Post on 31-Jan-2018
Czas na nowe platformy sprzętowe F5! Dlaczego są to najbardziej programowalne urządzenia ADC na rynku
Maciej Iwanicki, Systems Engineer m.iwanicki@f5.com
SOFTWARE & PLATFORM LIFECYCLE
F5 Software Lifecycle Model 1H CYA
2H CYA
1H CYB
2H CYB
1H CYC
2H CYC
1H CYD
2H CYD
1H CYE
2H CYE
1H CYF
2H CYF
1H CYG
2H CYG
12.0.0
12.1.X
13.0.0
13.1.X
14.0.0
14.1.X
= Hotfix Rollup Release = Maintenance Release
12.0.0
12.1.0 12.1.1 12.1.2 12.1.3 12.1.4
13.0.0
13.1.0 13.1.1 13.1.2 13.1.3 13.1.4
14.1.0 14.1.1 14.1.2 14.1.3 14.1.4
14.0.0
BIG-IP Platform generation
K4309: F5 platform life cycle support policy: https://support.f5.com/csp/article/K4309
Platforms First Customer
Ship Month
End Of Sale
(EoS)
End of New
Software
Support (EoNSS)
Platform End of
Software Dev
(EoSD)
1600 (C102) Jul-2008 01-Oct-2014 01-Oct-2016 01-Oct-2017
3600 (C103) Jul-2008 01-Oct-2014 01-Oct-2016 01-Oct-2017
3900 (C106) Aug-2009 01-Feb-2015 01-Feb-2017 01-Feb-2018
6900 (D104) Aug-2008 01-Feb-2015 01-Feb-2017 01-Feb-2018
VIPRION B2100
Blade (A109) Jan-2012 01-Oct-2015 01-Oct-2017 01-Oct-2018
The platform EoSD is the date that F5 Product Development has ceased considering the repair/maintenance of confirmed software/firmware defects for the designated platform or software release.
2008 2012 2016
1600 v9.4.5 – 12.1.x
2000s 2200s v11.2.1 -
i2600 i2800 v12.1.2 -
3600 v9.4.5 – 12.1.x
4000s 4200v v11.2.1 -
i4600 i4800 v12.1.2 -
3900 v9.4.8 – 12.1.x
5050s 5250v v11.4.0 -
i5600 i5800 v12.1.2 -
6900 v9.4.6 – 12.1.x
7050s 7250v v11.4.0 -
i7600 i7800 v12.1.2 -
8900 8950
v9.4.7 – 12.1.x
10050s 10250v
v11.3.0 -
i10600 i10800
v12.1.2 -
11000 11050
v11.0.0 – 12.1.x
10350v v11.5.4 -
i10800 v12.1.2 -
BIG-IP Platform generation
K5903: Software compatibility matrix: https://support.f5.com/csp/#/article/K9476
K5903: BIG-IP software support policy:
https://support.f5.com/csp/#/article/K5903
Major Release and Long Term
Stability Release versions
First customer ship
End of Software
Development
End of Technical Support
Latest maintenance
release
13.0.0 22-Feb-2017 22-May-2018 22-May-2019 N/A
12.1.x 18-May-2016 18-May-2021 18-May-2022 12.1.2
11.6.x 10-May-20161 10-May-2021 10-May-2022 11.6.1
11.5.x 8-April-20141 8-April-2019 8-April-2020 11.5.4
INTRODUCING BIG-IP ISERIES
World’s Most Programmable Cloud-Ready ADC
DevOps-like agility with the scale, security, and investment protection needed for both established and emerging apps in private and hybrid clouds
Introducing the BIG-IP iSeries Platform
Like-for-Like Comparison (iSeries Vs. Previous BIG-IP)
2x
1.4x 1.5x 1.7x
1x (100%) = Matches Previous BIG-IP performance
Ex
ce
ed
s
Be
low
Pe
rfo
rma
nce
Imp
rove
me
nt
L4 CPS L4 Throughput RSA SSL TPS (2K) L7 RPS (inf-inf)
BIG-IP iSeries Product Line
BIG-IP 7000
Series
BIG-IP 10000
Series
BIG-IP 5000
Series
BIG-IP 2000 Series
BIG-IP 4000
Series
BIG-IP i7000
Series
BIG-IP i10000
Series
BIG-IP i5000
Series
BIG-IP i2000
Series
BIG-IP i4000
Series
BIG-IP 6900
BIG-IP 8900
BIG-IP 3900
BIG-IP 1600
BIG-IP 3600
BIG-IP i10600
BIG-IP i4600
BIG-IP i2600
BIG-IP i7600
BIG-IP i5600
Standard Performance
BIG-IP i10800
BIG-IP i4800
BIG-IP i2800
BIG-IP i7800
BIG-IP i5800
High Performance
PAYG
PAYG
PAYG
PAYG
PAYG
Pay-As-You-Grow (PAYG) Through SW License
iSeries PAYG License Structure
Features Standard ix600
Performance ix800
TurboFlex X Full
L2/L3 Switch Capability Full Full
L4/ L7 Throughput / L4 Max Concurrent Connections Full Full
CPU ~1/2 Full
L4 / L7 CPS / L7 RPS ~1/2 Full
HW SYN Cookies (Only i5600 and above) ~1/2 Full
SSL TPS (RSA 2K Keys / ECDSA+ECDHE P-256) ~1/2 Full
vCMP (Except i2800, i4800) X Full
Compression Software Hardware
New in
iSeries
Same as
Previous
BIG-IP
BEST CRITICAL DATA PROTECTION
ECC SSL Hardware Offload
First ADC vendor to provide Elliptic Curve Cryptography (ECC) SSL TPS in hardware across all platforms
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ONLY SOFTWARE-DEFINED HARDWARE
Overview of Processing Hardware Logic execution speed vs. flexibility
LOGIC EXECUTION SPEED
•
•
•
•
•
•
•
•
•
•
•
F5’s Strategy Now and Forever: Leverage FPGAs
• Next generation hardware provides 2X+ increase in custom logic capacity previous F5 hardware
• 250+ years of combined FPGA/CPU development experience
BIG-IP i2800 BIG-IP i4800
Tier 1 Tier 2
New! New!
TurboFlex: 3 Tiers based on FPGA capacity
TurboFlex: 3 Tiers based on FPGA capacity
BIG-IP i7800 BIG-IP i10800 BIG-IP i5800 BIG-IP i2800 BIG-IP i4800
Tier 1 Tier 2
Tier 3
2x Bandwidth
New! New!
iSeries TurboFlex
ADC Profile
UltraFast L4 Profile
Security Profile
Private Cloud Profile
Low Latency Profile (FIX)
DNS Profile
AV
AIL
AB
LE A
T IN
ITIA
L LA
UN
CH
FU
TUR
E >
13
.1.X
• TurboFlex is the ability to change the profile of the FPGA to load a different bitstream so that certain types of traffic are hardware accelerated
• TurboFlex is only available on the ix800 iSeries devices
• TurboFlex will be enhanced to add additional features in future releases
• The x600 series devices do support a limited set of hardware acceleration (Base Profile) in FPGA but do not have TurboFlex (the ability to switch profiles)
Software-Defined Hardware
TurboFlex Profiles Example Benefits
Security • Up to 10x capacity to absorb
DDoS attacks
Private Cloud • 25% - 50% reduction of CPU load
for SDN protocol processing
ADC • For VoIP/streaming media apps,
UDP packet processing provides:
• 200% more capacity
• 75% less delays
• 98% reduction in jitter
Deliver multi-service offload to maximise investment protection and future-proof
• Only vendor to offer breadth of HW offload capabilities for ADC, Security, and Cloud
• Only vendor to improve performance in hardware with the agility of software
• Only ADC platform to truly future-proof your investments
TurboFlex performance profiles
TurboFlex enables customers to select the types of traffic and functions most important to their application, then accelerate them in hardware via software programmable performance profiles.
SUMMARY
BIG-IP iSeries Benefits
More than twice the performance of
existing F5 platforms Simplify and automate
integration
Best Critical Data Protection
Simplify and scale SSL
Only Software- Defined Hardware
Maximise investment protection
Lowest TCO
Consolidate app services
$ 2x
BIG-IP® Advanced Firewall
Manager (AFM)
BIG-IP® Application
Security Manager
(ASM)
BIG-IP® DNS
Modules (DNS)
BIG-IP® Local
Traffic Manager
(LTM)
BIG-IP® Carrier
Grade NAT (CGNAT)
BIG-IP® Policy
Enforcement
Manager (PEM)
F5 MobileSafe
and WebSafe
BIG-IP® Cloud
Connector (CC)
BIG-IP® SDN
Gateway (SDNG)
F5 Secured
Web Gateway
(SWG)
Service Provider
Security Cloud
ADC
BIG-IQ/iWorkflow Platform™
iRules®, iApps®, iCall, iStats, mRules, and iControl®
KVM / AWS / Xen
VMWare / HyperV
L3/Routing, UDP, IP, IPSec, IPv6, SCTP, TCP, HTTP, SSL, FIPS, Tunneling, BWC, Stats, Certifications
CMP, VCMP, ScaleN, Firmware, HAL, Sizing Guides
Programmability
Core Protocols
Performance / Scalability
TMOS Operating System
Appliances Chassis Software
RBAC, Logging, SNMP, CLI, GUI Manageability
BIG-IP® Access Policy
Manager (APM)
TMOS Platforms
F5 BIG-IP + BIG-IQ/iWorkflow modular architecture
1st Node.js support
ADC vendor
2x L4 throughput
vs. largest ADC competitor
6x SSL ECC TPS
vs. leading ADC competitor
1.2x L7 RPS/L7 CPS vs. largest ADC competitor
1.4x L4 CPS
vs. top ADC competitor
2x Price/Performance vs. leading ADC competitor
20x DNS RPS
vs. BIND-based competitors Only L7 DoS
behavioural analysis Firewall vendor
Only Hybrid crypto offload
ADC vendor
Only SAML SSO
for client-based apps Access vendor
L4 concurrent
connections vs. top ADC competitor
2.2x
1st
HTML5
Websockets WAF vendor
1st
HTTP/2 support ADC vendor
User access
sessions vs. leading SSO vendors
5x
5x Fewer ADC devices
than largest ADC
competitor for VDI
Only Software-Defined
Hardware ADC vendor
Best SSL throughput
(3.5x average) vs. leading ADC competitor #1
Most
effective
WAF NSS Labs
Dziękuję bardzo!