Solutions Guide. F5 solutions for the emerging 5G landscape

Similar documents
OPTIMIZE. MONETIZE. SECURE. Agile, scalable network solutions for service providers.

Complying with PCI DSS 3.0

F5 and Nuage Networks Partnership Overview for Enterprises

OVERVIEW. Virtual Solutions for Your NFV Environment

Large FSI DDoS Protection Reference Architecture

Deploying a Next-Generation IPS Infrastructure

Deploying a Next-Generation IPS Infrastructure

Improving VDI with Scalable Infrastructure

The F5 Intelligent DNS Scale Reference Architecture

Archived. Configuring a single-tenant BIG-IP Virtual Edition in the Cloud. Deployment Guide Document Version: 1.0. What is F5 iapp?

Simplifying Security for Mobile Networks

Validating Microsoft Exchange 2010 on Cisco and NetApp FlexPod with the F5 BIG-IP System

Data Center Virtualization Q&A

Managing the Migration to IPv6 Throughout the Service Provider Network White Paper

Securing the Cloud. White Paper by Peter Silva

Deploying the BIG-IP LTM with IBM QRadar Logging

A GUIDE TO DDoS PROTECTION

Multi-Tenancy Designs for the F5 High-Performance Services Fabric

Meeting the Challenges of an HA Architecture for IBM WebSphere SIP

Enhancing VMware Horizon View with F5 Solutions

Archived. Deploying the BIG-IP LTM with IBM Cognos Insight. Deployment Guide Document version 1.0. What s inside: 2 Products and versions tested

Protect Against Evolving DDoS Threats: The Case for Hybrid

The Programmable Network

WHITE PAPER. F5 and Cisco. Supercharging IT Operations with Full-Stack SDN

Considerations for VoLTE Implementation

Geolocation and Application Delivery

Deploying the BIG-IP System v11 with DNS Servers

Archived. h h Health monitoring of the Guardium S-TAP Collectors to ensure traffic is sent to a Collector that is actually up and available,

DESIGN GUIDE. VMware NSX for vsphere (NSX-v) and F5 BIG-IP Design Guide

Deploying WAN-Optimized Acceleration for VMware vmotion Between Two BIG-IP Systems

Unified Application Delivery

Where is the Network Edge? MEC Deployment Options, Business Case & SDN Considerations

Optimize and Accelerate Your Mission- Critical Applications across the WAN

What s next for your data center? Power Your Evolution with Physical and Virtual ADCs. Jeppe Koefoed Wim Zandee Field sales, Nordics

Intel Network Builders Solution Brief. Etisalat* and Intel Virtualizing the Internet. Flexibility

Securing LTE Networks What, Why, and How

Enabling Long Distance Live Migration with F5 and VMware vmotion

Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

RE-ARCHITECTING THE GI LAN OPTIMIZE & MONETIZE MOBILE BROADBAND. Bart Salaets Solution Architect

Network Functions Virtualization - Everything Old Is New Again

Load Balancing 101: Nuts and Bolts

Cisco HyperFlex and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments

Agenda. Introduction Network functions virtualization (NFV) promise and mission cloud native approach Where do we want to go with NFV?

Deploying the BIG-IP System with CA SiteMinder

Citrix Federated Authentication Service Integration with APM

Optimizing NetApp SnapMirror Data Replication with F5 BIG-IP WAN Optimization Manager

F5 Synthesis Information Session. April, 2014

Leverage SDN Principles in LTE to Meet Future Network Demands

Deploying the BIG-IP System with Oracle Hyperion Applications

Service Automation Made Easy

F5 Reference Architecture for Cisco ACI

F5 in AWS Part 3 Advanced Topologies and More on Highly Available Services

The F5 Application Services Reference Architecture

The Myth of Network Address Translation as Security

Load Balancing 101: Nuts and Bolts

Distributing Applications for Disaster Planning and Availability

Prompta volumus denique eam ei, mel autem

Managing BIG-IP Devices with HP and Microsoft Network Management Solutions

Video-Aware Networking: Automating Networks and Applications to Simplify the Future of Video

Securing the Next Generation Data Center

Sichere Applikations- dienste

Document version: 1.0 What's inside: Products and versions tested Important:

