Czas na nowe platformy sprzętowe F5! Dlaczego są to najbardziej programowalne urządzenia ADC na rynku Maciej Iwanicki, Systems Engineer m.iwanicki@f5.com
SOFTWARE & PLATFORM LIFECYCLE
F5 Software Lifecycle Model 1H CYA 2H CYA 1H CYB 2H CYB 1H CYC 2H CYC 1H CYD 2H CYD 1H CYE 2H CYE 1H CYF 2H CYF 1H CYG 2H CYG 12.0.0 12.0.0 12.1.X 13.0.0 12.1.0 12.1.1 12.1.2 12.1.3 12.1.4 13.0.0 13.1.X 14.0.0 13.1.0 13.1.1 13.1.2 13.1.3 13.1.4 14.0.0 14.1.X 14.1.0 14.1.1 14.1.2 14.1.3 14.1.4 = Hotfix Rollup Release = Maintenance Release
BIG-IP Platform generation Platforms First Customer Ship Month End Of Sale (EoS) End of New Software Support (EoNSS) Platform End of Software Dev (EoSD) 1600 (C102) Jul-2008 01-Oct-2014 01-Oct-2016 01-Oct-2017 3600 (C103) Jul-2008 01-Oct-2014 01-Oct-2016 01-Oct-2017 3900 (C106) Aug-2009 01-Feb-2015 01-Feb-2017 01-Feb-2018 6900 (D104) Aug-2008 01-Feb-2015 01-Feb-2017 01-Feb-2018 VIPRION B2100 Blade (A109) Jan-2012 01-Oct-2015 01-Oct-2017 01-Oct-2018 K4309: F5 platform life cycle support policy: https://support.f5.com/csp/article/k4309 The platform EoSD is the date that F5 Product Development has ceased considering the repair/maintenance of confirmed software/firmware defects for the designated platform or software release.
BIG-IP Platform generation 2008 2012 2016 1600 v9.4.5 12.1.x 3600 v9.4.5 12.1.x 3900 v9.4.8 12.1.x 6900 v9.4.6 12.1.x 8900 8950 v9.4.7 12.1.x 11000 11050 v11.0.0 12.1.x 2000s 2200s v11.2.1-4000s 4200v v11.2.1-5050s 5250v v11.4.0-7050s 7250v v11.4.0-10050s 10250v v11.3.0-10350v v11.5.4 - i2600 i2800 v12.1.2 - i4600 i4800 v12.1.2 - i5600 i5800 v12.1.2 - i7600 i7800 v12.1.2 - i10600 i10800 v12.1.2 - i10800 v12.1.2 - K5903: Software compatibility matrix: https://support.f5.com/csp/#/article/k9476 Major Release and Long Term Stability Release versions First customer ship End of Software Development K5903: BIG-IP software support policy: https://support.f5.com/csp/#/article/k5903 End of Technical Support Latest maintenance release 13.0.0 22-Feb-2017 22-May-2018 22-May-2019 N/A 12.1.x 18-May-2016 18-May-2021 18-May-2022 12.1.2 11.6.x 10-May-2016 1 10-May-2021 10-May-2022 11.6.1 11.5.x 8-April-2014 1 8-April-2019 8-April-2020 11.5.4
INTRODUCING BIG-IP ISERIES
Introducing the BIG-IP iseries Platform World s Most Programmable Cloud-Ready ADC DevOps-like agility with the scale, security, and investment protection needed for both established and emerging apps in private and hybrid clouds
Performance Improvement Like-for-Like Comparison (iseries Vs. Previous BIG-IP) Exceeds Below L4 CPS L4 Throughput L7 RPS (inf-inf) RSA SSL TPS (2K) 2x 1.4x 1.5x 1.7x 1x (100%) = Matches Previous BIG-IP performance
BIG-IP iseries Product Line BIG-IP i2000 Series BIG-IP i4000 Series BIG-IP i5000 Series BIG-IP i7000 Series BIG-IP i10000 Series BIG-IP 2000 Series BIG-IP 4000 Series BIG-IP 5000 Series BIG-IP 7000 Series BIG-IP 10000 Series BIG-IP 1600 BIG-IP 3600 BIG-IP 3900 BIG-IP 6900 BIG-IP 8900
Pay-As-You-Grow (PAYG) Through SW License Standard Performance High Performance BIG-IP i2600 PAYG BIG-IP i2800 BIG-IP i4600 PAYG BIG-IP i4800 BIG-IP i5600 PAYG BIG-IP i5800 BIG-IP i7600 PAYG BIG-IP i7800 BIG-IP i10600 PAYG BIG-IP i10800
iseries PAYG License Structure Features Standard ix600 Performance ix800 TurboFlex X Full L2/L3 Switch Capability Full Full L4/ L7 Throughput / L4 Max Concurrent Connections Full Full CPU ~1/2 Full L4 / L7 CPS / L7 RPS ~1/2 Full HW SYN Cookies (Only i5600 and above) ~1/2 Full SSL TPS (RSA 2K Keys / ECDSA+ECDHE P-256) ~1/2 Full vcmp (Except i2800, i4800) X Full Compression Software Hardware New in iseries Same as Previous BIG-IP
BEST CRITICAL DATA PROTECTION
ECC SSL Hardware Offload First ADC vendor to provide Elliptic Curve Cryptography (ECC) SSL TPS in hardware across all platforms TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ONLY SOFTWARE-DEFINED HARDWARE
