SlideShare a Scribd company logo

Big Ip Global Traffic Manager Ds

S
Steven_Jackson

DNS Security and Global Load Balancing

1 of 12
Download to read offline
BIG‑IP Global Traffic Manager DATASHEET What’s Inside 2 Globally Available Applications 4 Unmatched DNS Performance 4 DNS Caching and Resolving 4 Secure Applications 6 Simple Management Optimize DNS Services and App 8 Network Integration Delivery Across Global Data Centers 9 Architecture Deploying multiple data centers helps protect your business from site outages and improves DNS and application performance. Securing DNS infrastructure from the latest DDoS attacks 0 BIG‑IP GTM Platforms 1 and protecting DNS query responses from cache poisoning helps keep your online business running and viable. But to fully achieve these goals, organizations need an efficient way to 1 0 System Requirements monitor DNS infrastructure and application health. 1 DNS Services on 1 F5® BIG-IP® Global Traffic Manager™ (GTM) distributes user application requests based BIG-IP LTM on business policies, data center and network conditions, user location, and application performance. BIG-IP GTM enables F5’s high-performance DNS Services; scales and secures 2 F5 Services 1 DNS responses geographically to survive DDoS attacks; delivers a complete, real-time 2 More Information 1 DNSSEC solution; and ensures global application high availability. Key benefits Ensure application availability and Improve application performance scale DNS performance up to 10× Send users to the site with the best application By ensuring that users are connected to the performance based on application and best site, BIG‑IP GTM delivers strong multicenter network conditions. application availability and dramatically scales and controls DNS. Deploy flexibly and manage your network simply and efficiently Gain control and secure global BIG-IP GTM Virtual Edition (VE) delivers application delivery flexible global application management in Route users based on business, geolocation, virtual deployments. Multiple management application, and network requirements to gain tools give you complete visibility and control. flexibility and control. Also ensure application availability and protection during DDoS attacks or volume spikes. 1
DATASHEET BIG-IP Global Traffic Manager Globally Available Applications Organizations rely on applications to stay competitive, so ensuring global availability is critical. BIG‑IP GTM offers sophisticated health monitoring that supports a wide variety of application types, giving organizations the flexibility to adapt quickly and stay competitive. Global load balancing Advanced global load balancing User experience suffers when organizations with distributed data centers are unable to BIG‑IP GTM includes the industry’s allocate global traffic by routing the user to the best and closest data center based on most advanced traffic distribution specific business policies. Changing network and user conditions can overwhelm a data capabilities to match the needs center during peak traffic times. BIG‑IP GTM provides comprehensive, high-performance of any organization or globally application management services that support evolving application requirements. deployed application. ·· Round robin Dynamic ratio load balancing ·· Global availability ·· LDNS persistence BIG‑IP GTM routes users to the best global resource based on comprehensive site and ·· Application availability network metrics. For example, the quality of service (QoS) load balancing mode includes ·· Geography a hops coefficient, based on the number of hops between the client and the local DNS. Managers can use hop rate to send the user to the data center that requires the fewest ·· Virtual server capacity hops, ensuring more rapid access. Dynamic Ratio load balancing mode solves the problem ·· Least connections of “winner takes all” common to other global traffic management systems. Dynamic Ratio ·· Packets per second sends a portion of traffic to the best performing site, second best performing site, and so ·· Round trip time on—in proportion to the health and performance of network and server resources. ·· Hops ·· Packet completion rate Wide area persistence ·· User-defined QoS ·· Dynamic ratio User connections can persist across applications and data centers and be automatically routed ·· LDNS to the appropriate data center or server, based on application state. BIG‑IP GTM synchronizes ·· Ratio persistence information across all devices, ensuring that users are directed back to the same ·· Kilobytes per second site regardless of their entry point. Finally, it propagates the desired persistence information to local DNS servers, reducing the required frequency of synchronizing back-end databases. Session integrity is always maintained, with no more broken sessions or lost or corrupted data. The result is improved application performance and more efficient use of your infrastructure. Geographic load balancing Determining the location of users is critical to ensuring they are connected to the best data center and served the right content. BIG‑IP GTM includes an IP geolocation database from industry leader Quova to accurately identify exactly where a user is located. Each IP can be located at the continent, country, and state/province level to enable very granular traffic policies and improve application performance. Custom topology mapping BIG‑IP GTM offers organizations deploying intranet applications the ability to set up custom topology mappings. By defining and saving custom region groupings, you can configure topology based on traffic distribution policies that match your internal infrastructure. Infrastructure monitoring BIG‑IP GTM checks the health of the entire infrastructure, eliminating single points of failure and routing traffic away from poorly performing sites. By collecting performance and availability metrics from data centers, ISP connections, servers, caches, and user content, BIG‑IP GTM ensures high availability and adequate capacity prior to directing traffic to a site. 2
DATASHEET BIG-IP Global Traffic Manager Application health monitoring Today’s sophisticated applications require intelligent health checks to determine availability. Instead of relying on a single health check, BIG‑IP GTM aggregates multiple monitors so you can check the application state at multiple levels. This results in highest availability, improved reliability, and the elimination of false positives to reduce management overhead. BIG‑IP GTM provides pre-defined, out-of-the-box health monitoring support for more than 18 different applications, including SAP, Oracle, LDAP, and mySQL. BIG‑IP GTM performs targeted monitoring of these applications to accurately determine their health, reduce downtime, and improve user experience. It also allows you to group related objects so that if one application fails, other apps that depend on it will be marked out of service. This enables you to align and monitor application objects according to business logic and profitability, build scalable traffic distribution policies, and better manage application dependencies. Disaster recovery/business continuity planning In addition to performing comprehensive site availability checks, you can define the conditions for shifting all traffic to a backup data center, failing over an entire site, or controlling only the affected applications. BIG‑IP GTM ensures users are Site 2 – New York always connected to the best site Router (see illustration). BIG-IP (1) ser queries local DNS to U Global Traffic Manager resolve domain, and local DNS User – Seattle queries BIG‑IP GTM. BIG-IP Local Traffic Manager (2) IG‑IP GTM uses metrics B 4 collected for each site and identifies the best server. (3) IG‑IP GTM responds to local B DNS with IP address. 1 (4) ser is connected to site. U Corporate Servers Site 1 – San Francisco Router 2 BIG-IP Global Traffic Manager Site 3 – Milan Router BIG-IP BIG-IP Local Traffic Manager Global Traffic Manager 3 BIG-IP Local Traffic Manager Corporate Servers Corporate Servers 3
DATASHEET BIG-IP Global Traffic Manager Unmatched DNS Performance BIG‑IP GTM delivers DNS performance that can handle even the busiest sites. This helps your organization provide the best quality of service for your users while eliminating poor application performance. When sites have a volume spike in DNS query volumes due to legitimate requests or distributed denial of service (DDoS) attacks, BIG-IP GTM manages requests with DNS Express, dramatically increasing DNS performance up to 10× to quickly respond to all queries. DNS Express™ improves standard DNS server functions by offloading DNS functions as a secondary DNS server. BIG-IP GTM zone transfers DNS records from the authoritative DNS server and answers DNS queries—delivering exponential performance improvements that optimize DNS infrastructures, and scaling to protect against DDoS attacks. Benefits and features of DNS Express include: • High-speed response and DDoS attack protection with in-memory DNS • Authoritative DNS serving out of RAM • Configuration size for tens of millions of records • Scalable DNS performance • Consolidate DNS servers DNS Caching and Resolving By enabling a DNS cache on BIG-IP GTM, the number of DNS queries and the latency can be further reduced by having BIG-IP GTM respond immediately to client requests. BIG-IP GTM can consolidate the cache and increase the cache hit rate. This reduces DNS latency up to 80 percent, with DNS caching reducing the number of DNS queries for the same site within a short period of time. In addition to caching, adding resolver functions to BIG-IP GTM allows the device to do its own DNS resolving without requiring the use of an upstream DNS resolver. Caching profiles available to select for multiple caches include: • Transparent cache • BIG-IP GTM site in between client and DNS internal/external • Hot cache • Caching resolver • o cache response so that BIG-IP GTM sends out the request with the response N coming back for resolving and caching • Validating caching resolver Secure Applications DNS denial-of-service attacks, cache poisoning, and DNS hijacking threaten the availability and security of your applications. BIG‑IP GTM protects against DNS attacks and enables you to create polices that provide an added layer of protection for your applications and data. Hardened device BIG‑IP GTM is designed to resist common attacks by thwarting teardrop attacks, by protecting itself and servers from ICMP attacks, and by not running SMTPd, FTPd, Telnetd, 4 or any other attackable daemons.
DATASHEET BIG-IP Global Traffic Manager DNS attack protection The unmatched performance of DNS Express in BIG-IP GTM can tolerate high levels of DNS attacks—up to 10× standard queries responses—protecting your organization while still maintaining maximum and continuous availability for applications and services. DNS load balancing BIG-IP GTM can be used to front-end a pool of static DNS servers. If the DNS request is for a name controlled by BIG-IP GTM, BIG-IP GTM will answer the request. If not, BIG-IP GTM can load balance the request to a pool of DNS servers, providing very high DNS query performance for static DNS. Security control Administrators can strengthen site security and diffuse attacks before they start with BIG‑IP GTM. iRules® can help you create policies that block DNS requests from rogue sites or known sources of attacks before they can do damage. Packet filtering BIG‑IP GTM uses packet filtering to limit or deny access to and from websites based on monitoring the traffic source, destination, or port. DNS firewall DNS DDoS, cache poisoning of LDNS, and other unwanted DNS attacks and volume spikes can cause DNS outage and lost productivity. These attacks and traffic spikes increase volume dramatically and can take down DNS servers. BIG-IP GTM with security, scale, performance, and control functionality provides DNS firewall benefits. It shields DNS from attacks and other undesired DNS queries and responses that reduce DNS performance. These features to enable a DNS firewall: • DNSSEC—Dynamically signs DNS query responses • DNS Express—Scales DNS query responses dramatically to absorb DDoS attacks • Multicore scalability—Adding processors linearly scales DNS query performance • P Anycast integration—Distributes DNS query volumes among multiple BIG-IP GTM I devices in a pool • DNS iRules—DNS configuration and manipulation rules on queries and responses to protect DNS infrastructure Complete DNSSEC (option) With the BIG‑IP GTM DNSSEC option with SHA-2 support, you can digitally sign your DNS query responses. This enables the resolver to determine the authenticity of the response, preventing DNS hijacking and cache poisoning. These signed DNS responses can be used in conjunction with the BIG‑IP GTM dynamic DNS system so you can get all the benefits of global server load balancing while also securing your infrastructure. Alternatively, you can use BIG‑IP GTM in front of traditional DNS servers to easily deploy and load balance DNSSEC within your existing infrastructure. 5
DATASHEET BIG-IP Global Traffic Manager DNSSEC validation In most networks, DNS resolvers offload DNSSEC record requests and crypto calculations to validate that the DNS response being received is correctly signed. DNSSEC responses coming into the network requires high CPU loads on DNS resolving servers. With BIG-IP GTM DNSSEC validation, administrators can easily offload and validate DNSSEC on the client side using BIG-IP GTM for resolving. This results in superior DNS performance and a dramatic increase in the site response to end users. Simple Management Managing a distributed, multiple-site network from a single point is an enormous challenge. BIG‑IP GTM provides tools that give you a global view of your infrastructure with the means to manage the network and add polices to ensure the highest availability for your business- critical applications. Web-based user interface BIG‑IP GTM provides a simple way for your organization to manage its global infrastructure from a centralized location: • Efficient list and object management for complete visibility of global resources • nique naming of global objects to reduce administration and build the infrastructure U around business policies • Sorting and searching for fast access to global objects • Streamlined setup and object creation to reduce configuration times • Enhanced management of distributed applications as part of one collective group • ontext-sensitive help for information on objects, commands, and configuration examples C Powerful command line interface TMSH, a tree-based command line interface for BIG‑IP GTM, has integrated search, context- sensitive help, and batch-mode transactions. By providing a shell that is simple to navigate and enabling you to script complex commands, TMSH can significantly reduce management time. Automated setup and synchronization Autosync automates setup and secure synchronization of multiple BIG‑IP GTM devices. With Autosync, you can make configuration changes from any BIG‑IP GTM device in the network, eliminating difficult hierarchical management common to DNS. Configuration retrieval AutoDiscovery enables BIG‑IP GTM retrieve configurations from any number of distributed BIG‑IP systems, removing the need to repeat configurations across devices. Data center and sync groups BIG‑IP GTM enables you to create logical groups of network equipment to ensure the efficient use of monitoring and metrics collection. The result is a highly optimized solution that can support the Internet’s busiest sites by intelligently sharing the information with members in the logical group. 6
DATASHEET BIG-IP Global Traffic Manager Distributed application management Organizations often struggle to align their applications and infrastructure with their business goals and policies. BIG‑IP GTM gives you the ability to define dependencies between application services and manage them as a group. With distributed application management, you can build scalable traffic distribution policies and improve efficiency with granular control of data center objects. iRules Using F5’s event-driven iRules, you can customize the dynamic distribution of global traffic. ® BIG‑IP GTM looks deep inside DNS messages to distribute application traffic to the desired data center, pool, or virtual server. This capability reduces latency, increases protection against malicious attacks, and improves application performance. Because iRules is based on an easy-to-use, TCL-based scripting language, administrative costs are nominal. DNS iRules You can easily manage DNS queries, responses, and actions for a fast, customized DNS infrastructure using DNS iRules. For instance, you can configure DNS iRules with filtering capabilities by using packet filters and query logging to enable protection and reporting of DNS. Because BIG-IP GTM can configure DNS iRules to manipulate DNS packets, administrators can add commands enabling dynamic DNS query and response management. ZoneRunner ZoneRunner™ is an integrated zone file management tool that simplifies DNS zone file management and reduces the risk of misconfiguration. It provides a secure environment in which to manage your DNS infrastructure while validating and error-checking zone files. Built on the latest version of BIND, ZoneRunner provides: • Auto population of commonly used protocols • Validation/error checking for zone file entries • Rollback for the last transaction • Command line versions of zone management • Zone importation from an external server or a file • Automatic reverse lookups • Easy creation, editing, and searching of all records DNS health monitor BIG-IP GTM deployed inline easily manages and load balances DNS servers. The DNS health monitor available in BIG-IP GTM and BIG-IP® Local Traffic Manager™ (LTM) monitors DNS server health and helps configure DNS based on reporting. The DNS health monitor detects if the servers are operating at peak performance or not and helps in reconfiguring for optimal responses. For example, when monitoring outbound DNS responses, BIG-IP GTM receives valid response from the DNS server sending an outbound query response. Or, in another example, if no devices answer a DNS request, the DNS monitor will check the path to see if the DNS infrastructure is working. 7
DATASHEET BIG-IP Global Traffic Manager F5 Enterprise Manager Enterprise Manager™ can help you significantly reduce the cost and complexity of managing multiple F5 devices. You gain a single-pane view of your entire application delivery infrastructure and the tools you need to reduce deployment times, eliminate redundant tasks, and efficiently scale your infrastructure to meet your business needs. Network Integration BIG‑IP GTM is designed to fit into your current network and into your plans for the future. SNMP management application support BIG‑IP GTM integrates its MIBs and an SNMP agent with DNS. This enables SNMP management applications to read statistical data about the current performance of BIG‑IP GTM. SNMP management packages have an exact view of what BIG‑IP GTM is doing, while keeping an eye on standard DNS information. Third-party integration BIG‑IP GTM communicates and integrates with a broad array of network devices. This includes support for various types of remote hosts, including SNMP agents: UCD, snmpd, Solstice Enterprise, and the NT/4.0 SNMP agent. BIG‑IP GTM also talks to third-party caches, servers, routers, and load balancers to accurately diagnose the health of your network endpoints and provide a heterogeneous solution for global traffic management. IPv6/IPv4 support BIG‑IP GTM supports next-generation IPv6 networks, resolving AAAA queries without requiring wholesale network and application upgrades. As IPv6 adoption grows, BIG-IP GTM eases the transition to IPv6 by bridging the gap between IPv6/IPv4 DNS. The DNS translation between IPv6 and IPv4 networks is seamless as BIG-IP GTM provides DNS gateway and translation services for hybrid IPv6 and IPv4 solutions, and manages IPv6 and IPv4 DNS servers in DNS64 environments. For AAAA queries from clients, BIG-IP LTM configured with NAT64 transforms IPv6 to IPv4 for those IPv4-only environments. The response data is sent to the client from NAT64 using IPv6. BIG-IP GTM enables the customer to run pure internal IPv6 and maintain connectivity to IPv6/IPv4 Internet. IP Anycast integration BIG-IP GTM and IP Anycast integration increases DNS performance as more devices are added to support millions of DNS queries. DNS query volumes directed to one IP address, whether legitimate or during a denial-of-service (DoS) attack, are easily managed by distributing the load among multiple geographic BIG-IP GTM devices with an IP Anycast integration. Administrators scale DNS infrastructure up and out to manage DNS request load to one IP, increasing revenue by servicing more users and protecting brand with trustworthy query response. Network managers realize these benefits: • Improved user performance and reliability • Reduced network latency for DNS transactions • Fewer queries routed to distant servers • Lower rates of dropped query packets, reducing DNS timeouts/retries 8 • Fewer congested routers
DATASHEET BIG-IP Global Traffic Manager BIG-IP GTM and IP Anycast integration distributes the DNS request load by directing single IP requests to multiple local devices. BIG-IP Global Traffic Manager BIG-IP Global Traffic Manager Global server load balancing in virtual and cloud environments Easily spin up new deployments of global server load balancing with BIG-IP GTM Virtual Edition (VE) standalone or BIG-IP GTM running on BIG-IP LTM VE. Provide flexible global application availability by routing users to applications in data centers, managing Internet SaaS and outsourced applications, or directing users to the most available cloud applications. Architecture The advanced architecture of BIG‑IP GTM gives you total flexibility to control application delivery without creating traffic bottlenecks. TMOS At the heart of BIG‑IP GTM is the F5 operating system, TMOS®, that provides a unified system for optimal application delivery, giving you total visibility, flexibility, and control across all services. TMOS empowers BIG‑IP GTM to integrate with other F5 products and intelligently adapt to the diverse and evolving requirements of applications and networks. Query performance and scalability BIG-IP GTM query performance scales linearly on larger platforms and increases performance by integrating functions in TMOS. BIG-IP GTM is provisionable for platforms that support F5 virtual Clustered Multiprocessing (vCMP™). 9
10 DATASHEET BIG-IP Global Traffic Manager BIG‑IP GTM Platforms BIG‑IP Global Traffic Manager is available as a standalone appliance on the BIG‑IP 1600, 3600, 3900, 6900 FIPS, and 11050 platforms, and for BIG-IP GTM Virtual Edition. It is available as an add-on module for BIG‑IP Local Traffic Manager (LTM) on any BIG‑IP platform, and for BIG-IP LTM Virtual Edition. For detailed specifications, refer to the BIG‑IP System Hardware Datasheet. 1600 Series 3600 Series 3900 Series 6900 FIPS Series 11050 Series BIG-IP GTM VE System Requirements BIG-IP LTM VE with BIG-IP GTM, and BIG-IP GTM VE standalone are compatible with Microsoft Hyper-V for Windows Server 2008 R2 (lab only), Citrix XenServer 5.6, and VMware vSphere Hypervisor 4.0, 4.1, and 5.0. The virtual machine guest environment for BIG-IP system virtual editions must include these characteristics: • 2 virtual CPUs • 4 GB RAM with a 2-core CPU and 8 GB RAM with a 4-core CPU • 3 virtual network adapters • One 40 GB LSI logic disk
11 DATASHEET BIG-IP Global Traffic Manager DNS Services on BIG-IP LTM Add the DNS Services module to your BIG-IP LTM deployment for DNS (non-GSLB) functionality on the BIG-IP LTM platform. The DNS Services module includes: • DNS Express—Delivers superior DNS performance enhancements • DNS 6 to 4—Provides IPv6/IPv4 translation for DNS • DNS Profile—Enables DNS-specific functions such as DNS iRules • NS iRules—Allows for easy configuration and manipulation of all DNS query D and response fields • ZoneRunner—Optional management of the on box BIND instance as a master source for DNS Express • Advanced routing—Required to use IP Anycast for DNS listener addresses • NS caching and resolving—Enables a DNS cache and resolver to respond immediately D to client requests • DNSSEC validation—Provides rapid validation of DNSSEC responses and offloads DNSSEC computations
12 DATASHEET BIG-IP Global Traffic Manager F5 Services F5 Services offers world-class support, training, and consulting to help you get the most from your F5 investment. Whether it’s providing fast answers to questions, training internal teams, or handling entire implementations from design to deployment, F5 Services can help you achieve IT agility. For more information about F5 Services, contact consulting@f5.com or visit f5.com/services. More Information To learn more about BIG-IP GTM, use the search function on f5.com to find these and other resources. Datasheet BIG-IP System Hardware Datasheet White papers Distributing Applications for Disaster Planning and Availability DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks F5 and Infoblox DNS Integrated Architecture: Offering a Complete Scalable, Secure DNS Solution Case study SaaS Provider RelayHealth Delivers Innovative Healthcare Applications with F5 Solutions F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com F5 Networks, Inc. F5 Networks F5 Networks Ltd. F5 Networks Corporate Headquarters Asia-Pacific Europe/Middle-East/Africa Japan K.K. info@f5.com apacinfo@f5.com emeainfo@f5.com f5j-info@f5.com ©2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, and IT agility. Your way., are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. CS03-00024 0412

Recommended

BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
F5 GTM HEALTH CHECKS
F5 GTM HEALTH CHECKSF5 GTM HEALTH CHECKS
F5 GTM HEALTH CHECKSMarco Essomba
 
F5 DNS Solution for CSPs
F5 DNS Solution for CSPsF5 DNS Solution for CSPs
F5 DNS Solution for CSPsF5 Networks
 
DNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDSorensenCPR
 
F5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureF5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureDSorensenCPR
 
Top 10 Reasons Why F5 Makes Sense
Top 10 Reasons Why F5 Makes SenseTop 10 Reasons Why F5 Makes Sense
Top 10 Reasons Why F5 Makes SenseF5 Networks
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Torontopatmisasi
 

Recommended

BIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationBIG IP F5 GTM Presentation
BIG IP F5 GTM PresentationPCCW GLOBAL
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
F5 GTM HEALTH CHECKS
F5 GTM HEALTH CHECKSF5 GTM HEALTH CHECKS
F5 GTM HEALTH CHECKSMarco Essomba
 
F5 DNS Solution for CSPs
F5 DNS Solution for CSPsF5 DNS Solution for CSPs
F5 DNS Solution for CSPsF5 Networks
 
DNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDSorensenCPR
 
F5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureF5 and Infoblox deliver complete secured DNS infrastructure
F5 and Infoblox deliver complete secured DNS infrastructureDSorensenCPR
 
Top 10 Reasons Why F5 Makes Sense
Top 10 Reasons Why F5 Makes SenseTop 10 Reasons Why F5 Makes Sense
Top 10 Reasons Why F5 Makes SenseF5 Networks
 
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 TorontoF5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Toronto
F5 Scale n and BIG-IP v11 3 for Scalar Partner Event June 4 2013 Torontopatmisasi
 
F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
F5 Networks Intelligent DNS Scale
F5 Networks Intelligent DNS ScaleF5 Networks Intelligent DNS Scale
F5 Networks Intelligent DNS ScaleF5 Networks
 
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPROIDEA
 
Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS ScalePeter Silva
 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017Guy Brown
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 
QoS Challenges and Solutions
QoS Challenges and SolutionsQoS Challenges and Solutions
QoS Challenges and SolutionsGoS Networks Ltd
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0MarketingArrowECS_CZ
 
F5 beyond load balancer (nov 2009)
F5 beyond load balancer (nov 2009)F5 beyond load balancer (nov 2009)
F5 beyond load balancer (nov 2009)Information Technology
 
Vfm packetshaper presentation
Vfm packetshaper presentationVfm packetshaper presentation
Vfm packetshaper presentationvfmindia
 
F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10F5 Networks
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Puppet
 
BIG-IP ADCs and ADF
BIG-IP ADCs and ADFBIG-IP ADCs and ADF
BIG-IP ADCs and ADFF5 Networks
 
What's new in Performance vision version 3.2
What's new in Performance vision version 3.2What's new in Performance vision version 3.2
What's new in Performance vision version 3.2PerformanceVision (previously SecurActive)
 
F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.Kapil Sabharwal
 
Ransomware: The Defendable Epidemic
Ransomware: The Defendable EpidemicRansomware: The Defendable Epidemic
Ransomware: The Defendable EpidemicSagi Brody
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortEduardo Castro
 
Training for F5 BIG-IP LTM and APM
Training for F5 BIG-IP LTM and APMTraining for F5 BIG-IP LTM and APM
Training for F5 BIG-IP LTM and APMBledar Meta
 
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...Amazon Web Services
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Gtm
GtmGtm
GtmMuhammad Haseeb
 

More Related Content

What's hot

F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
F5 Networks Intelligent DNS Scale
F5 Networks Intelligent DNS ScaleF5 Networks Intelligent DNS Scale
F5 Networks Intelligent DNS ScaleF5 Networks
 
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPROIDEA
 
Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS ScalePeter Silva
 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017Guy Brown
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPF5NetworksAPJ
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 
QoS Challenges and Solutions
QoS Challenges and SolutionsQoS Challenges and Solutions
QoS Challenges and SolutionsGoS Networks Ltd
 
Vfm packetshaper presentation
Vfm packetshaper presentationVfm packetshaper presentation
Vfm packetshaper presentationvfmindia
 
F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10F5 Networks
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Puppet
 
BIG-IP ADCs and ADF
BIG-IP ADCs and ADFBIG-IP ADCs and ADF
BIG-IP ADCs and ADFF5 Networks
 
F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.Kapil Sabharwal
 
Ransomware: The Defendable Epidemic
Ransomware: The Defendable EpidemicRansomware: The Defendable Epidemic
Ransomware: The Defendable EpidemicSagi Brody
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortEduardo Castro
 

What's hot (18)

F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshow
 
F5 Networks Intelligent DNS Scale
F5 Networks Intelligent DNS ScaleF5 Networks Intelligent DNS Scale
F5 Networks Intelligent DNS Scale
 
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
 
Intelligent DNS Scale
Intelligent DNS ScaleIntelligent DNS Scale
Intelligent DNS Scale
 
F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017F5 Meetup presentation automation 2017
F5 Meetup presentation automation 2017
 
Get more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IPGet more versatile and scalable protection with F5 BIG-IP
Get more versatile and scalable protection with F5 BIG-IP
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
 
QoS Challenges and Solutions
QoS Challenges and SolutionsQoS Challenges and Solutions
QoS Challenges and Solutions
 
F5 TMOS v13.0
F5 TMOS v13.0F5 TMOS v13.0
F5 TMOS v13.0
 
F5 beyond load balancer (nov 2009)
F5 beyond load balancer (nov 2009)F5 beyond load balancer (nov 2009)
F5 beyond load balancer (nov 2009)
 
Vfm packetshaper presentation
Vfm packetshaper presentationVfm packetshaper presentation
Vfm packetshaper presentation
 
F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10F5 iHealth Presentation 10 22-10
F5 iHealth Presentation 10 22-10
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
 
BIG-IP ADCs and ADF
BIG-IP ADCs and ADFBIG-IP ADCs and ADF
BIG-IP ADCs and ADF
 
What's new in Performance vision version 3.2
What's new in Performance vision version 3.2What's new in Performance vision version 3.2
What's new in Performance vision version 3.2
 
F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.F5 BigIP LTM Initial, Build, Install and Licensing.
F5 BigIP LTM Initial, Build, Install and Licensing.
 
Ransomware: The Defendable Epidemic
Ransomware: The Defendable EpidemicRansomware: The Defendable Epidemic
Ransomware: The Defendable Epidemic
 
Windows Server 2008 Security Overview Short
Windows Server 2008 Security Overview ShortWindows Server 2008 Security Overview Short
Windows Server 2008 Security Overview Short
 

Viewers also liked

Training for F5 BIG-IP LTM and APM
Training for F5 BIG-IP LTM and APMTraining for F5 BIG-IP LTM and APM
Training for F5 BIG-IP LTM and APMBledar Meta
 
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...Amazon Web Services
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
F5 LTM Course by NIASTA Learning!
F5 LTM Course by NIASTA Learning!F5 LTM Course by NIASTA Learning!
F5 LTM Course by NIASTA Learning!Niasta Learning
 
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Mohamed Al-Natour
 
Microsoft Azure Traffic Manager
Microsoft Azure Traffic ManagerMicrosoft Azure Traffic Manager
Microsoft Azure Traffic ManagerIdo Katz
 
Cisco SourceFire
Cisco SourceFireCisco SourceFire
Cisco SourceFireAhmed Serag
 
HA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsHA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsKashif Latif
 

Viewers also liked (9)

Training for F5 BIG-IP LTM and APM
Training for F5 BIG-IP LTM and APMTraining for F5 BIG-IP LTM and APM
Training for F5 BIG-IP LTM and APM
 
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBook
 
Gtm
GtmGtm
Gtm
 
F5 LTM Course by NIASTA Learning!
F5 LTM Course by NIASTA Learning!F5 LTM Course by NIASTA Learning!
F5 LTM Course by NIASTA Learning!
 
Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3Juniper Srx quickstart-12.1r3
Juniper Srx quickstart-12.1r3
 
Microsoft Azure Traffic Manager
Microsoft Azure Traffic ManagerMicrosoft Azure Traffic Manager
Microsoft Azure Traffic Manager
 
Cisco SourceFire
Cisco SourceFireCisco SourceFire
Cisco SourceFire
 
HA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy GroupsHA, SRX Cluster & Redundancy Groups
HA, SRX Cluster & Redundancy Groups
 

Similar to Big Ip Global Traffic Manager Ds

A New Approach to Continuous Monitoring in the Cloud
A New Approach to Continuous Monitoring in the CloudA New Approach to Continuous Monitoring in the Cloud
A New Approach to Continuous Monitoring in the CloudNETSCOUT
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPROIDEA
 
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...Tim Harvey
 
Cloud Computing for National Security Applications
Cloud Computing for National Security ApplicationsCloud Computing for National Security Applications
Cloud Computing for National Security Applicationswhite paper
 
Get Ready for the Next Generation Diameter Signaling Controller (DSC)
Get Ready for the Next Generation Diameter Signaling Controller (DSC)Get Ready for the Next Generation Diameter Signaling Controller (DSC)
Get Ready for the Next Generation Diameter Signaling Controller (DSC)Dialogic Inc.
 
A new way to connect and protect retail networks with secure enterprise SD-WA...
A new way to connect and protect retail networks with secure enterprise SD-WA...A new way to connect and protect retail networks with secure enterprise SD-WA...
A new way to connect and protect retail networks with secure enterprise SD-WA...National Retail Federation
 
Achieving real time voice and video virtualized network functionality in nfv
Achieving real time voice and video virtualized network functionality in nfvAchieving real time voice and video virtualized network functionality in nfv
Achieving real time voice and video virtualized network functionality in nfvDialogic Inc.
 
bringing transparency on networks
bringing transparency on networksbringing transparency on networks
bringing transparency on networksnerdic
 
F5 Value For Virtualization
F5 Value For VirtualizationF5 Value For Virtualization
F5 Value For VirtualizationPatricio Campos
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecaseRENJITHKNAIR5
 
Gigamon Ensures Privacy of Data in Multi-tenant Network and Enables Near Real...
Gigamon Ensures Privacy of Data in Multi-tenant Network and Enables Near Real...Gigamon Ensures Privacy of Data in Multi-tenant Network and Enables Near Real...
Gigamon Ensures Privacy of Data in Multi-tenant Network and Enables Near Real...Grant Swanson
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
Spider & F5 Round Table - The Flexible Data Center
Spider & F5 Round Table - The Flexible Data CenterSpider & F5 Round Table - The Flexible Data Center
Spider & F5 Round Table - The Flexible Data CenterTzoori Tamam
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Cisco Canada
 
IBM Application Acceleration Data Sheet
IBM Application Acceleration Data SheetIBM Application Acceleration Data Sheet
IBM Application Acceleration Data Sheetcathylums
 
Datasheet: WebSphere DataPower Service Gateway XG45
Datasheet: WebSphere DataPower Service Gateway XG45Datasheet: WebSphere DataPower Service Gateway XG45
Datasheet: WebSphere DataPower Service Gateway XG45Sarah Duffy
 
Riverbed corporate brochure
Riverbed corporate brochureRiverbed corporate brochure
Riverbed corporate brochurestrangerhkn
 

Similar to Big Ip Global Traffic Manager Ds (20)

WEB SERVERS
WEB SERVERSWEB SERVERS
WEB SERVERS
 
A New Approach to Continuous Monitoring in the Cloud
A New Approach to Continuous Monitoring in the CloudA New Approach to Continuous Monitoring in the Cloud
A New Approach to Continuous Monitoring in the Cloud
 
Multi cloud networking
Multi cloud networkingMulti cloud networking
Multi cloud networking
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
 
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...
Future of Fed Mobility | Citrix Technical Exchange hosted by AMARC | Faisal I...
 
Cloud Computing for National Security Applications
Cloud Computing for National Security ApplicationsCloud Computing for National Security Applications
Cloud Computing for National Security Applications
 
What are
What areWhat are
What are
 
Get Ready for the Next Generation Diameter Signaling Controller (DSC)
Get Ready for the Next Generation Diameter Signaling Controller (DSC)Get Ready for the Next Generation Diameter Signaling Controller (DSC)
Get Ready for the Next Generation Diameter Signaling Controller (DSC)
 
A new way to connect and protect retail networks with secure enterprise SD-WA...
A new way to connect and protect retail networks with secure enterprise SD-WA...A new way to connect and protect retail networks with secure enterprise SD-WA...
A new way to connect and protect retail networks with secure enterprise SD-WA...
 
Achieving real time voice and video virtualized network functionality in nfv
Achieving real time voice and video virtualized network functionality in nfvAchieving real time voice and video virtualized network functionality in nfv
Achieving real time voice and video virtualized network functionality in nfv
 
bringing transparency on networks
bringing transparency on networksbringing transparency on networks
bringing transparency on networks
 
F5 Value For Virtualization
F5 Value For VirtualizationF5 Value For Virtualization
F5 Value For Virtualization
 
ciscothousandeyesusecase
ciscothousandeyesusecaseciscothousandeyesusecase
ciscothousandeyesusecase
 
Gigamon Ensures Privacy of Data in Multi-tenant Network and Enables Near Real...
Gigamon Ensures Privacy of Data in Multi-tenant Network and Enables Near Real...Gigamon Ensures Privacy of Data in Multi-tenant Network and Enables Near Real...
Gigamon Ensures Privacy of Data in Multi-tenant Network and Enables Near Real...
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
 
Spider & F5 Round Table - The Flexible Data Center
Spider & F5 Round Table - The Flexible Data CenterSpider & F5 Round Table - The Flexible Data Center
Spider & F5 Round Table - The Flexible Data Center
 
Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?Thinking about SDN and whether it is the right approach for your organization?
Thinking about SDN and whether it is the right approach for your organization?
 
IBM Application Acceleration Data Sheet
IBM Application Acceleration Data SheetIBM Application Acceleration Data Sheet
IBM Application Acceleration Data Sheet
 
Datasheet: WebSphere DataPower Service Gateway XG45
Datasheet: WebSphere DataPower Service Gateway XG45Datasheet: WebSphere DataPower Service Gateway XG45
Datasheet: WebSphere DataPower Service Gateway XG45
 
Riverbed corporate brochure
Riverbed corporate brochureRiverbed corporate brochure
Riverbed corporate brochure
 

Big Ip Global Traffic Manager Ds

  • 1. BIG‑IP Global Traffic Manager DATASHEET What’s Inside 2 Globally Available Applications 4 Unmatched DNS Performance 4 DNS Caching and Resolving 4 Secure Applications 6 Simple Management Optimize DNS Services and App 8 Network Integration Delivery Across Global Data Centers 9 Architecture Deploying multiple data centers helps protect your business from site outages and improves DNS and application performance. Securing DNS infrastructure from the latest DDoS attacks 0 BIG‑IP GTM Platforms 1 and protecting DNS query responses from cache poisoning helps keep your online business running and viable. But to fully achieve these goals, organizations need an efficient way to 1 0 System Requirements monitor DNS infrastructure and application health. 1 DNS Services on 1 F5® BIG-IP® Global Traffic Manager™ (GTM) distributes user application requests based BIG-IP LTM on business policies, data center and network conditions, user location, and application performance. BIG-IP GTM enables F5’s high-performance DNS Services; scales and secures 2 F5 Services 1 DNS responses geographically to survive DDoS attacks; delivers a complete, real-time 2 More Information 1 DNSSEC solution; and ensures global application high availability. Key benefits Ensure application availability and Improve application performance scale DNS performance up to 10× Send users to the site with the best application By ensuring that users are connected to the performance based on application and best site, BIG‑IP GTM delivers strong multicenter network conditions. application availability and dramatically scales and controls DNS. Deploy flexibly and manage your network simply and efficiently Gain control and secure global BIG-IP GTM Virtual Edition (VE) delivers application delivery flexible global application management in Route users based on business, geolocation, virtual deployments. Multiple management application, and network requirements to gain tools give you complete visibility and control. flexibility and control. Also ensure application availability and protection during DDoS attacks or volume spikes. 1
  • 2. DATASHEET BIG-IP Global Traffic Manager Globally Available Applications Organizations rely on applications to stay competitive, so ensuring global availability is critical. BIG‑IP GTM offers sophisticated health monitoring that supports a wide variety of application types, giving organizations the flexibility to adapt quickly and stay competitive. Global load balancing Advanced global load balancing User experience suffers when organizations with distributed data centers are unable to BIG‑IP GTM includes the industry’s allocate global traffic by routing the user to the best and closest data center based on most advanced traffic distribution specific business policies. Changing network and user conditions can overwhelm a data capabilities to match the needs center during peak traffic times. BIG‑IP GTM provides comprehensive, high-performance of any organization or globally application management services that support evolving application requirements. deployed application. ·· Round robin Dynamic ratio load balancing ·· Global availability ·· LDNS persistence BIG‑IP GTM routes users to the best global resource based on comprehensive site and ·· Application availability network metrics. For example, the quality of service (QoS) load balancing mode includes ·· Geography a hops coefficient, based on the number of hops between the client and the local DNS. Managers can use hop rate to send the user to the data center that requires the fewest ·· Virtual server capacity hops, ensuring more rapid access. Dynamic Ratio load balancing mode solves the problem ·· Least connections of “winner takes all” common to other global traffic management systems. Dynamic Ratio ·· Packets per second sends a portion of traffic to the best performing site, second best performing site, and so ·· Round trip time on—in proportion to the health and performance of network and server resources. ·· Hops ·· Packet completion rate Wide area persistence ·· User-defined QoS ·· Dynamic ratio User connections can persist across applications and data centers and be automatically routed ·· LDNS to the appropriate data center or server, based on application state. BIG‑IP GTM synchronizes ·· Ratio persistence information across all devices, ensuring that users are directed back to the same ·· Kilobytes per second site regardless of their entry point. Finally, it propagates the desired persistence information to local DNS servers, reducing the required frequency of synchronizing back-end databases. Session integrity is always maintained, with no more broken sessions or lost or corrupted data. The result is improved application performance and more efficient use of your infrastructure. Geographic load balancing Determining the location of users is critical to ensuring they are connected to the best data center and served the right content. BIG‑IP GTM includes an IP geolocation database from industry leader Quova to accurately identify exactly where a user is located. Each IP can be located at the continent, country, and state/province level to enable very granular traffic policies and improve application performance. Custom topology mapping BIG‑IP GTM offers organizations deploying intranet applications the ability to set up custom topology mappings. By defining and saving custom region groupings, you can configure topology based on traffic distribution policies that match your internal infrastructure. Infrastructure monitoring BIG‑IP GTM checks the health of the entire infrastructure, eliminating single points of failure and routing traffic away from poorly performing sites. By collecting performance and availability metrics from data centers, ISP connections, servers, caches, and user content, BIG‑IP GTM ensures high availability and adequate capacity prior to directing traffic to a site. 2
  • 3. DATASHEET BIG-IP Global Traffic Manager Application health monitoring Today’s sophisticated applications require intelligent health checks to determine availability. Instead of relying on a single health check, BIG‑IP GTM aggregates multiple monitors so you can check the application state at multiple levels. This results in highest availability, improved reliability, and the elimination of false positives to reduce management overhead. BIG‑IP GTM provides pre-defined, out-of-the-box health monitoring support for more than 18 different applications, including SAP, Oracle, LDAP, and mySQL. BIG‑IP GTM performs targeted monitoring of these applications to accurately determine their health, reduce downtime, and improve user experience. It also allows you to group related objects so that if one application fails, other apps that depend on it will be marked out of service. This enables you to align and monitor application objects according to business logic and profitability, build scalable traffic distribution policies, and better manage application dependencies. Disaster recovery/business continuity planning In addition to performing comprehensive site availability checks, you can define the conditions for shifting all traffic to a backup data center, failing over an entire site, or controlling only the affected applications. BIG‑IP GTM ensures users are Site 2 – New York always connected to the best site Router (see illustration). BIG-IP (1) ser queries local DNS to U Global Traffic Manager resolve domain, and local DNS User – Seattle queries BIG‑IP GTM. BIG-IP Local Traffic Manager (2) IG‑IP GTM uses metrics B 4 collected for each site and identifies the best server. (3) IG‑IP GTM responds to local B DNS with IP address. 1 (4) ser is connected to site. U Corporate Servers Site 1 – San Francisco Router 2 BIG-IP Global Traffic Manager Site 3 – Milan Router BIG-IP BIG-IP Local Traffic Manager Global Traffic Manager 3 BIG-IP Local Traffic Manager Corporate Servers Corporate Servers 3
  • 4. DATASHEET BIG-IP Global Traffic Manager Unmatched DNS Performance BIG‑IP GTM delivers DNS performance that can handle even the busiest sites. This helps your organization provide the best quality of service for your users while eliminating poor application performance. When sites have a volume spike in DNS query volumes due to legitimate requests or distributed denial of service (DDoS) attacks, BIG-IP GTM manages requests with DNS Express, dramatically increasing DNS performance up to 10× to quickly respond to all queries. DNS Express™ improves standard DNS server functions by offloading DNS functions as a secondary DNS server. BIG-IP GTM zone transfers DNS records from the authoritative DNS server and answers DNS queries—delivering exponential performance improvements that optimize DNS infrastructures, and scaling to protect against DDoS attacks. Benefits and features of DNS Express include: • High-speed response and DDoS attack protection with in-memory DNS • Authoritative DNS serving out of RAM • Configuration size for tens of millions of records • Scalable DNS performance • Consolidate DNS servers DNS Caching and Resolving By enabling a DNS cache on BIG-IP GTM, the number of DNS queries and the latency can be further reduced by having BIG-IP GTM respond immediately to client requests. BIG-IP GTM can consolidate the cache and increase the cache hit rate. This reduces DNS latency up to 80 percent, with DNS caching reducing the number of DNS queries for the same site within a short period of time. In addition to caching, adding resolver functions to BIG-IP GTM allows the device to do its own DNS resolving without requiring the use of an upstream DNS resolver. Caching profiles available to select for multiple caches include: • Transparent cache • BIG-IP GTM site in between client and DNS internal/external • Hot cache • Caching resolver • o cache response so that BIG-IP GTM sends out the request with the response N coming back for resolving and caching • Validating caching resolver Secure Applications DNS denial-of-service attacks, cache poisoning, and DNS hijacking threaten the availability and security of your applications. BIG‑IP GTM protects against DNS attacks and enables you to create polices that provide an added layer of protection for your applications and data. Hardened device BIG‑IP GTM is designed to resist common attacks by thwarting teardrop attacks, by protecting itself and servers from ICMP attacks, and by not running SMTPd, FTPd, Telnetd, 4 or any other attackable daemons.
  • 5. DATASHEET BIG-IP Global Traffic Manager DNS attack protection The unmatched performance of DNS Express in BIG-IP GTM can tolerate high levels of DNS attacks—up to 10× standard queries responses—protecting your organization while still maintaining maximum and continuous availability for applications and services. DNS load balancing BIG-IP GTM can be used to front-end a pool of static DNS servers. If the DNS request is for a name controlled by BIG-IP GTM, BIG-IP GTM will answer the request. If not, BIG-IP GTM can load balance the request to a pool of DNS servers, providing very high DNS query performance for static DNS. Security control Administrators can strengthen site security and diffuse attacks before they start with BIG‑IP GTM. iRules® can help you create policies that block DNS requests from rogue sites or known sources of attacks before they can do damage. Packet filtering BIG‑IP GTM uses packet filtering to limit or deny access to and from websites based on monitoring the traffic source, destination, or port. DNS firewall DNS DDoS, cache poisoning of LDNS, and other unwanted DNS attacks and volume spikes can cause DNS outage and lost productivity. These attacks and traffic spikes increase volume dramatically and can take down DNS servers. BIG-IP GTM with security, scale, performance, and control functionality provides DNS firewall benefits. It shields DNS from attacks and other undesired DNS queries and responses that reduce DNS performance. These features to enable a DNS firewall: • DNSSEC—Dynamically signs DNS query responses • DNS Express—Scales DNS query responses dramatically to absorb DDoS attacks • Multicore scalability—Adding processors linearly scales DNS query performance • P Anycast integration—Distributes DNS query volumes among multiple BIG-IP GTM I devices in a pool • DNS iRules—DNS configuration and manipulation rules on queries and responses to protect DNS infrastructure Complete DNSSEC (option) With the BIG‑IP GTM DNSSEC option with SHA-2 support, you can digitally sign your DNS query responses. This enables the resolver to determine the authenticity of the response, preventing DNS hijacking and cache poisoning. These signed DNS responses can be used in conjunction with the BIG‑IP GTM dynamic DNS system so you can get all the benefits of global server load balancing while also securing your infrastructure. Alternatively, you can use BIG‑IP GTM in front of traditional DNS servers to easily deploy and load balance DNSSEC within your existing infrastructure. 5
  • 6. DATASHEET BIG-IP Global Traffic Manager DNSSEC validation In most networks, DNS resolvers offload DNSSEC record requests and crypto calculations to validate that the DNS response being received is correctly signed. DNSSEC responses coming into the network requires high CPU loads on DNS resolving servers. With BIG-IP GTM DNSSEC validation, administrators can easily offload and validate DNSSEC on the client side using BIG-IP GTM for resolving. This results in superior DNS performance and a dramatic increase in the site response to end users. Simple Management Managing a distributed, multiple-site network from a single point is an enormous challenge. BIG‑IP GTM provides tools that give you a global view of your infrastructure with the means to manage the network and add polices to ensure the highest availability for your business- critical applications. Web-based user interface BIG‑IP GTM provides a simple way for your organization to manage its global infrastructure from a centralized location: • Efficient list and object management for complete visibility of global resources • nique naming of global objects to reduce administration and build the infrastructure U around business policies • Sorting and searching for fast access to global objects • Streamlined setup and object creation to reduce configuration times • Enhanced management of distributed applications as part of one collective group • ontext-sensitive help for information on objects, commands, and configuration examples C Powerful command line interface TMSH, a tree-based command line interface for BIG‑IP GTM, has integrated search, context- sensitive help, and batch-mode transactions. By providing a shell that is simple to navigate and enabling you to script complex commands, TMSH can significantly reduce management time. Automated setup and synchronization Autosync automates setup and secure synchronization of multiple BIG‑IP GTM devices. With Autosync, you can make configuration changes from any BIG‑IP GTM device in the network, eliminating difficult hierarchical management common to DNS. Configuration retrieval AutoDiscovery enables BIG‑IP GTM retrieve configurations from any number of distributed BIG‑IP systems, removing the need to repeat configurations across devices. Data center and sync groups BIG‑IP GTM enables you to create logical groups of network equipment to ensure the efficient use of monitoring and metrics collection. The result is a highly optimized solution that can support the Internet’s busiest sites by intelligently sharing the information with members in the logical group. 6
  • 7. DATASHEET BIG-IP Global Traffic Manager Distributed application management Organizations often struggle to align their applications and infrastructure with their business goals and policies. BIG‑IP GTM gives you the ability to define dependencies between application services and manage them as a group. With distributed application management, you can build scalable traffic distribution policies and improve efficiency with granular control of data center objects. iRules Using F5’s event-driven iRules, you can customize the dynamic distribution of global traffic. ® BIG‑IP GTM looks deep inside DNS messages to distribute application traffic to the desired data center, pool, or virtual server. This capability reduces latency, increases protection against malicious attacks, and improves application performance. Because iRules is based on an easy-to-use, TCL-based scripting language, administrative costs are nominal. DNS iRules You can easily manage DNS queries, responses, and actions for a fast, customized DNS infrastructure using DNS iRules. For instance, you can configure DNS iRules with filtering capabilities by using packet filters and query logging to enable protection and reporting of DNS. Because BIG-IP GTM can configure DNS iRules to manipulate DNS packets, administrators can add commands enabling dynamic DNS query and response management. ZoneRunner ZoneRunner™ is an integrated zone file management tool that simplifies DNS zone file management and reduces the risk of misconfiguration. It provides a secure environment in which to manage your DNS infrastructure while validating and error-checking zone files. Built on the latest version of BIND, ZoneRunner provides: • Auto population of commonly used protocols • Validation/error checking for zone file entries • Rollback for the last transaction • Command line versions of zone management • Zone importation from an external server or a file • Automatic reverse lookups • Easy creation, editing, and searching of all records DNS health monitor BIG-IP GTM deployed inline easily manages and load balances DNS servers. The DNS health monitor available in BIG-IP GTM and BIG-IP® Local Traffic Manager™ (LTM) monitors DNS server health and helps configure DNS based on reporting. The DNS health monitor detects if the servers are operating at peak performance or not and helps in reconfiguring for optimal responses. For example, when monitoring outbound DNS responses, BIG-IP GTM receives valid response from the DNS server sending an outbound query response. Or, in another example, if no devices answer a DNS request, the DNS monitor will check the path to see if the DNS infrastructure is working. 7
  • 8. DATASHEET BIG-IP Global Traffic Manager F5 Enterprise Manager Enterprise Manager™ can help you significantly reduce the cost and complexity of managing multiple F5 devices. You gain a single-pane view of your entire application delivery infrastructure and the tools you need to reduce deployment times, eliminate redundant tasks, and efficiently scale your infrastructure to meet your business needs. Network Integration BIG‑IP GTM is designed to fit into your current network and into your plans for the future. SNMP management application support BIG‑IP GTM integrates its MIBs and an SNMP agent with DNS. This enables SNMP management applications to read statistical data about the current performance of BIG‑IP GTM. SNMP management packages have an exact view of what BIG‑IP GTM is doing, while keeping an eye on standard DNS information. Third-party integration BIG‑IP GTM communicates and integrates with a broad array of network devices. This includes support for various types of remote hosts, including SNMP agents: UCD, snmpd, Solstice Enterprise, and the NT/4.0 SNMP agent. BIG‑IP GTM also talks to third-party caches, servers, routers, and load balancers to accurately diagnose the health of your network endpoints and provide a heterogeneous solution for global traffic management. IPv6/IPv4 support BIG‑IP GTM supports next-generation IPv6 networks, resolving AAAA queries without requiring wholesale network and application upgrades. As IPv6 adoption grows, BIG-IP GTM eases the transition to IPv6 by bridging the gap between IPv6/IPv4 DNS. The DNS translation between IPv6 and IPv4 networks is seamless as BIG-IP GTM provides DNS gateway and translation services for hybrid IPv6 and IPv4 solutions, and manages IPv6 and IPv4 DNS servers in DNS64 environments. For AAAA queries from clients, BIG-IP LTM configured with NAT64 transforms IPv6 to IPv4 for those IPv4-only environments. The response data is sent to the client from NAT64 using IPv6. BIG-IP GTM enables the customer to run pure internal IPv6 and maintain connectivity to IPv6/IPv4 Internet. IP Anycast integration BIG-IP GTM and IP Anycast integration increases DNS performance as more devices are added to support millions of DNS queries. DNS query volumes directed to one IP address, whether legitimate or during a denial-of-service (DoS) attack, are easily managed by distributing the load among multiple geographic BIG-IP GTM devices with an IP Anycast integration. Administrators scale DNS infrastructure up and out to manage DNS request load to one IP, increasing revenue by servicing more users and protecting brand with trustworthy query response. Network managers realize these benefits: • Improved user performance and reliability • Reduced network latency for DNS transactions • Fewer queries routed to distant servers • Lower rates of dropped query packets, reducing DNS timeouts/retries 8 • Fewer congested routers
  • 9. DATASHEET BIG-IP Global Traffic Manager BIG-IP GTM and IP Anycast integration distributes the DNS request load by directing single IP requests to multiple local devices. BIG-IP Global Traffic Manager BIG-IP Global Traffic Manager Global server load balancing in virtual and cloud environments Easily spin up new deployments of global server load balancing with BIG-IP GTM Virtual Edition (VE) standalone or BIG-IP GTM running on BIG-IP LTM VE. Provide flexible global application availability by routing users to applications in data centers, managing Internet SaaS and outsourced applications, or directing users to the most available cloud applications. Architecture The advanced architecture of BIG‑IP GTM gives you total flexibility to control application delivery without creating traffic bottlenecks. TMOS At the heart of BIG‑IP GTM is the F5 operating system, TMOS®, that provides a unified system for optimal application delivery, giving you total visibility, flexibility, and control across all services. TMOS empowers BIG‑IP GTM to integrate with other F5 products and intelligently adapt to the diverse and evolving requirements of applications and networks. Query performance and scalability BIG-IP GTM query performance scales linearly on larger platforms and increases performance by integrating functions in TMOS. BIG-IP GTM is provisionable for platforms that support F5 virtual Clustered Multiprocessing (vCMP™). 9
  • 10. 10 DATASHEET BIG-IP Global Traffic Manager BIG‑IP GTM Platforms BIG‑IP Global Traffic Manager is available as a standalone appliance on the BIG‑IP 1600, 3600, 3900, 6900 FIPS, and 11050 platforms, and for BIG-IP GTM Virtual Edition. It is available as an add-on module for BIG‑IP Local Traffic Manager (LTM) on any BIG‑IP platform, and for BIG-IP LTM Virtual Edition. For detailed specifications, refer to the BIG‑IP System Hardware Datasheet. 1600 Series 3600 Series 3900 Series 6900 FIPS Series 11050 Series BIG-IP GTM VE System Requirements BIG-IP LTM VE with BIG-IP GTM, and BIG-IP GTM VE standalone are compatible with Microsoft Hyper-V for Windows Server 2008 R2 (lab only), Citrix XenServer 5.6, and VMware vSphere Hypervisor 4.0, 4.1, and 5.0. The virtual machine guest environment for BIG-IP system virtual editions must include these characteristics: • 2 virtual CPUs • 4 GB RAM with a 2-core CPU and 8 GB RAM with a 4-core CPU • 3 virtual network adapters • One 40 GB LSI logic disk
  • 11. 11 DATASHEET BIG-IP Global Traffic Manager DNS Services on BIG-IP LTM Add the DNS Services module to your BIG-IP LTM deployment for DNS (non-GSLB) functionality on the BIG-IP LTM platform. The DNS Services module includes: • DNS Express—Delivers superior DNS performance enhancements • DNS 6 to 4—Provides IPv6/IPv4 translation for DNS • DNS Profile—Enables DNS-specific functions such as DNS iRules • NS iRules—Allows for easy configuration and manipulation of all DNS query D and response fields • ZoneRunner—Optional management of the on box BIND instance as a master source for DNS Express • Advanced routing—Required to use IP Anycast for DNS listener addresses • NS caching and resolving—Enables a DNS cache and resolver to respond immediately D to client requests • DNSSEC validation—Provides rapid validation of DNSSEC responses and offloads DNSSEC computations
  • 12. 12 DATASHEET BIG-IP Global Traffic Manager F5 Services F5 Services offers world-class support, training, and consulting to help you get the most from your F5 investment. Whether it’s providing fast answers to questions, training internal teams, or handling entire implementations from design to deployment, F5 Services can help you achieve IT agility. For more information about F5 Services, contact consulting@f5.com or visit f5.com/services. More Information To learn more about BIG-IP GTM, use the search function on f5.com to find these and other resources. Datasheet BIG-IP System Hardware Datasheet White papers Distributing Applications for Disaster Planning and Availability DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks F5 and Infoblox DNS Integrated Architecture: Offering a Complete Scalable, Secure DNS Solution Case study SaaS Provider RelayHealth Delivers Innovative Healthcare Applications with F5 Solutions F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com F5 Networks, Inc. F5 Networks F5 Networks Ltd. F5 Networks Corporate Headquarters Asia-Pacific Europe/Middle-East/Africa Japan K.K. info@f5.com apacinfo@f5.com emeainfo@f5.com f5j-info@f5.com ©2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, and IT agility. Your way., are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. CS03-00024 0412