The Programmable Network

Similar documents
F5 and Nuage Networks Partnership Overview for Enterprises

The F5 Application Services Reference Architecture

WHITE PAPER. F5 and Cisco. Supercharging IT Operations with Full-Stack SDN

F5 Reference Architecture for Cisco ACI

Unified Application Delivery

Prompta volumus denique eam ei, mel autem

Deploying a Next-Generation IPS Infrastructure

Enhancing VMware Horizon View with F5 Solutions

F5 icontrol. In this white paper, get an introduction to F5 icontrol service-enabled management API. F5 White Paper

How to Future-Proof Application Delivery

Deploying a Next-Generation IPS Infrastructure

Geolocation and Application Delivery

F5 iapps: Moving Application Delivery Beyond the Network

Improving VDI with Scalable Infrastructure

Deploying the BIG-IP LTM with IBM QRadar Logging

Multi-Tenancy Designs for the F5 High-Performance Services Fabric

The F5 Intelligent DNS Scale Reference Architecture

Complying with PCI DSS 3.0

Archived. Deploying the BIG-IP LTM with IBM Cognos Insight. Deployment Guide Document version 1.0. What s inside: 2 Products and versions tested

Enabling Long Distance Live Migration with F5 and VMware vmotion

Network Functions Virtualization - Everything Old Is New Again

Validating Microsoft Exchange 2010 on Cisco and NetApp FlexPod with the F5 BIG-IP System

Maintain Your F5 Solution with Fast, Reliable Support

Managing BIG-IP Devices with HP and Microsoft Network Management Solutions

Deploying the BIG-IP System with CA SiteMinder

Meeting the Challenges of an HA Architecture for IBM WebSphere SIP

Optimize and Accelerate Your Mission- Critical Applications across the WAN

VMware vcenter Site Recovery Manager

Archived. Configuring a single-tenant BIG-IP Virtual Edition in the Cloud. Deployment Guide Document Version: 1.0. What is F5 iapp?

Deploying the BIG-IP System v11 with DNS Servers

Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution

Cisco HyperFlex and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments

Cookies, Sessions, and Persistence

Deploying WAN-Optimized Acceleration for VMware vmotion Between Two BIG-IP Systems

SOA Infrastructure Reference Architecture: Defining the Key Elements of a Successful SOA Infrastructure Deployment

Archived. h h Health monitoring of the Guardium S-TAP Collectors to ensure traffic is sent to a Collector that is actually up and available,

Load Balancing 101: Nuts and Bolts

Automating the Data Center

Large FSI DDoS Protection Reference Architecture

Deploying the BIG-IP System with Oracle Hyperion Applications

Load Balancing 101: Nuts and Bolts

DESIGN GUIDE. VMware NSX for vsphere (NSX-v) and F5 BIG-IP Design Guide

Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall

Global Distributed Service in the Cloud with F5 and VMware

Prompta volumus denique eam ei, mel autem

OPTIMIZE. MONETIZE. SECURE. Agile, scalable network solutions for service providers.

Protecting Against Online Banking Fraud with F5

Server Virtualization Incentive Program

Securing the Cloud. White Paper by Peter Silva

Enabling Flexibility with Intelligent File Virtualization

F5 in AWS Part 3 Advanced Topologies and More on Highly Available Services

Deploy F5 Application Delivery and Security Services in Private, Public, and Hybrid IT Cloud Environments

Optimizing NetApp SnapMirror Data Replication with F5 BIG-IP WAN Optimization Manager

Managing the Migration to IPv6 Throughout the Service Provider Network White Paper

Distributing Applications for Disaster Planning and Availability

F5 Networks in the Software Defined DataCenter Era. Paolo Pambianco System Engineer CSP

Data Center Virtualization Q&A

BIG-IP Global Traffic Manager

Document version: 1.0 What's inside: Products and versions tested Important:

Vulnerability Assessment with Application Security

Securing LTE Networks What, Why, and How

Creating a Hybrid ADN Architecture with both Virtual and Physical ADCs

Archived. Deploying the BIG-IP LTM with IBM Lotus inotes BIG-IP LTM , 10.1, 11.2, IBM Lotus inotes 8.5 (applies to 8.5.