TCP Optimization for Service Providers

F5 iapps: Moving Application Delivery Beyond the Network

Traffic Steering & Service Chaining

Secure Mobile Access to Corporate Applications

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

Nokia AirGile cloud-native core: shaping networks to every demand

Addressing Security Loopholes of Third Party Browser Plug ins UPDATED FEBRUARY 2017

Key Considerations in Choosing a Web Application Firewall

Innovation Technology for Future Convergence Network

Multi-Domain Service Optimization

VMware vcenter Site Recovery Manager

Providing Security and Acceleration for Remote Users

Cookies, Sessions, and Persistence

Enabling Agile Service Chaining with Service Based Routing

Comprehensive datacenter protection

Webshells. Webshell Examples. How does a webshell attack work? Nir Zigler,

Pulse Secure Application Delivery

Drive Greater Value from Your Cisco Deployment with Radware Solutions

Software-Defined Hardware: Enabling Performance and Agility with the BIG-IP iseries Architecture

Brocade and Sandvine. Detailed Insights for OTT Application Traffic KEY BENEFITS SOLUTIONS BRIEF BUSINESS CHALLENGE

Brocade and Procera. Detailed Insights for OTT Application Traffic KEY BENEFITS SOLUTIONS BRIEF BUSINESS CHALLENGE

SDN and NFV. Stepping Stones to the Telco Cloud. Prodip Sen CTO, NFV. March 16, 2016

Prompta volumus denique eam ei, mel autem

IEEE NetSoft 2016 Keynote. June 7, 2016

Session Initiated Protocol (SIP): A Five-Function Protocol

BIG IQ Reporting for Subscription and ELA Programs

SOLUTION GUIDE. F5 Security Solutions

Cloud Security Best Practices

Subscriber-aware Dynamic SFC

DDoS Detection&Mitigation: Radware Solution

Distributed Data Centers within the Juniper Networks Mobile Cloud Architecture. White Paper

Mitigating Branch Office Risks with SD-WAN

Resource Provisioning Hardware Virtualization, Your Way

Intelligent Service Function Chaining. March 2015

APM Cookbook: Single Sign On (SSO) using Kerberos

ANNUAL REPORT SOLUTIONS FOR AN APPLICATION WORLD.

Global Distributed Service in the Cloud with F5 and VMware

Transcription:

Solutions Guide F5 solutions for the emerging 5G landscape 1

F5 Solutions for the emerging 5G landscape. Access Network Control Plane Cloud Mobile Edge and Core Analytics DNS EPC & IMS DDoS Mobile Access EPC 1 SGi-LAN Consolidation LDNS Resolver DNS LB, Cache & Firewall HSS, PCRF,OCS x-cscf, SBC Diameter & SIP Flow Collector, DDoS Scrubber GRX/IPX MVNO InterConnect GTP Firewall Diameter Firewall EPC 2 GTP & DNS EPC n EPC Network Slicing SGi Service LAN Silverline Wireline, Cable, and WiFi Access Cloud-based Security DNS Firewall DSL/FTTx Cable BNG/ CMTS Data Center WiFi Service LAN ADC & Security Virtual L4 L7 Container Connector for N-S L4-L7 MQTT Traffic Management & Security Cloud ADC & Security vcpe vdns vgi-lan Data Center CPE Traditional IT Telco Cloud & NFV Micro IoT Platform Public Cloud Building multi-cloud with F5 Application Connector

USE CASE 1 Networks continue to evolve in the face of ever-growing traffic volume and complexity as well as the increasing pressure to reduce costs, grow the business faster, and drive profitability. 5G accelerates this transformation of the network. It enables new services and applications, from the to the cloud: connected cars, smart homes, IoT smart meters, and more. F5 provides end to end solutions for GI LAN CONSOLIDATION IN THE ACCESS NETWORK F5 consolidates multiple L4-L7 functions into a single, cost-effective, simple solution and enables service providers to rationalize the number of different vendors and operating systems in the network. Of all these functions, the most important are TCP / IP optimization,,, traffic steering, deep packet inspection, URL filtering, and DNS security. The F5 Gi LAN solution also includes newer functionalities which are important in the context of MOBILE ACCESS PHYSICAL SGI-LAN DEPLOYMENTS Consolidation of multiple functions increases efficiency. evolving the network to 5G including ABR video optimization, and a device-aware IoT firewall. F5 offers the Gi LAN solution in both physical and network function virtualization (NFV) environments. In an NFV environment, F5 can deliver a highly scalable solution that leverages our in-house load balancing technology to provide the scale-out, failover, and redundancy mechanisms you need. Physical Deployment 5G enablement today. We offer service velocity, scale, a unified and easy way to control and manage application services across the network, and the Gi-LAN Consolidation with scale-as-you-grow VIPRION chassis ability to protect your network and your customers in this era of rapid MOBILE ACCESS VIRTUAL SGI-LAN DEPLOYMENTS Highly scalable network function virtualization. digital transformation. F5 vgi-lan MANO -M Your network. 5G ready. Virtual EPC vgi-lan Consolidation using F5 virtual editions with LTM/LBS scale-out layer PEM AFM LTM BIG-IP Policy Enforcement Manager BIG-IP Advanced Firewall Manager BIG-IP Local Traffic Manager COTS COTS COTS NFV Infrastructure 4 5

USE CASE 2 USE CASE 3 MOBILE ACCESS AND NETWORK SLICING IN THE ACCESS NETWORK MULTI-ACCESS EDGE COMPUTING IN THE ACCESS NETWORK Network Slicing An important characteristic of the new 5G architecture is the ability to slice the network in different segments, all the way from the radio network into the core. This allows providers to dedicate resources to different use cases, and allocate those resources in the best possible way. For example, a self-driving car requires ultra-low latency and high throughput from the radio and core network; but smart metering can function with much higher latency and lower throughputs. The 5G radio and core standards have been designed with network slicing in mind. In the 5G non-standalone architecture, the 5G radio will be connected to an existing 4G core network which doesn t support network slicing by nature. For service providers that wish to introduce network slicing in a 4G core network, F5 can enable this with its GTP session directors and DNS session directors. GTP The F5 GTP session director allows providers to create different - slices based on characteristics that are much more granular than what standard DNS techniques can provide. The GTP session director can intercept GTP-C messages and, based on a locally configured policy (using GTP-C attribute filtering), can steer GTP-C messages to the right and/or. DNS The DNS session director can be leveraged to influence standard DNS responses so they spread GTP sessions over the available s and s. It actively monitors the s and s and ensures that when the MME sends a DNS request to find the IP address of a or, no IP address will be returned for a or that is operationally down. TDF (traffic detection function) or TSSF (traffic steering support function) for Gi LAN network slicing Network slicing on the Gi LAN can be obtained via a policy-controlled traffic steering and service chaining function both a TDF and TSSF function offer this capability. The PCRF provides a user- or device-specific steering policy to the TDF/TSSF to get the necessary slicing function applied in the rest of the Gi LAN. In addition to traditional per-subscriber proxy-based steering and service chaining, F5 now also supports the IETF NSH model, whereby an NSH header is added to the packets. This allows the SDN network and the participating service function nodes (VAS) to figure out what service to apply, and where to forward the packet next. Multi-access edge computing allows providers to deploy applications and network functions much closer to their end users. F5 provides Virtual Edition software for all of its L4-L7 networking functions, so these solutions can be deployed either centrally, or in a distributed way. GETTING 5G READY AT THE EDGE 5G or 4G Radio enodeb, gnb Cloud Distr. Network & Application CDN for live streaming & Distributed vgi-lan functions Vendor HW COTS COTS MEC Platform Mobile Edge F5 can provide distributed virtual Gi LAN functions at the MEC level; but it can also provide Application Delivery Control (ADC) and security services for applications that are deployed as micro-services within containerized infrastructures. Mobile Core Distr. Apps ADC & Security functions (VM or containers) MANO -M MOBILE ACCESS EPC NODE SELECTION & NETWORK SLICING SOLUTIONS Radio access to core network slicing solutions for resource allocation. NFV Platform & Telco Cloud GTP Vendor HW COTS COTS MME S11 EPC Network Slicing EPC PCRF Gx, Sd, St SGi-LAN network slicing with NSH-aware TDF/TSSF SGi-LAN vgi-lan Centr. Apps ADC & Security functions (VM or containers) S11 (GTP-C) S1-AP VAS1 VAS2 VAS3 5G or 4G Radio S1-U (GTP-U) vepc Intelligent / node selection TDF, TSSF SDN Fabric Service Chain Controller (NSH) MME DNS Monitoring 6 7

