application Environment Agile Development Cloud and DevOps Speed, customerdriven, and quality of app development Accelerate time to market Rapid deployment─ network and operations velocity Cloud SLA, security and control private network agility © F5 Networks, Inc 14
  15. 15. Application Environment Agile Development Cloud and DevOps SDN and Private Cloud Speed, customerdriven, and quality of app development Accelerate time to market Software defined data centers Failed to Address: Rapid deployment─ network and operations velocity © F5 Networks, Inc Cloud SLA and control private network agility L4– L4–7 device sprawl and application fluency 15
  16. 16. The Time Is Right F5 VISION Agile Development Cloud and DevOps SDN and Private Cloud Speed, customerdriven, and quality of app development Accelerate time to market Software Defined Data Centers Applications without constraints Failed to Address: Rapid deployment─ network and operations velocity © F5 Networks, Inc Cloud SLA and control private network agility L4– L4–7 device sprawl and application fluency 16
  17. 17. “Leave No Application Behind”
  18. 18. 1000 Average number of applications deployed within an enterprise DDoS © F5 Networks, Inc WAF SSL Acceleration LTE Applications require services 18
  19. 19. The selected few © F5 Networks, Inc 19
  20. 20. ADC © F5 Networks, Inc ADC ADC ADC ADC ADC 20
  21. 21. High-Performance Fabric BIG-IP © F5 Networks, Inc BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP 21
  22. 22. © F5 Networks, Inc Inc. 22
  23. 23. The 4th Phase of the Evolution 4 3 2 1 © F5 Networks, Inc Inc. Software Defined Application Services Cloud Ready Broadened Application Services Application Delivery Controller 23
  24. 24. Software Defined Application Services Elements HighHigh-Performance Services Fabric Simplified Business Models © F5 Networks, Inc 24
  25. 25. Software Defined Application Services Elements HighHigh-Performance Services Fabric © F5 Networks, Inc 25
  26. 26. High-Performance Services Fabric Virtual Edition Network Appliance Chassis [Physical • Overlay • SDN]
  27. 27. High-Performance Services Fabric On-Demand Scaling All-Active Clustering Multi-Tenancy TMOS TMOS TMOS ScaleN Network [Physical • Overlay • SDN] TMOS
  28. 28. High-Performance Services Fabric Throughput *40K when combining admin instances with vCMP Connections per second Network Concurrent connections Multi-tenant instances per device [Physical • Overlay • SDN] Device service clusters
  29. 29. High-Performance Services Fabric Programmability Data Plane Virtual Edition Network Control Plane Appliance Management Plane Chassis [Physical • Overlay • SDN]
  30. 30. High-Performance Services Fabric Programmability Data Plane Virtual Edition Network Control Plane Appliance Management Plane Chassis [Physical • Overlay • SDN]
  31. 31. Software Defined Application Services
  32. 32. Software Defined Application Services F5 Software Defined Application Services (SDAS) A rich set of services that address the delivery challenges faced by businesses today. © F5 Networks, Inc 32
  33. 33. Software Defined Application Services Global Server LB Load Global Server LB CGNAT Balancing Availability Global Load Balancing Authoritative DNS Disaster Recovery Cloud Bursting Business DNS Caching & Resolving Intelligent EPC node selection © F5 Networks, Inc Continuity 33
  34. 34. Software Defined Application Services Compression Traffic Management Caching Acceleration Performance Optimization Web Performance Optimization SPDY Gateway Traffic Shaping and QoS Application Optimization © F5 Networks, Inc 34
  35. 35. Software Defined Application Services . SAML Federation Cloud Federation Access Control Anti-Malware Endpoint Inspection Single Sign-On SSL VPN Active Sync Proxy Secure Web Gateway Access & Identity Web Access Management © F5 Networks, Inc 35
  36. 36. Software Defined Application Services Cloud Bridging MDM Service Chaining VO LTE Subscriber Traffic Control Policy Enforcement Enrichment MAM Diameter and Routing NfV VAS Bursting SDN Mobility LTE Roaming VDI Mobile Optimization Mobile © F5 Networks, Inc Quota Management Acceleration Application Traffic Control 36
  37. 37. Software Defined Application Services Anti-Fraud Programmability DNS Firewall SSL Inspection Firewall AntiAnti-Phishing SSL intelligence WAF DNSSEC © F5 Networks, Inc ADF DDoS SSL VPN Security 37
  38. 38. Software Defined Application Services Elements © F5 Networks, Inc 38
  39. 39. Intelligent Services Orchestration Orchestration Connectors Fabric Connectors BIGBIG-IQ Module Connectors Cloud Connectors
  40. 40. Completing the SDN Stack BIG-IQ Device™ Software-Defined Data Center Application Plane NBI Control Plane Virtual Networks Data Plane SDN Controller NVGRE BIG-IQ Security™ NBI OPEN REST APIs BIGF5 BIG-IQ VXLAN ETC… Service Chaining LAYER 2-3 LAYER 4-7 BIG-IQ Cloud™
  41. 41. Centralized Management Platform BIG - IQ BIG-IP BIG-IP Data Center Hybrid Cloud Public Cloud
  42. 42. Orchestration Modules BIG-IQ Platform Services BIG-IP Devices
  43. 43. Application Services Modules
  44. 44. Simplify License Orchestration VE License Pools • Pools available in 25packs of Good, Better, or Best offers vSwitch vSwitch vSwitch vSwitch • BIG-IQ manages licenses for all VEs in the pool F5 licensing server Hypervisor Hypervisor Hypervisor Hypervisor • One-time license provisioning Virtual Infrastructure BIG-IQ manages licensing for all VEs in the pool. 25 Pack of VEs Benefits • Spin up a VE when it’s needed • Retire a VE and return it to the pool
  45. 45. Software Defined Application Services Elements Simplified Business Models
  46. 46. Simplified Business Models Perpetual BYOL Subscriptions Cloud Licensing Program
  47. 47. Flexibility BIG-IP Local Traffic Manager Make it easier to adopt advanced F5 functionality Simplicity Appliance Comparison Consolidate into fewer common configurations Best Value Good | Better | Best Save when purchasing bundles BIG-IP Global Traffic Manager Application Acceleration Manager Good BIG-IP Advanced Firewall Manager Better Best VE Price Comparison SDN Service Advanced Routing BIG-IP Access Policy Manager Good BIG-IP Application Security Manager Better Bought As Bundle Best Bought As Components
  48. 48. Better BIG-IP Local Traffic Manager BIG-IP Global Traffic Manager BIG-IP Application Acceleration Manager BIG-IP Advanced Firewall Manager • • • • • • Global server load balancing DNS services Real-time DNSSEC solution Global application high availability Geolocation DNS DDoS attack protection • Web performance optimization • WAN optimization (data deduplication, FEC) • Mobile optimization (smart client cache, image optimization) • SaaS acceleration (reduce bandwidth usage & page load times) • • • • High-performance ICSA firewall Network DDoS protection Application-centric firewall policies Protocol anomaly detection Key Benefits • Protect and optimize the data center • Optimize application delivery • Ensure optimal application availability and performance • Future-proof the business • Leverage the power of integrated SDN services
  49. 49. Best BIG-IP Local Traffic Manager BIG-IP Global Traffic Manager • PCI Compliant Web Application Firewall • Web scraping prevention • Integrated XML firewall • Violation correlation & incident grouping • Application DDoS protection BIG-IP Application Acceleration Manager BIG-IP Advanced Firewall Manager BIG-IP Application Security Manager BIG-IP Access Policy Manager • 500 concurrent users, scalable up to 200K • BYOD enablement • Full Proxy for VDI (Citrix, VMware) • Single sign-on enhancements (Identity Federation with SAML 2.0) Key Benefits Manage application access Support BYOD initiatives Accelerate remote access Protect IP and minimize vulnerability exposure • Free development resources to create value • • • •
  50. 50. Synthesis and Good/Better/Best Licensing Streamline the architecture process 1 Match Reference Architecture To Business Need 2 Choose the Licensing You Need 3 Choose the Appropriate Platform
  51. 51. Reference Architectures For Today’s Customer Challenges
  52. 52. Reference Architectures Device, Network, Applications S/Gi Network Simplification DDoS Protection Bill of Materials © F5 Networks, Inc Inc. Security for Service Providers LTE Roaming • • • • Application Services Intelligent DNS Scale White Paper (Business) Solution diagram(s) Architecture diagram(s) Product map diagram(s) Migration to Cloud Cloud Federation DevOps Cloud Bursting • • • • Customer Presentation Solution Animation/Video White paper (Technical) Placemat leave-behind 52
  53. 53. Reference Architectures Solution Documents… © F5 Networks, Inc 53
  54. 54. DDoS Protection Reference Architecture Next-Generation Firewall Tier 2 Tier 1 Network attacks: ICMP flood, UDP flood, SYN flood Multiple ISP strategy Corporate Users Financial Services SSL attacks: SSL renegotiation, SSL flood Legitimate Users E-Commerce ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning DDoS Attacker Cloud Scrubbing Service Network and DNS Application HTTP attacks: Slowloris, slow POST, recursive POST/GET Subscriber IPS Threat Feed Intelligence Scanner Anonymous Proxies © F5 Networks, Inc Anonymous Requests Botnet Attackers Strategic Point of Control 54
  55. 55. DDoS Protection Reference Architecture Next-Generation Firewall Corporate Users TIER 1 KEY FEATURES Tier 2 • The first tier at the perimeter is layer 3 and 4 network firewall services Tier 1 Network attacks: ICMP flood, UDP flood, SYN flood Multiple ISP strategy SSL attacks: SSL renegotiation, SSL flood Legitimate Users ISPa/b DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning DDoS Attacker Cloud Scrubbing Service Anonymous Proxies © F5 Networks, Inc Anonymous Requests HTTP attacks: Slowloris, slow POST, recursive POST/GET • IP reputation database E-Commerce Subscriber • Mitigates volumetric and DNS DDoS attacks IPS Threat Feed Intelligence Scanner Network and DNS • Simple load balancing Application to a second tier Financial Services Botnet Attackers Strategic Point of Control 55
  56. 56. DDoS Protection Reference Architecture Next-Generation Firewall Corporate Users TIER 2 KEY FEATURES • The second tier is for application-aware, CPU-intensive defense Legitimate mechanisms Users Multiple ISP strategy Network attacks: ICMP flood, UDP flood, SYN flood Attacker Cloud • Mitigate asymmetric and Scrubbing SSL-based DDoS attacks Service Financial Services SSL attacks: SSL renegotiation, SSL flood E-Commerce ISPa/b • SSL termination • DDoS Web application firewall Tier 2 Tier 1 DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning Network and DNS Application HTTP attacks: Slowloris, slow POST, recursive POST/GET Subscriber IPS Threat Feed Intelligence Scanner Anonymous Proxies © F5 Networks, Inc Anonymous Requests Botnet Attackers Strategic Point of Control 56
  57. 57. Recommended Practices Configuration Guide 2. 3. 2.4 En for ce R e al Br ow se r s 2. 4 Besides authentication and tps-based detection (section Error! Reference source not found.), there are additional ways that F5 devices can separate real web browsers from probable bots. The easiest way, with ASM, is to create a DoS protection profile and turn on the “Source IPBased Client Side Integrity Defense” option. This will inject a JavaScript redirect into the client stream and verify each connection the first time that source IP address is seen. 2. 3. 2. 5 Thro t t le GE T Req u est F lo o ds v ia S cript The F5 DevCentral community has developed several powerful iRules that automatically throttle GET requests. Customers are continually refining these to keep up with current attack techniques. Here is one of the iRules that is simple enough to be represented in this document. The live version can be found at this DevCentral page: HTTP-Request-Throttle when RULE_INIT { # Life timer of the subtable object. Defines how long this object exist in the subtable set static::maxRate 10 # This defines how long is the sliding window to count the requests. # This example allows 10 requests in 3 seconds set static::windowSecs 3 set static::timeout 30 } Figure 1. Insert a Javascript Redirect to verify a real browser when HTTP_REQUEST { if { [HTTP::method] eq "GET" } { set getCount [table key -count -subtable [IP::client_addr]] if { $getCount < $static::maxRate } { incr getCount 1 table set -subtable [IP::client_addr] $getCount "ignore" $static::timeout $static::windowSecs } else { HTTP::respond 501 content "Request blockedExceeded requests/sec limit." return } } } Another iRule, which is in fact descended from the above, is an advanced version that also includes a way to manage the banned IPs address from within the iRule itself: 32 Page Detailed Guide… © F5 Networks, Inc • URI-Request Limiter iRule – Drops excessive HTTP requests to specific URIs or from an IP 57
  58. 58. Technical Validation & Performance Testing UDP Flood 2x Competition ICMP Flood 10x Competition Blended Attacks 25 + new DDoS Attack Vector Control options in Hardware © F5 Networks, Inc TCP Syn-Flood 16x Competition 58
  59. 59. Mapping F5 Products to Synthesis Solutions Use Reference Architectures to Implement F5 Synthesis Solutions © F5 Networks, Inc 59
  60. 60. Key Customer Benefits Maintain application availability Protect network infrastructure Defend against targeted attacks Safeguard your brand reputation Stay one step ahead Save money for your company ALL BACKED BY WORLD-CLASS SUPPORT AND PROFESSIONAL SERVICES © F5 Networks, Inc 60
  61. 61. TCO Study─Details Data Center Consolidation DDoS 83% Lower TCO 81% Lower TCO 85% Savings • Service Contracts 92% Savings • Space/Power/Cooling 62% Savings • Training 82% Savings • Upgrades/Patching 81% Savings • Service Contracts 94% Savings • Space/Power/Cooling 66% Savings • Training 82% Savings • Upgrades/Patching © F5 Networks, Inc. DDoS Market Study • DDoS Products and Services • $870 Million Market by 2017 • FSI Represents 23% of DDoS Market • Services Accounts for 46% of DDoS TAM • Financial Services, Gaming, and Online Retail are top verticals 61
  62. 62. Making it Happen with Global Services
  63. 63. F5 Global Services and Synthesis PRODUCT FOCUSED SERVICE LED SOLUTION DRIVEN 4 3 2 1 © F5 Networks, Inc Advanced Services Packaged Core Services APPLICATION ENABLED Architecture and Integration Consultative and Strategic • Reference Architectures • Managed Services / SOC • F5aaS • Solution Definition Workshops • Security Envisioning • Remote Services • Security • Mobility • Service Provider • Implementation • Migration • Upgrades 63
  64. 64. Services to Support Reference Architecture Lifecycle IMPLEMENT ARCHITECT Solution Definition Workshop Installation and Migrations OPTIMIZE MAINTAIN Managed Services and Live Monitoring S/Gi Network Simplification DDoS © F5 Networks, Inc. Secure Mobility Proactive Assessments and Integration Security for Service Providers LTE Roaming Application Services DNS CONFIDENTIAL Cloud Migration Cloud Federation DevOps Cloud Bursting 64
  65. 65. Multi-network Environment and Partner Ecosystem
  66. 66. F5 Synthesis Partner Ecosystem / DevOps © F5 Networks, Inc Inc. 66
  67. 67. Completing the SDN Stack BIG-IQ Device™ Software-Defined Data Center Application Plane NBI Control Plane Virtual Networks Data Plane SDN Controller NVGRE BIG-IQ Cloud™ NBI OPEN REST APIs BIGF5 BIG-IQ VXLAN ETC… Service Chaining LAYER 2-3 © F5 Networks, Inc BIG-IQ Security™ LAYER 4-7 67
  68. 68. Partner Integration with Synthesis Auto-scaling, application provisioning, and automated system maintenance and patching. Two-way communication Configure application networking services Automated network and service provisioning BIG IQ Cloud F5 SDAS Service Fabric Programmability Programmability Automate network and service provisioning, F5 Platforms Hardware | Software | Cloud Integrate network virtualization and ADN services Provisioning and orchestration of BIG-IP in AWS © F5 Networks, Inc Dynamically update state of servers in load balancing pool 68
  69. 69. Cisco ACI Design Philosophy
  70. 70. Why Cisco/ACI matters for Customers • Cisco and F5 share a common vision for simplifying networking end to end by taking an application-centric approach to solving key pain points in customer’s next generation data centers while meeting their critical data center requirements today. • Working with Cisco on Application Centric Infrastructure, F5 has a unique opportunity to deliver on vision of shaping infrastructure to the needs of the applications. • Cisco ACI integrates F5 Big-IP appliances (physical and virtual) to deliver application-centric, ADC-enabled network automation in existing and next generation data centers
  71. 71. VMware NSX and F5 joint solution Overview Any Application (without modification) Virtual Networks Any Cloud Management Platform VMware NSX Network Virtualization Platform Logical Logical Logical Load Balancer VPN Firewall Logical Load Balancer Logical L2 Logical L3 Any Hypervisor Any Network Hardware NSX integrates with F5 BIG-IQ and BIG-IPs F5 Admin defined iApps get published to NSX Manager as ADN service templates BIG-IPs VEs get automatically deployed, licensed and configured User can instantiate and consume F5 iApps from NSX UI or API Benefits Virtual IP: 172.168.1.1 Member pool: 10.0.0.1, 10.0.0.2 ADN template: Web Gold © F5 Networks, Inc Compatible with all NSX features Compatible with all F5 BIG-IQ and BIG-IP features Seamless support for virtual networks and traditional networking with VLANs Support for any CMP including vCAC Familiar workflows for all teams (in NSX , and in F5 BIG-IQ) Supports virtual and physical form factor of F5 appliances 71
  72. 72. F5 + NSX : Application delivery needs for enterprise virtualized workloads in NSX environments Context Aware Network Services: •Insertion of Application, user and resource awareness in NSX Insertion environments Speed of provisioning: •Intelligent services orchestration enhances time-to-production for Intelligent time-toall the necessary infrastructure services from weeks to minutes Simplified Operations: •Meet needs for simplified operations and programmability needs Meet for network services Application visibility and correlation •Enhanced visibility and correlation for the application Enhanced © F5 Networks, Inc. 72
  73. 73. Benefits Drive © F5 Networks, Inc. Increase Reduce Future 73
  74. 74. SDDC/Cloud
  75. 75. Coming to a City Near You…. Cloud and Security Events Ask your Account Team for More Information…

×