Considerations for VoLTE Implementation

Build application-centric data centers to meet modern business user needs

Citrix Federated Authentication Service Integration with APM

DevOps and Continuous Delivery USE CASE

Deploying the BIG-IP LTM with Oracle JD Edwards EnterpriseOne

Converting a Cisco ACE configuration file to F5 BIG IP Format

STATE OF STORAGE IN VIRTUALIZED ENVIRONMENTS INSIGHTS FROM THE MIDMARKET

Protect Against Evolving DDoS Threats: The Case for Hybrid

SOLUTION BRIEF NETWORK OPERATIONS AND ANALYTICS. How Can I Predict Network Behavior to Provide for an Exceptional Customer Experience?

Simplifying Security for Mobile Networks

Solutions Guide. F5 solutions for the emerging 5G landscape

SNMP: Simplified. White Paper by F5

Providing Security and Acceleration for Remote Users

Software-Defined Hardware: Enabling Performance and Agility with the BIG-IP iseries Architecture

Addressing Security Loopholes of Third Party Browser Plug ins UPDATED FEBRUARY 2017

Symantec Data Center Transformation

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

VMware vcloud Networking and Security Overview

Pulse Secure Application Delivery

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Secure Mobile Access to Corporate Applications

BUILDING the VIRtUAL enterprise

The Myth of Network Address Translation as Security

A10 HARMONY CONTROLLER

Resource Provisioning Hardware Virtualization, Your Way

Symantec NetBackup 7 for VMware

v.10 - Working the GTM Command Line Interface

Webshells. Webshell Examples. How does a webshell attack work? Nir Zigler,

I D C T E C H N O L O G Y S P O T L I G H T. V i r t u a l and Cloud D a t a Center Management

Session Initiated Protocol (SIP): A Five-Function Protocol

is also based on Citrix NetScaler support for the Cisco Nexus 1110-S Virtual Services Appliance and related Cisco vpath traffic-steering technology.

OVERVIEW. Virtual Solutions for Your NFV Environment

VMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018

Networking for a smarter data center: Getting it right

Myths of Bandwidth Optimization

The ADC Guide to Managing Hybrid (IT and DevOps) Application Delivery. Citrix.com ebook Align Cloud Strategy to Business Goals 1

The FlashStack Data Center

Transcription:

Emerging software-defined data center solutions focus on the need for programmability in the network to reduce costs and realize the benefits of automation. Whether the goal is cloud computing or an SDN, F5 BIG-IP products provide that programmability to ensure a successful implementation. White Paper by Lori MacVittie

Introduction IT organizations are continuing to adopt technologies like cloud computing in an effort to realize the operational benefits of economies of scale and more effectively manage the explosive growth of data, devices, and applications. As they undertake the transformation required to support the more fluid and agile environment associated with the cloud, they are finding that current data center networking architectures are a limiting factor. Traditional network architecture is static and requires significant operational investment to manage. Emerging software-defined data center architectures attempt to address these challenges with technology such as software-defined networks (SDNs). An SDN decouples the network's traditional management, control, and data planes and provides strategic points at which the network can dynamically adapt to changing business and traffic patterns. This strategic location is also expected to be the point at which services can be injected into the network to address more applicationspecific challenges such as security, scalability, and optimization. Injection of services and adaptability are enabled by adding programmability to the network. Programmability ensures that network solutions addressing specific pain points can be added to the architecture seamlessly and transparently through SDN application services that extend the capabilities of the centralized SDN controller. This programmability results in greater agility and operational improvements that can dramatically impact the responsiveness and effectiveness of IT. Programmability is a key enabler of operational automation, which is a cornerstone of DevOps and cloud computing. While most DevOps initiatives tend to focus on automation of the infrastructure supporting application deployments, there is significant value in automating the network services, such as DNS and load balancing, that directly impact the ability to continuously deploy applications. Thus programmability is a key enabler of automation in the infrastructure, too, particularly when application network services are critical to a successful deployment. As the network becomes more programmable, the organization can achieve greater automation and agility, which lead to a more dynamic and reliable network, increased operational efficiency, and more consistent, successful application deployments. It is programmability that yields many of the benefits of nextgeneration data center networks. Programmability in the Network 1

Programmability in the Network SDNs, cloud computing, and emerging next-generation data center network models all share a key characteristic: programmability. To enable programmability and extensibility, SDNs challenge the core design principles of data center networks by decoupling the control and data planes. Cloud computing enables a second form of programmability in the network through DevOps initiatives that automate and orchestrate operational tasks and processes to improve operations and reduce time to deployment. Application delivery supports a third form of programmability: the ability to programmatically inspect and transform traffic in real time. In all its forms, programmability in the network enables agility, reduces operational costs, and increases the success rate of application deployments. F5 supports programmability in the network across all three models, enabling agility and extensibility in the application network service fabric. In the same way that SDNs decouple the control and data planes in the network fabric, F5 products decouple their control and data planes so functionality can be extended through plug-in modules as well as programmatic control over real-time traffic on the data plane. High performing organizations deploy code 30 times more often and 8000 times faster than their peers, deploying multiple times a day, versus an average of once a month. They also have double the change success rate and restore service 12 times faster than their peers. The net results are lower business risk and more operational agility. 2013 State of DevOps Report, Puppet Labs Figure 1: The F5 architecture supports key requirements of SDNs and software-defined data centers. Additionally, F5 supports an architecture that includes a flexible and programmable 2

Additionally, F5 supports an architecture that includes a flexible and programmable management plane. This management plane enables integration with data center automation and orchestration solutions and virtualization management platforms. It also provides for a programmatic method of managing the entire application network service lifecycle. Control Plane The word "agility" is used to describe technologies that range from SDNs and the cloud to virtualization. It is used so often and so broadly as to become nearly meaningless. Yet the concept of agility, of being able to react to changing business and operational conditions, represents a very real benefit to organizations. Agility describes the ability of a business to quickly take advantage of conditions in the marketplace by launching a new campaign or reaching out to customers. Agility describes the ability of operations to react to failure or sudden demand for additional capacity. Agility means being able to turn on a dime when necessary. Being able to respond quickly is one thing, but what gets overlooked is how an organization becomes aware of the conditions that require a reaction. The answer is actionable data. Actionable data is an event trigger that starts an operational or business chain reaction, ultimately resulting in action being taken either to resolve or address a problem or to take advantage of some situation. Because of its strategic location in data center architecture, an F5 BIG-IP Application Delivery Controller (ADC) has the visibility necessary to recognize actionable data and not only share that data with collaborative systems but act on it directly. F5 icall The powerful F5 icall scripting framework provides the ability to define data plane events such as threshold breaches and adjust the BIG-IP ADC accordingly when they happen. This BIG-IP control plane scripting capability can perform operational tasks in response to a triggered event, on a periodic basis, or as a perpetual, daemon- like service. icall enables administrators to react to specified data plane events by executing services on the management plane, such as logging a full TCP stack dump on a failure, executing a specific F5 iapps Template to reconfigure application network service settings, or adjusting the weighting of application services based on a change in health-monitoring data. icall can be used to periodically manage backups or repopulate DNS. Additionally, perpetual services such as configuration audits can be managed simply using icall. Management Plane 3

Management Plane A key benefit of an SDN and a cloud computing architecture is increased efficiency. Whether judged by a measure of virtual machine density, the ratio of administrators to virtual machines, or the time required to move an application to production, efficiency is a goal of next-generation data center networks. One way of enabling organizations to achieve higher efficiency, particularly as measured by an application's time to market, is to automate and orchestrate as many operational tasks and processes as possible. An August 2012 survey conducted on behalf of Redwood Software found that 63 percent of enterprises that have implemented cloud solutions report an improvement in agility for supporting the needs of the business. The same survey found that 79 percent of enterprises implementing process automation experienced time savings, while 69 percent claimed improved productivity. 1 F5 icontrol The management plane of the BIG-IP platform offers a comprehensive management API, F5 icontrol, enabling integration with data center management frameworks and stacks such as VMware vcloud Director, Puppet, Chef, OpenStack, and solutions from HP, IBM, and Microsoft. As an open, standards-based API, icontrol can be used by customers to automate or interconnect with custom systems and scripts. icontrol also supports an event-based model, allowing applications and frameworks to subscribe to BIG-IP system events such as the change in status from up to down for a given application node. icontrol is fully documented and supported by the F5 DevCentral community, with over 100,000 active members discussing, contributing to, and documenting the API. A variety of language-specific libraries and assemblies are freely available on DevCentral to assist with development efforts. iapps F5 iapps Templates are customizable operational templates that enable simplified and automatic configuration of application network services across BIG-IP systems. These executable templates encapsulate all the necessary configuration of objects required by an application deployment to ensure availability, security, and optimization of the application. iapps Templates are an integral component of BIG-IP application lifecycle 4