Overview of Processing Hardware Logic execution speed vs. flexibility LOGIC EXECUTION SPEED
F5 s Strategy Now and Forever: Leverage FPGAs Next generation hardware provides 2X+ increase in custom logic capacity previous F5 hardware 250+ years of combined FPGA/CPU development experience
TurboFlex: 3 Tiers based on FPGA capacity BIG-IP i2800 BIG-IP i4800 New! Tier 1 New! Tier 2
TurboFlex: 3 Tiers based on FPGA capacity 2x Bandwidth BIG-IP i2800 BIG-IP i4800 BIG-IP i5800 BIG-IP i7800 BIG-IP i10800 New! New! Tier 3 Tier 1 Tier 2
FUTURE > 13.1.X AVAILABLE AT INITIAL LAUNCH iseries TurboFlex TurboFlex is the ability to change the profile of the FPGA to load a different bitstream so that certain types of traffic are hardware accelerated TurboFlex is only available on the ix800 iseries devices TurboFlex will be enhanced to add additional features in future releases The x600 series devices do support a limited set of hardware acceleration (Base Profile) in FPGA but do not have TurboFlex (the ability to switch profiles) ADC Profile Security Profile Private Cloud Profile UltraFast L4 Profile DNS Profile Low Latency Profile (FIX)
Software-Defined Hardware TurboFlex enables customers to select the types of traffic and functions most important to their application, then accelerate them in hardware via software programmable performance profiles. TurboFlex performance profiles Only vendor to offer breadth of HW offload capabilities for ADC, Security, and Cloud Only vendor to improve performance in hardware with the agility of software Only ADC platform to truly futureproof your investments TurboFlex Profiles Example Benefits Security Up to 10x capacity to absorb DDoS attacks Private Cloud 25% - 50% reduction of CPU load for SDN protocol processing ADC For VoIP/streaming media apps, UDP packet processing provides: 200% more capacity 75% less delays 98% reduction in jitter Deliver multi-service offload to maximise investment protection and future-proof
SUMMARY
BIG-IP iseries Benefits 2x $ More than twice the performance of existing F5 platforms Simplify and automate integration Best Critical Data Protection Simplify and scale SSL Only Software- Defined Hardware Maximise investment protection Lowest TCO Consolidate app services
F5 BIG-IP + BIG-IQ/iWorkflow modular architecture BIG-IQ/iWorkflow Platform BIG-IP Carrier Grade NAT (CGNAT) BIG-IP Policy Enforcement Manager (PEM) BIG-IP Local Traffic Manager (LTM) BIG-IP DNS Modules (DNS) BIG-IP Application Security Manager (ASM) BIG-IP Access Policy Manager (APM) BIG-IP Advanced Firewall Manager (AFM) F5 MobileSafe and WebSafe F5 Secured Web Gateway (SWG) BIG-IP Cloud Connector (CC) BIG-IP SDN Gateway (SDNG) Programmability irules, iapps, icall, istats, mrules, and icontrol ADC TMOS Operating System Manageability Core Protocols RBAC, Logging, SNMP, CLI, GUI L3/Routing, UDP, IP, IPSec, IPv6, SCTP, TCP, HTTP, SSL, FIPS, Tunneling, BWC, Stats, Certifications Security Cloud Service Provider Performance / Scalability CMP, VCMP, ScaleN, Firmware, HAL, Sizing Guides TMOS Platforms Appliances Chassis KVM / AWS / Xen VMWare / HyperV Software
Only Software-Defined Hardware ADC vendor 5x User access sessions vs. leading SSO vendors 1 st Node.js support ADC vendor 1 st HTTP/2 support ADC vendor Only Hybrid crypto offload ADC vendor 5x Fewer ADC devices than largest ADC competitor for VDI 2x L4 throughput vs. largest ADC competitor 2x Price/Performance vs. leading ADC competitor 1.4x L4 CPS vs. top ADC competitor #1 Most effective WAF NSS Labs Only SAML SSO for client-based apps Access vendor 2.2x L4 concurrent connections vs. top ADC competitor 1 st Only vs. L7 DoS behavioural analysis Firewall vendor Best SSL throughput (3.5x average) vs. leading ADC competitor HTML5 Websockets WAF vendor 20x DNS RPS BIND-based competitors 6x SSL ECC TPS vs. leading ADC competitor 1.2x L7 RPS/L7 CPS vs. largest ADC competitor
Dziękuję bardzo!