SlideShare a Scribd company logo

F5 Synthesis Information Session Software Defined Application Services

G
GrigoryShkolnik1

F5 Synthesis Information Session

Engineering
1 of 47
Download to read offline
April, 2014 F5 Synthesis Information Session
Agenda • Welcome and Introduction to Customer Technology Challenges • Software Defined Application Services • Reference Architectures for Today’s Customer Challenges • Total Cost of Ownership and New Business Models • Multi-network Environment and Partner Ecosystem • Making it Happen with Global Services • Q & A
© F5 Networks, Inc 3 Mobility SDDC/Cloud Advanced threats Internet of Things “Software defined” everything HTTP is the new TCP
© F5 Networks, Inc 4 Impact on Data Center Architecture: Applications MICRO-ARCHITECTURES Each service is isolated and requires its own: • Load balancing • Authentication / authorization • Security • Layer 7 Services • May be API-based, expanding services required API DOMINANCE Proxies are used in emerging API-centric architectures for: • API versioning • Client-based steering • API Load balancing • Metering & billing • API key management Service A Service C Service B Service D API v1 API v2 More intelligence needed in services More applications need services
© F5 Networks, Inc 5 Impact on Data Center Architecture: Network SOLUTION SPRAWL Increasing threats and client platforms result in need for: • Mobile device management • Mobile access management • Mobile security • DDoS • Application layer threats • Malware OPERATIONAL INCONSISTENCY Introduction of off-premise cloud solutions without architectural parity results in: • Inconsistent enforcement of business and operational policies • Unpredictable application performance and security • Increased OpEx as new management paradigms are introduced SaaS
“Leave No Application Behind”
© F5 Networks, Inc 7 DDoS WAF SSL LTE 1000 Average number of applications deployed within an enterprise Applications require services Acceleration
© F5 Networks, Inc 8 The selected few
© F5 Networks, Inc 9 ADC ADC ADC ADC ADC ADC
© F5 Networks, Inc 10 High-Performance Fabric Application Services BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP
© F5 Networks, Inc 11 © F5 Networks, Inc. 11
© F5 Networks, Inc 12 Software Defined Application Services 4 The 4th Phase of the Evolution Application Delivery Controller 1 Broadened Application Services 2 Cloud Ready 3 © F5 Networks, Inc. 12
© F5 Networks, Inc 13 Software Defined Application Services Elements High-Performance Services Fabric Simplified Business Models
© F5 Networks, Inc 14 Software Defined Application Services Elements High-Performance Services Fabric
High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition Chassis Appliance
High-Performance Services Fabric On-Demand Scaling All-Active Clustering Multi-Tenancy ScaleN TMOS TMOS TMOS TMOS Network [Physical • Overlay • SDN]
High-Performance Services Fabric Throughput Connections per second Concurrent connections Multi-tenant instances per device Device service clusters Network [Physical • Overlay • SDN] *40K when combining admin instances with vCMP
High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition Chassis Appliance Data Plane Programmability Control Plane Management Plane
High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition Chassis Appliance Data Plane Programmability Control Plane Management Plane
Software Defined Application Services
© F5 Networks, Inc 21 Software Defined Application Services F5 Software Defined Application Services (SDAS) A rich set of services that address the delivery challenges faced by businesses today.
© F5 Networks, Inc 22 Software Defined Application Services Availability Authoritative DNS Cloud Bursting CGNAT Disaster Recovery Business Continuity Global Load Balancing Intelligent EPC node selection Global Server LB Global Server LB DNS Caching & Resolving Load Balancing
© F5 Networks, Inc 23 Software Defined Application Services Performance Acceleration Caching Optimization SPDY Gateway Application Optimization Traffic Shaping and QoS Compression Web Performance Optimization Traffic Management
© F5 Networks, Inc 24 Software Defined Application Services Access & Identity Cloud Federation Endpoint Inspection Single Sign-On Access Control SAML Federation SSL VPN Anti-Malware Web Access Management Active Sync Proxy Secure Web Gateway .
© F5 Networks, Inc 25 Software Defined Application Services Security DNSSEC ADF Anti-Fraud WAF DDoS SSL VPN Anti-Phishing DNS Security SSL intelligence SSL Inspection Programmability
© F5 Networks, Inc 26 Software Defined Application Services Elements
Fabric Connectors Module Connectors Cloud Connectors Orchestration Connectors Intelligent Services Orchestration BIG-IQ •Rest API
Completing the SDN Stack F5 BIG-IQ OPEN REST APIs LAYER 2-3 LAYER 4-7 SDN Controller BIG-IQ Security™ BIG-IQ Cloud™ BIG-IQ Device™ NBI NBI NVGRE VXLAN ETC… Control Plane Application Plane Data Plane Software-Defined Data Center Virtual Networks Service Chaining
Public Cloud Hybrid Cloud BIG-IP BIG-IP Data Center Centralized Management Platform BIG - IQ BIG - IQ
Application Services Modules
Software Defined Application Services Elements Simplified Business Models