USE CASE 4 USE CASE 5 SERVICE PROVIDER IoT SOLUTIONS IN THE ACCESS NETWORK AND THE DATA CENTER SERVICE PROVIDER DDoS SOLUTIONS IN THE ACCESS NETWORK, DATA CENTER AND THE CLOUD F5 provides solutions for IoT traffic management and security in both the service provider network and the data center. The IoT firewall is a Gi firewall dedicated to IoT devices. It can manage and control which sites, based on IP addresses or URLs, are accessible to and from the IoT device on a per-device basis, optionally guided by a PCRF. An IoT device should typically connect to the IoT application itself and nothing else. F5 offers a subscriberaware firewall that can install a security policy for each IoT device which eliminates the need to segment the Gi LAN for every single IoT use case. In addition to solutions that control the managed industrial IoT devices connected to the network, F5 provides a solution to protect a service provider s network and infrastructure from attacks launched by unmanaged consumer IoT devices. Many of these C-IoT devices are connected to the network without the end users changing their default passwords, making them very vulnerable to becoming part of botnets that are remotely controlled by hackers. Together with Flowmon and other partners, F5 is working on a solution that allows the service provider to detect anomalies in the traffic so that bad actors can be isolated from the network and attacks mitigated. When the service provider not only delivers the network connectivity for the IoT use cases but also the IoT platform itself, that IoT platform might need advanced MQTT (Message Queuing Telemetry Transport) traffic management capabilities as well as IoT security functions. MQTT is one of the more popular IoT protocols; F5 now has a protocol parser that enables our solutions to check the validity of MQTT messages by looking deep into the payload, provide intelligent load balancing, and offer smart authentication capabilities by copying SSL certificate information into the MQTT payload. F5 can provide a multi-tiered solution to help service they instruct routers to drop the traffic or redirect it to an providers mitigate against DDoS attacks. The first tier F5 scrubbing center that will clean the traffic and reinject is delivered from the cloud by means of our Silverline it into the data path. cloud-based DDoS mitigation service. Service providers The third tier of defense is a pure inline solution that can use this service to mitigate against attacks aimed at is either deployed as a clean pipe service on the saturating peering and/or transit links. No on-network customer s premises (for an enterprise), or at the service solution can isolate an attack that saturates incoming provider data center in front of application servers and peering links. control plane elements. The F5 inline solution provides The second tier of defense is aimed at mitigating highly effective and scalable mitigation against both volumetric attacks that occur inside the service volumetric L4 DDoS attacks as well as sophisticated provider network. At this tier F5 partners with Flowmon L7 DDoS attacks (including OWASP top 10 attacks and Networks, Genie Networks, and other partners, who WAF policies). F5 also provides intelligent DNS DDoS collect NetFlow records from the edge and peering mitigation techniques. routers. When their solutions detect a volumetric attack, SERVICE PROVIDER DDoS SOLUTIONS FOR MULTI-LAYER SECURITY ACCESS, DATA CENTER, AND OUT-OF-PATH SOLUTIONS Edge DDoS Protection Out-of-path DDoS Out-of-path DDoS Out-of-path DDoS as managed service for enterprises Out-of-path DDoS for SP network & infrastructure protection S1-AP DDoS Mitigation and SMS and NIDD over Diameter Security for Cellular IoT Out-of-path DDoS mitigation for C-IoT I- Device-aware I- on the SGi-LAN Anomaly Detection IoT Platform MQTT traffic mgmt and security in the DC Inline L4-L7 DDoS & WAF services (enterprise) Flow Collector Out-of-Path DDoS Scrubber Backbone Network Netflow, BGP Silverline Cloud-based Security (DDoS, WAF) Backbone Network Data Center CPE Edge Router Peering Router Industrial IoT (I-IoT) Inline L4-L7 DDoS & WAF services (internal) xdsl/fttx Cable Silverline hybrid signaling Consumer IoT (C-IoT) BNG/ CMTS WiFi Inline L4-L7 DDoS SP Data Center 8 9

Learn more about F5 s service provider solutions at f5.com/solutions/service-provider US Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447 // Americas: info@f5.com // Asia-Pacific: apacinfo@f5.com // Europe/Middle East/Africa: emeainfo@f5.com // Japan: f5j-info@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. DC0218 BRO-MWC-196817421 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback