April, 2014
F5 Synthesis
Information Session
Agenda
• Welcome and Introduction to Customer Technology Challenges
• Software Defined Application Services
• Reference Ar...
© F5 Networks, Inc 3
Mobility
SDDC/Cloud
Advanced
threats
Internet of
Things
“Software defined”
everything
HTTP is the
new...
© F5 Networks, Inc 4
Impact on Data Center Architecture: Applications
MICRO-ARCHITECTURES
Each service is isolated and req...
© F5 Networks, Inc 5
Impact on Data Center Architecture: Network
SOLUTION SPRAWL
Increasing threats and client platforms r...
“Leave No Application Behind”
© F5 Networks, Inc 7
DDoS WAF SSL LTE
1000
Average number of
applications deployed
within an enterprise
Applications
requi...
© F5 Networks, Inc 8
The selected few
© F5 Networks, Inc 9
ADC ADC ADC ADC ADC ADC
© F5 Networks, Inc 10
High-Performance
Fabric Application
Services
BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP
© F5 Networks, Inc 11© F5 Networks, Inc. 11
© F5 Networks, Inc 12
Software Defined Application Services4
The 4th Phase of the Evolution
Application Delivery Controlle...
© F5 Networks, Inc 13
Software Defined Application Services Elements
High-Performance
Services Fabric
Simplified
Business ...
© F5 Networks, Inc 14
Software Defined Application Services Elements
High-Performance
Services Fabric
High-Performance Services Fabric
Network [Physical • Overlay • SDN]
Virtual Edition ChassisAppliance
High-Performance Services Fabric
On-Demand Scaling All-Active Clustering Multi-Tenancy
ScaleN
TMOS TMOS TMOS TMOS
Network ...
High-Performance Services Fabric
Throughput Connections
per second
Concurrent
connections
Multi-tenant
instances per devic...
High-Performance Services Fabric
Network [Physical • Overlay • SDN]
Virtual Edition ChassisAppliance
Data Plane
Programmab...
High-Performance Services Fabric
Network [Physical • Overlay • SDN]
Virtual Edition ChassisAppliance
Data Plane
Programmab...
Software Defined Application Services
© F5 Networks, Inc 21
Software Defined Application Services
F5 Software Defined
Application Services (SDAS)
A rich set of ...
© F5 Networks, Inc 22
Software Defined Application Services
Availability
Authoritative DNS
Cloud Bursting
CGNAT
Disaster R...
© F5 Networks, Inc 23
Software Defined Application Services
PerformanceAccelerationCaching
Optimization
SPDY Gateway
Appli...
© F5 Networks, Inc 24
Software Defined Application Services
Access &
Identity
Cloud Federation
Endpoint Inspection
Single ...
© F5 Networks, Inc 25
Software Defined Application Services
Security
DNSSEC
ADF
Anti-Fraud
WAF
DDoS
SSL VPN
Anti-Phishing
...
© F5 Networks, Inc 26
Software Defined Application Services Elements
Fabric Connectors
Module Connectors
Cloud Connectors
Orchestration
Connectors
Intelligent Services Orchestration
BIG-IQ
•R...
Completing the SDN Stack
F5 BIG-IQ
OPEN
REST APIs
LAYER 2-3 LAYER 4-7
SDN Controller
BIG-IQ
Security™
BIG-IQ
Cloud™
BIG-IQ...
Public CloudHybrid Cloud
BIG-IP
BIG-IP
Data Center
Centralized Management Platform
BIG - IQBIG - IQ
Application Services Modules
Software Defined Application Services Elements
Simplified
Business Models
Good | Better | Best
Flexibility
Make it easier to adopt
advanced F5
functionality
Simplicity
Consolidate into fewer
commo...
Reference
Architectures
For Today’s Customer Challenges
© F5 Networks, Inc 34
Reference Architectures
Device, Network, Applications
Bill of Materials • White Paper (Business)
• S...
© F5 Networks, Inc 35
Reference Architectures
Solution Documents…
© F5 Networks, Inc 36
DDoS Protection Reference Architecture
Legitimate
Users
Threat Feed Intelligence
DDoS
Attacker
ISPa/...
© F5 Networks, Inc 37
DDoS Protection Reference Architecture
Legitimate
Users
Threat Feed Intelligence
DDoS
Attacker
ISPa/...
© F5 Networks, Inc 38
DDoS Protection Reference Architecture
Legitimate
Users
Threat Feed Intelligence
DDoS
Attacker
ISPa/...
© F5 Networks, Inc 39
Recommended Practices Configuration Guide
2.3.2.5 Throttle GET Request Floods via Script
The F5 DevC...
Cisco Partnership
© F5 Networks, Inc 41
Completing the SDN Stack
F5 BIG-IQ
OPEN
REST APIs
LAYER 2-3 LAYER 4-7
SDN Controller
BIG-IQ
Security...
© F5 Networks, Inc 42
F5 Platforms
Hardware | Software | Cloud
Programmability
F5 SDAS Service
Fabric
Programmability
BIG ...
Cisco ACI Design Philosophy
Why Cisco/ACI matters for Customers
• Cisco and F5 share a common vision for simplifying networking end to
end by taking a...
© F5 Networks, Inc.
Benefits
Drive Increase Reduce Future
45
SDDC/Cloud
Thinking about SDN and whether it is the right approach for your organization?
Upcoming SlideShare
Loading in …5
×

Thinking about SDN and whether it is the right approach for your organization?

1,143 views

Published on

Thinking about SDN and whether it is the right approach for your organization? Have you heard about Cisco’s Application Centric Infrastructure and F5 Synthesis yet? The path to radically simplify and accelerate application deployment and datacenter agility can be a phased approach that leverages your existing investment. Rapid delivery of applications to anyone, anywhere, at any time is complex—and many businesses struggle with it.

Published in: Technology, Business
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,143
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
64
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Thinking about SDN and whether it is the right approach for your organization?

  1. 1. April, 2014 F5 Synthesis Information Session
  2. 2. Agenda • Welcome and Introduction to Customer Technology Challenges • Software Defined Application Services • Reference Architectures for Today’s Customer Challenges • Total Cost of Ownership and New Business Models • Multi-network Environment and Partner Ecosystem • Making it Happen with Global Services • Q & A
  3. 3. © F5 Networks, Inc 3 Mobility SDDC/Cloud Advanced threats Internet of Things “Software defined” everything HTTP is the new TCP
  4. 4. © F5 Networks, Inc 4 Impact on Data Center Architecture: Applications MICRO-ARCHITECTURES Each service is isolated and requires its own: • Load balancing • Authentication / authorization • Security • Layer 7 Services • May be API-based, expanding services required API DOMINANCE Proxies are used in emerging API-centric architectures for: • API versioning • Client-based steering • API Load balancing • Metering & billing • API key management Service A Service C Service B Service D API v1 API v2 More intelligence needed in servicesMore applications need services
  5. 5. © F5 Networks, Inc 5 Impact on Data Center Architecture: Network SOLUTION SPRAWL Increasing threats and client platforms result in need for: • Mobile device management • Mobile access management • Mobile security • DDoS • Application layer threats • Malware OPERATIONAL INCONSISTENCY Introduction of off-premise cloud solutions without architectural parity results in: • Inconsistent enforcement of business and operational policies • Unpredictable application performance and security • Increased OpEx as new management paradigms are introduced SaaS
  6. 6. “Leave No Application Behind”
  7. 7. © F5 Networks, Inc 7 DDoS WAF SSL LTE 1000 Average number of applications deployed within an enterprise Applications require services Acceleration
  8. 8. © F5 Networks, Inc 8 The selected few
  9. 9. © F5 Networks, Inc 9 ADC ADC ADC ADC ADC ADC
  10. 10. © F5 Networks, Inc 10 High-Performance Fabric Application Services BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP
  11. 11. © F5 Networks, Inc 11© F5 Networks, Inc. 11
  12. 12. © F5 Networks, Inc 12 Software Defined Application Services4 The 4th Phase of the Evolution Application Delivery Controller1 Broadened Application Services2 Cloud Ready3 © F5 Networks, Inc. 12
  13. 13. © F5 Networks, Inc 13 Software Defined Application Services Elements High-Performance Services Fabric Simplified Business Models
  14. 14. © F5 Networks, Inc 14 Software Defined Application Services Elements High-Performance Services Fabric
  15. 15. High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition ChassisAppliance
  16. 16. High-Performance Services Fabric On-Demand Scaling All-Active Clustering Multi-Tenancy ScaleN TMOS TMOS TMOS TMOS Network [Physical • Overlay • SDN]
  17. 17. High-Performance Services Fabric Throughput Connections per second Concurrent connections Multi-tenant instances per device Device service clusters Network [Physical • Overlay • SDN]*40K when combining admin instances with vCMP
  18. 18. High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition ChassisAppliance Data Plane Programmability Control Plane Management Plane
  19. 19. High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition ChassisAppliance Data Plane Programmability Control Plane Management Plane
  20. 20. Software Defined Application Services
  21. 21. © F5 Networks, Inc 21 Software Defined Application Services F5 Software Defined Application Services (SDAS) A rich set of services that address the delivery challenges faced by businesses today.
  22. 22. © F5 Networks, Inc 22 Software Defined Application Services Availability Authoritative DNS Cloud Bursting CGNAT Disaster Recovery Business Continuity Global Load Balancing Intelligent EPC node selection Global Server LB Global Server LB DNS Caching & Resolving Load Balancing
  23. 23. © F5 Networks, Inc 23 Software Defined Application Services PerformanceAccelerationCaching Optimization SPDY Gateway Application Optimization Traffic Shaping and QoS Compression Web Performance Optimization Traffic Management
  24. 24. © F5 Networks, Inc 24 Software Defined Application Services Access & Identity Cloud Federation Endpoint Inspection Single Sign-OnAccess Control SAML Federation SSL VPNAnti-Malware Web Access Management Active Sync Proxy Secure Web Gateway .
  25. 25. © F5 Networks, Inc 25 Software Defined Application Services Security DNSSEC ADF Anti-Fraud WAF DDoS SSL VPN Anti-Phishing DNS Security SSL intelligence SSL Inspection Programmability
  26. 26. © F5 Networks, Inc 26 Software Defined Application Services Elements
  27. 27. Fabric Connectors Module Connectors Cloud Connectors Orchestration Connectors Intelligent Services Orchestration BIG-IQ •Rest API
  28. 28. Completing the SDN Stack F5 BIG-IQ OPEN REST APIs LAYER 2-3 LAYER 4-7 SDN Controller BIG-IQ Security™ BIG-IQ Cloud™ BIG-IQ Device™ NBI NBI NVGRE VXLAN ETC… Control Plane Application Plane Data Plane Software-DefinedDataCenter Virtual Networks Service Chaining
  29. 29. Public CloudHybrid Cloud BIG-IP BIG-IP Data Center Centralized Management Platform BIG - IQBIG - IQ
  30. 30. Application Services Modules
  31. 31. Software Defined Application Services Elements Simplified Business Models
  32. 32. Good | Better | Best Flexibility Make it easier to adopt advanced F5 functionality Simplicity Consolidate into fewer common configurations BestValue Save when purchasing bundles Good Better Best VE Price Comparison Bought As Bundle Bought As Components Good Better Best Appliance Comparison BIG-IP Local Traffic Manager    BIG-IP Global Traffic Manager   Application Acceleration Manager   BIG-IP Application Protection   SDN Service   Advanced Routing   BIG-IP Access Policy Manager  BIG-IP Application Security Manager 
  33. 33. Reference Architectures For Today’s Customer Challenges
  34. 34. © F5 Networks, Inc 34 Reference Architectures Device, Network, Applications Bill of Materials • White Paper (Business) • Solution diagram(s) • Architecture diagram(s) • Product map diagram(s) • Customer Presentation • Solution Animation/Video • White paper (Technical) • Placemat leave-behind © F5 Networks, Inc. DDoS Protection S/Gi Network Simplification Security for Service Providers Application Services Migration to Cloud DevOps LTE Roaming Intelligent DNS Scale Cloud Federation Cloud Bursting
  35. 35. © F5 Networks, Inc 35 Reference Architectures Solution Documents…
  36. 36. © F5 Networks, Inc 36 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1
  37. 37. © F5 Networks, Inc 37 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1 • The first tier at the perimeter is layer 3 and 4 network firewall services • Simple load balancing to a second tier • IP reputation database • Mitigates volumetric and DNS DDoS attacks TIER 1 KEY FEATURES
  38. 38. © F5 Networks, Inc 38 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1 • The second tier is for application-aware, CPU-intensive defense mechanisms • SSL termination • Web application firewall • Mitigate asymmetric and SSL-based DDoS attacks TIER 2 KEY FEATURES
  39. 39. © F5 Networks, Inc 39 Recommended Practices Configuration Guide 2.3.2.5 Throttle GET Request Floods via Script The F5 DevCentral community has developed several powerful iRules that automatically throttle GET requests. Customers are continually refining these to keep up with current attack techniques. Here is one of the iRules that is simple enough to be represented in this document. The live version can be found at this DevCentral page: HTTP-Request-Throttle when RULE_INIT { # Life timer of the subtable object. Defines how long this object exist in the subtable set static::maxRate 10 # This defines how long is the sliding window to count the requests. # This example allows 10 requests in 3 seconds set static::windowSecs 3 set static::timeout 30 } when HTTP_REQUEST { if { [HTTP::method] eq "GET" } { set getCount [table key -count -subtable [IP::client_addr]] if { $getCount < $static::maxRate } { incr getCount 1 table set -subtable [IP::client_addr] $getCount "ignore" $static::timeout $static::windowSecs } else { HTTP::respond 501 content "Request blockedExceeded requests/sec limit." return } } } Another iRule, which is in fact descended from the above, is an advanced version that also includes a way to manage the banned IPs address from within the iRule itself: · URI-Request Limiter iRule – Drops excessive HTTP requests to specific URIs or from an IP 2.3.2.4 Enforce Real Browsers Besides authentication and tps-based detection (section Error! Reference source not found.), there are additional ways that F5 devices can separate real web browsers from probable bots. The easiest way, with ASM, is to create a DoS protection profile and turn on the “Source IP- Based Client Side Integrity Defense” option. This will inject a JavaScript redirect into the client stream and verify each connection the first time that source IP address is seen. Figure 1. Insert a Javascript Redirect to verify a real browser 32 Page Detailed Guide…
  40. 40. Cisco Partnership
  41. 41. © F5 Networks, Inc 41 Completing the SDN Stack F5 BIG-IQ OPEN REST APIs LAYER 2-3 LAYER 4-7 SDN Controller BIG-IQ Security™ BIG-IQ Cloud™ BIG-IQ Device™ NBI NBI NVGRE VXLAN ETC… Control Plane Application Plane Data Plane Software-DefinedDataCenter Virtual Networks Service Chaining
  42. 42. © F5 Networks, Inc 42 F5 Platforms Hardware | Software | Cloud Programmability F5 SDAS Service Fabric Programmability BIG IQ Cloud Provisioning and orchestration of BIG-IP in AWS Two-way communication Configure application networking services Automated network and service provisioning Auto-scaling, application provisioning, and automated system maintenance and patching. Automate network and service provisioning, Integrate network virtualization and ADN services Partner Integration with Synthesis
  43. 43. Cisco ACI Design Philosophy
  44. 44. Why Cisco/ACI matters for Customers • Cisco and F5 share a common vision for simplifying networking end to end by taking an application-centric approach to solving key pain points in customer’s next generation data centers while meeting their critical data center requirements today. • Working with Cisco on Application Centric Infrastructure, F5 has a unique opportunity to deliver on vision of shaping infrastructure to the needs of the applications. • Cisco ACI integrates F5 Big-IP appliances (physical and virtual) to deliver application-centric, ADC-enabled network automation in existing and next generation data centers
  45. 45. © F5 Networks, Inc. Benefits Drive Increase Reduce Future 45
  46. 46. SDDC/Cloud

×