Good | Better | Best Flexibility Make it easier to adopt advanced F5 functionality Simplicity Consolidate into fewer common configurations Best Value Save when purchasing bundles Good Better Best VE Price Comparison Bought As Bundle Bought As Components Good Better Best Appliance Comparison BIG-IP Local Traffic Manager    BIG-IP Global Traffic Manager   Application Acceleration Manager   BIG-IP Application Protection   SDN Service   Advanced Routing   BIG-IP Access Policy Manager  BIG-IP Application Security Manager 
Reference Architectures For Today’s Customer Challenges
© F5 Networks, Inc 34 Reference Architectures Device, Network, Applications Bill of Materials • White Paper (Business) • Solution diagram(s) • Architecture diagram(s) • Product map diagram(s) • Customer Presentation • Solution Animation/Video • White paper (Technical) • Placemat leave-behind © F5 Networks, Inc. DDoS Protection S/Gi Network Simplification Security for Service Providers Application Services Migration to Cloud DevOps LTE Roaming Intelligent DNS Scale Cloud Federation Cloud Bursting
© F5 Networks, Inc 35 Reference Architectures Solution Documents…
© F5 Networks, Inc 36 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1
© F5 Networks, Inc 37 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1 • The first tier at the perimeter is layer 3 and 4 network firewall services • Simple load balancing to a second tier • IP reputation database • Mitigates volumetric and DNS DDoS attacks TIER 1 KEY FEATURES
© F5 Networks, Inc 38 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1 • The second tier is for application-aware, CPU-intensive defense mechanisms • SSL termination • Web application firewall • Mitigate asymmetric and SSL-based DDoS attacks TIER 2 KEY FEATURES
© F5 Networks, Inc 39 Recommended Practices Configuration Guide 2.3.2.5 Throttle GET Request Floods via Script The F5 DevCentral community has developed several powerful iRules that automatically throttle GET requests. Customers are continually refining these to keep up with current attack techniques. Here is one of the iRules that is simple enough to be represented in this document. The live version can be found at this DevCentral page: HTTP-Request-Throttle when RULE_INIT { # Life timer of the subtable object. Defines how long this object exist in the subtable set static::maxRate 10 # This defines how long is the sliding window to count the requests. # This example allows 10 requests in 3 seconds set static::windowSecs 3 set static::timeout 30 } when HTTP_REQUEST { if { [HTTP::method] eq "GET" } { set getCount [table key -count -subtable [IP::client_addr]] if { $getCount < $static::maxRate } { incr getCount 1 table set -subtable [IP::client_addr] $getCount "ignore" $static::timeout $static::windowSecs } else { HTTP::respond 501 content "Request blockedExceeded requests/sec limit." return } } } Another iRule, which is in fact descended from the above, is an advanced version that also includes a way to manage the banned IPs address from within the iRule itself: · URI-Request Limiter iRule – Drops excessive HTTP requests to specific URIs or from an IP 2.3.2.4 Enforce Real Browsers Besides authentication and tps-based detection (section Error! Reference source not found.), there are additional ways that F5 devices can separate real web browsers from probable bots. The easiest way, with ASM, is to create a DoS protection profile and turn on the “Source IP- Based Client Side Integrity Defense” option. This will inject a JavaScript redirect into the client stream and verify each connection the first time that source IP address is seen. Figure 1. Insert a Javascript Redirect to verify a real browser 32 Page Detailed Guide…
Cisco Partnership
© F5 Networks, Inc 41 Completing the SDN Stack F5 BIG-IQ OPEN REST APIs LAYER 2-3 LAYER 4-7 SDN Controller BIG-IQ Security™ BIG-IQ Cloud™ BIG-IQ Device™ NBI NBI NVGRE VXLAN ETC… Control Plane Application Plane Data Plane Software-Defined Data Center Virtual Networks Service Chaining
© F5 Networks, Inc 42 F5 Platforms Hardware | Software | Cloud Programmability F5 SDAS Service Fabric Programmability BIG IQ Cloud Provisioning and orchestration of BIG-IP in AWS Two-way communication Configure application networking services Automated network and service provisioning Auto-scaling, application provisioning, and automated system maintenance and patching. Automate network and service provisioning, Integrate network virtualization and ADN services Partner Integration with Synthesis
Cisco ACI Design Philosophy
Why Cisco/ACI matters for Customers • Cisco and F5 share a common vision for simplifying networking end to end by taking an application-centric approach to solving key pain points in customer’s next generation data centers while meeting their critical data center requirements today. • Working with Cisco on Application Centric Infrastructure, F5 has a unique opportunity to deliver on vision of shaping infrastructure to the needs of the applications. • Cisco ACI integrates F5 Big-IP appliances (physical and virtual) to deliver application-centric, ADC-enabled network automation in existing and next generation data centers
© F5 Networks, Inc. Benefits Drive Increase Reduce Future 45
SDDC/Cloud
F5 Synthesis Information Session Software Defined Application Services

Recommended

F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
Virtualization / Cloud / SDN
Virtualization / Cloud / SDNVirtualization / Cloud / SDN
Virtualization / Cloud / SDNMarketingArrowECS_CZ
 
F5 Value For Virtualization
F5 Value For VirtualizationF5 Value For Virtualization
F5 Value For VirtualizationPatricio Campos
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPROIDEA
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаBAKOTECH
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
F5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer PresentationF5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer PresentationF5 Networks
 
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged KeynoteApp to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged KeynoteCohesive Networks
 

Recommended

F5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 RoadshowF5 Synthesis Toronto February 2014 Roadshow
F5 Synthesis Toronto February 2014 Roadshowpatmisasi
 
Virtualization / Cloud / SDN
Virtualization / Cloud / SDNVirtualization / Cloud / SDN
Virtualization / Cloud / SDNMarketingArrowECS_CZ
 
F5 Value For Virtualization
F5 Value For VirtualizationF5 Value For Virtualization
F5 Value For VirtualizationPatricio Campos
 
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPlnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastruktury
Plnog 3: Zbigniew Skurczyński - Wirtualizacja i optymalizacja infrastrukturyPROIDEA
 
F5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаF5 Networks - парадная дверь в облака
F5 Networks - парадная дверь в облакаBAKOTECH
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
F5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer PresentationF5 9.x to 10.x Upgrade Customer Presentation
F5 9.x to 10.x Upgrade Customer PresentationF5 Networks
 
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged KeynoteApp to Cloud: Patrick Kerpan's DataCenter Dynamics Converged Keynote
App to Cloud: Patrick Kerpan's DataCenter Dynamics Converged KeynoteCohesive Networks
 
VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”MarketingArrowECS_CZ
 
Cisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterCisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterF5NetworksAPJ
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld
 
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...VMworld
 
Citrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects failCitrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects failCitrix
 
F5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxF5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxabenyeung1
 
F5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-CloudF5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-Cloudabenyeung1
 
Customer Highleveloverview
Customer HighleveloverviewCustomer Highleveloverview
Customer Highleveloverviewrehanf5
 
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceIBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceSimon Baker
 
WEB SERVERS
WEB SERVERSWEB SERVERS
WEB SERVERSwebhostingguy
 
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Amazon Web Services
 
Spider & F5 Round Table - The Flexible Data Center
Spider & F5 Round Table - The Flexible Data CenterSpider & F5 Round Table - The Flexible Data Center
Spider & F5 Round Table - The Flexible Data CenterTzoori Tamam
 
IT Automation With CFEngine - Business Value and Basic Concepts
IT Automation With CFEngine - Business Value and Basic ConceptsIT Automation With CFEngine - Business Value and Basic Concepts
IT Automation With CFEngine - Business Value and Basic ConceptsCFEngine
 
管理向云的迁移过程
管理向云的迁移过程管理向云的迁移过程
管理向云的迁移过程ITband
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5 Networks
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5 Networks
 
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Scott Sims
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld
 
Cloud 12 08 V2
Cloud 12 08 V2Cloud 12 08 V2
Cloud 12 08 V2Pini Cohen
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 

More Related Content

Similar to F5 Synthesis Information Session Software Defined Application Services

VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”MarketingArrowECS_CZ
 
Cisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterCisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterF5NetworksAPJ
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld
 
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...VMworld
 
Citrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects failCitrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects failCitrix
 
F5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxF5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxabenyeung1
 
F5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-CloudF5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-Cloudabenyeung1
 
Customer Highleveloverview
Customer HighleveloverviewCustomer Highleveloverview
Customer Highleveloverviewrehanf5
 
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceIBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceSimon Baker
 
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Amazon Web Services
 
Spider & F5 Round Table - The Flexible Data Center
Spider & F5 Round Table - The Flexible Data CenterSpider & F5 Round Table - The Flexible Data Center
Spider & F5 Round Table - The Flexible Data CenterTzoori Tamam
 
IT Automation With CFEngine - Business Value and Basic Concepts
IT Automation With CFEngine - Business Value and Basic ConceptsIT Automation With CFEngine - Business Value and Basic Concepts
IT Automation With CFEngine - Business Value and Basic ConceptsCFEngine
 
管理向云的迁移过程
管理向云的迁移过程管理向云的迁移过程
管理向云的迁移过程ITband
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk managementAEC Networks
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5 Networks
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5 Networks
 
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Scott Sims
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld
 
Cloud 12 08 V2
Cloud 12 08 V2Cloud 12 08 V2
Cloud 12 08 V2Pini Cohen
 

Similar to F5 Synthesis Information Session Software Defined Application Services (20)

VMware: my jsme “software defined”
VMware: my jsme “software defined”VMware: my jsme “software defined”
VMware: my jsme “software defined”
 
Cisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data CenterCisco ACI & F5 Integrate to Transform the Data Center
Cisco ACI & F5 Integrate to Transform the Data Center
 
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview VMworld 2013: VMware Compliance Reference Architecture Framework Overview
VMworld 2013: VMware Compliance Reference Architecture Framework Overview
 
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
 
Citrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects failCitrix Synergy 2014 - Syn231 Why cloud projects fail
Citrix Synergy 2014 - Syn231 Why cloud projects fail
 
F5 Distributed Cloud.pptx
F5 Distributed Cloud.pptxF5 Distributed Cloud.pptx
F5 Distributed Cloud.pptx
 
F5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-CloudF5 and HashiCorp Multi-Cloud
F5 and HashiCorp Multi-Cloud
 
Customer Highleveloverview
Customer HighleveloverviewCustomer Highleveloverview
Customer Highleveloverview
 
IBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix MarketplaceIBM Softlayer Bluemix Marketplace
IBM Softlayer Bluemix Marketplace
 
WEB SERVERS
WEB SERVERSWEB SERVERS
WEB SERVERS
 
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
 
Spider & F5 Round Table - The Flexible Data Center
Spider & F5 Round Table - The Flexible Data CenterSpider & F5 Round Table - The Flexible Data Center
Spider & F5 Round Table - The Flexible Data Center
 
IT Automation With CFEngine - Business Value and Basic Concepts
IT Automation With CFEngine - Business Value and Basic ConceptsIT Automation With CFEngine - Business Value and Basic Concepts
IT Automation With CFEngine - Business Value and Basic Concepts
 
管理向云的迁移过程
管理向云的迁移过程管理向云的迁移过程
管理向云的迁移过程
 
F5 Networks: architecture and risk management
F5 Networks: architecture and risk managementF5 Networks: architecture and risk management
F5 Networks: architecture and risk management
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference Architecture
 
F5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference ArchitectureF5’s VMware Horizon View Reference Architecture
F5’s VMware Horizon View Reference Architecture
 
Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016Brocade Software Networking Presentation at Interface 2016
Brocade Software Networking Presentation at Interface 2016
 
VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101VMworld 2014: Virtualization 101
VMworld 2014: Virtualization 101
 
Cloud 12 08 V2
Cloud 12 08 V2Cloud 12 08 V2
Cloud 12 08 V2
 

Recently uploaded

247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 

Recently uploaded (20)

247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 

F5 Synthesis Information Session Software Defined Application Services

  • 2. Agenda • Welcome and Introduction to Customer Technology Challenges • Software Defined Application Services • Reference Architectures for Today’s Customer Challenges • Total Cost of Ownership and New Business Models • Multi-network Environment and Partner Ecosystem • Making it Happen with Global Services • Q & A
  • 3. © F5 Networks, Inc 3 Mobility SDDC/Cloud Advanced threats Internet of Things “Software defined” everything HTTP is the new TCP
  • 4. © F5 Networks, Inc 4 Impact on Data Center Architecture: Applications MICRO-ARCHITECTURES Each service is isolated and requires its own: • Load balancing • Authentication / authorization • Security • Layer 7 Services • May be API-based, expanding services required API DOMINANCE Proxies are used in emerging API-centric architectures for: • API versioning • Client-based steering • API Load balancing • Metering & billing • API key management Service A Service C Service B Service D API v1 API v2 More intelligence needed in services More applications need services
  • 5. © F5 Networks, Inc 5 Impact on Data Center Architecture: Network SOLUTION SPRAWL Increasing threats and client platforms result in need for: • Mobile device management • Mobile access management • Mobile security • DDoS • Application layer threats • Malware OPERATIONAL INCONSISTENCY Introduction of off-premise cloud solutions without architectural parity results in: • Inconsistent enforcement of business and operational policies • Unpredictable application performance and security • Increased OpEx as new management paradigms are introduced SaaS
  • 7. © F5 Networks, Inc 7 DDoS WAF SSL LTE 1000 Average number of applications deployed within an enterprise Applications require services Acceleration
  • 8. © F5 Networks, Inc 8 The selected few
  • 9. © F5 Networks, Inc 9 ADC ADC ADC ADC ADC ADC
  • 10. © F5 Networks, Inc 10 High-Performance Fabric Application Services BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP BIG-IP
  • 11. © F5 Networks, Inc 11 © F5 Networks, Inc. 11
  • 12. © F5 Networks, Inc 12 Software Defined Application Services 4 The 4th Phase of the Evolution Application Delivery Controller 1 Broadened Application Services 2 Cloud Ready 3 © F5 Networks, Inc. 12
  • 13. © F5 Networks, Inc 13 Software Defined Application Services Elements High-Performance Services Fabric Simplified Business Models
  • 14. © F5 Networks, Inc 14 Software Defined Application Services Elements High-Performance Services Fabric
  • 15. High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition Chassis Appliance
  • 16. High-Performance Services Fabric On-Demand Scaling All-Active Clustering Multi-Tenancy ScaleN TMOS TMOS TMOS TMOS Network [Physical • Overlay • SDN]
  • 17. High-Performance Services Fabric Throughput Connections per second Concurrent connections Multi-tenant instances per device Device service clusters Network [Physical • Overlay • SDN] *40K when combining admin instances with vCMP
  • 18. High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition Chassis Appliance Data Plane Programmability Control Plane Management Plane
  • 19. High-Performance Services Fabric Network [Physical • Overlay • SDN] Virtual Edition Chassis Appliance Data Plane Programmability Control Plane Management Plane
  • 21. © F5 Networks, Inc 21 Software Defined Application Services F5 Software Defined Application Services (SDAS) A rich set of services that address the delivery challenges faced by businesses today.
  • 22. © F5 Networks, Inc 22 Software Defined Application Services Availability Authoritative DNS Cloud Bursting CGNAT Disaster Recovery Business Continuity Global Load Balancing Intelligent EPC node selection Global Server LB Global Server LB DNS Caching & Resolving Load Balancing
  • 23. © F5 Networks, Inc 23 Software Defined Application Services Performance Acceleration Caching Optimization SPDY Gateway Application Optimization Traffic Shaping and QoS Compression Web Performance Optimization Traffic Management
  • 24. © F5 Networks, Inc 24 Software Defined Application Services Access & Identity Cloud Federation Endpoint Inspection Single Sign-On Access Control SAML Federation SSL VPN Anti-Malware Web Access Management Active Sync Proxy Secure Web Gateway .
  • 25. © F5 Networks, Inc 25 Software Defined Application Services Security DNSSEC ADF Anti-Fraud WAF DDoS SSL VPN Anti-Phishing DNS Security SSL intelligence SSL Inspection Programmability
  • 26. © F5 Networks, Inc 26 Software Defined Application Services Elements
  • 27. Fabric Connectors Module Connectors Cloud Connectors Orchestration Connectors Intelligent Services Orchestration BIG-IQ •Rest API
  • 28. Completing the SDN Stack F5 BIG-IQ OPEN REST APIs LAYER 2-3 LAYER 4-7 SDN Controller BIG-IQ Security™ BIG-IQ Cloud™ BIG-IQ Device™ NBI NBI NVGRE VXLAN ETC… Control Plane Application Plane Data Plane Software-Defined Data Center Virtual Networks Service Chaining
  • 29. Public Cloud Hybrid Cloud BIG-IP BIG-IP Data Center Centralized Management Platform BIG - IQ BIG - IQ
  • 31. Software Defined Application Services Elements Simplified Business Models
  • 32. Good | Better | Best Flexibility Make it easier to adopt advanced F5 functionality Simplicity Consolidate into fewer common configurations Best Value Save when purchasing bundles Good Better Best VE Price Comparison Bought As Bundle Bought As Components Good Better Best Appliance Comparison BIG-IP Local Traffic Manager    BIG-IP Global Traffic Manager   Application Acceleration Manager   BIG-IP Application Protection   SDN Service   Advanced Routing   BIG-IP Access Policy Manager  BIG-IP Application Security Manager 
  • 34. © F5 Networks, Inc 34 Reference Architectures Device, Network, Applications Bill of Materials • White Paper (Business) • Solution diagram(s) • Architecture diagram(s) • Product map diagram(s) • Customer Presentation • Solution Animation/Video • White paper (Technical) • Placemat leave-behind © F5 Networks, Inc. DDoS Protection S/Gi Network Simplification Security for Service Providers Application Services Migration to Cloud DevOps LTE Roaming Intelligent DNS Scale Cloud Federation Cloud Bursting
  • 35. © F5 Networks, Inc 35 Reference Architectures Solution Documents…
  • 36. © F5 Networks, Inc 36 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1
  • 37. © F5 Networks, Inc 37 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1 • The first tier at the perimeter is layer 3 and 4 network firewall services • Simple load balancing to a second tier • IP reputation database • Mitigates volumetric and DNS DDoS attacks TIER 1 KEY FEATURES
  • 38. © F5 Networks, Inc 38 DDoS Protection Reference Architecture Legitimate Users Threat Feed Intelligence DDoS Attacker ISPa/b Cloud Scrubbing Service Scanner Anonymous Proxies Anonymous Requests Botnet Attackers Network attacks: ICMP flood, UDP flood, SYN flood DNS attacks: DNS amplification, query flood, dictionary attack, DNS poisoning IPS Next-Generation Firewall Tier 2 SSL attacks: SSL renegotiation, SSL flood HTTP attacks: Slowloris, slow POST, recursive POST/GET Application Corporate Users Financial Services E-Commerce Subscriber Tier 2 Threat Feed Intelligence Strategic Point of Control Multiple ISP strategy Network and DNS Tier 1 • The second tier is for application-aware, CPU-intensive defense mechanisms • SSL termination • Web application firewall • Mitigate asymmetric and SSL-based DDoS attacks TIER 2 KEY FEATURES
  • 39. © F5 Networks, Inc 39 Recommended Practices Configuration Guide 2.3.2.5 Throttle GET Request Floods via Script The F5 DevCentral community has developed several powerful iRules that automatically throttle GET requests. Customers are continually refining these to keep up with current attack techniques. Here is one of the iRules that is simple enough to be represented in this document. The live version can be found at this DevCentral page: HTTP-Request-Throttle when RULE_INIT { # Life timer of the subtable object. Defines how long this object exist in the subtable set static::maxRate 10 # This defines how long is the sliding window to count the requests. # This example allows 10 requests in 3 seconds set static::windowSecs 3 set static::timeout 30 } when HTTP_REQUEST { if { [HTTP::method] eq "GET" } { set getCount [table key -count -subtable [IP::client_addr]] if { $getCount < $static::maxRate } { incr getCount 1 table set -subtable [IP::client_addr] $getCount "ignore" $static::timeout $static::windowSecs } else { HTTP::respond 501 content "Request blockedExceeded requests/sec limit." return } } } Another iRule, which is in fact descended from the above, is an advanced version that also includes a way to manage the banned IPs address from within the iRule itself: · URI-Request Limiter iRule – Drops excessive HTTP requests to specific URIs or from an IP 2.3.2.4 Enforce Real Browsers Besides authentication and tps-based detection (section Error! Reference source not found.), there are additional ways that F5 devices can separate real web browsers from probable bots. The easiest way, with ASM, is to create a DoS protection profile and turn on the “Source IP- Based Client Side Integrity Defense” option. This will inject a JavaScript redirect into the client stream and verify each connection the first time that source IP address is seen. Figure 1. Insert a Javascript Redirect to verify a real browser 32 Page Detailed Guide…
  • 41. © F5 Networks, Inc 41 Completing the SDN Stack F5 BIG-IQ OPEN REST APIs LAYER 2-3 LAYER 4-7 SDN Controller BIG-IQ Security™ BIG-IQ Cloud™ BIG-IQ Device™ NBI NBI NVGRE VXLAN ETC… Control Plane Application Plane Data Plane Software-Defined Data Center Virtual Networks Service Chaining
  • 42. © F5 Networks, Inc 42 F5 Platforms Hardware | Software | Cloud Programmability F5 SDAS Service Fabric Programmability BIG IQ Cloud Provisioning and orchestration of BIG-IP in AWS Two-way communication Configure application networking services Automated network and service provisioning Auto-scaling, application provisioning, and automated system maintenance and patching. Automate network and service provisioning, Integrate network virtualization and ADN services Partner Integration with Synthesis
  • 43. Cisco ACI Design Philosophy
  • 44. Why Cisco/ACI matters for Customers • Cisco and F5 share a common vision for simplifying networking end to end by taking an application-centric approach to solving key pain points in customer’s next generation data centers while meeting their critical data center requirements today. • Working with Cisco on Application Centric Infrastructure, F5 has a unique opportunity to deliver on vision of shaping infrastructure to the needs of the applications. • Cisco ACI integrates F5 Big-IP appliances (physical and virtual) to deliver application-centric, ADC-enabled network automation in existing and next generation data centers
  • 45. © F5 Networks, Inc. Benefits Drive Increase Reduce Future 45