iapps Templates are an integral component of BIG-IP application lifecycle management solutions. The iapps technology supports multi-tenancy and rolebased access to eliminate traditional barriers in the data center that impede time-tomarket for applications and services. iapps enhances visibility for operations and application owners by providing deep insight into the performance and health of all components comprising an application deployment. This visibility enables the collection of statistics, which can be used to determine specific thresholds that generate the events icall executes against. iapps Templates, like icontrol, are also community distributed and supported by F5 DevCentral. Data Plane A key differentiation between F5 and current SDN solutions is the ability to programmatically modify traffic crossing the data plane. This capability is critical to maintaining agility with respect to security and to addressing application- specific requirements such as persistence and application layer routing. Zero-day application layer exploits, for example, can quickly be mitigated programmatically by a system capable of not only inspecting but modifying traffic crossing the data plane. Similarly, scaling stateful systems like virtual desktop infrastructures (VDI) and enterpriseclass applications often requires persistence (also known as sticky sessions or affinity) that can only be enabled by inspecting and often modifying application-layer requests and responses. The F5 irules scripting language enables this breadth and depth of interaction with any IP-based data crossing the data plane. irules Based on Tcl, irules is the F5 data plane scripting language that enables a broad range of functionality to be programmatically inserted into the network. F5 customers routinely implement security mitigation rules, support new protocols, and fix application-related errors in real time using irules. The irules language is powerful and flexible, supporting parameterization that encourages reuse across applications. This capability allows for the rapid development of solutions that can be deployed across multiple applications with confidence. Like icall, irules can be executed in response to an event in the data plane. Unlike icall, irules can also be triggered based on content or a specific command execution. irules is the most mature, robust programmable rules engine available for programming the network without requiring additional point solutions or external frameworks. irules is fully supported by DevCentral, with both F5 and community- developed 5

irules is fully supported by DevCentral, with both F5 and community- developed irules available encompassing a broad range of application and network functionality. Conclusion Programmability in the network has long been cited as the means to offer the extensibility and agility necessary for data center networks to support the increasingly dynamic requirements of modern applications and business stakeholders. No single programmatic approach alone is enough to satisfy these requirements. Agility requires programmability not only of the system via APIs, but of the system itself and, more importantly, the data flowing through the system on the data plane. A comprehensive approach to programmability in the network is necessary to enable operations to truly react on demand to operational and business events and opportunities. The F5 portfolio of products delivering network programmability equips organizations to automate and orchestrate for efficiency gains while also providing access to the data and control planes. As a result, organizations can achieve unprecedented levels of agility and extensibility. Automating also requires discovering and streamlining the operational processes used to manage the deployment lifecycle. This management improvement can result in the elimination of significant operational bottlenecks to increase the efficiency of operations and reduce deployment times. Such improvements enable operations to realize cost reductions in administrative overhead and mitigate a potential source of downtime by eliminating manual, error-prone processes. With icall, irules, iapps, and icontrol, organizations can ensure that operations are agile, no matter how they define and measure agility. 1 Redwood Software, "Manual Madness of Business Processes," August 2012 F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com Americas info@f5.com Asia-Pacific apacinfo@f5.com Europe/Middle-East/Africa emeainfo@f5.com Japan f5j-info@f5.com 2015 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. WP-5251 0113 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback