Overview:The entry-level BIG-IP i2000 series provides a high-performance ADC platform for small to medium enterprises and organizations requiring integrated application delivery and security. This series features the latest 2-Core Intel Xeon CPU, 16GB DDR4 RAM, a 500GB enterprise-class hard drive, four 1GbE fiber ports, and two 10GbE SFP+ ports. The i2800 provides double the Layer 4 throughput, 2.8x the Layer 4 concurrent connections, and 1.5x the Layer 7 request per second than previous comparable models, with support for F5’s GBB bundle licensing. Gain Agility with the Most Programmable Cloud-Ready ADCF5’s next-generation, cloud-ready Application Delivery Controller (ADC) platform provides DevOps-like agility with the scale, security depth, and investment protection needed for both established and emerging apps. The new F5 BIG-IP iSeries appliances deliver quick and easy programmability, ecosystem-friendly orchestration, and record breaking, software-defined hardware performance. As a result, customers can accelerate private clouds and secure critical data at scale while lowering TCO and future proofing their application infrastructure. Key BenefitsObtain the lowest TCOReduce TCO and the infrastructure footprint by consolidating app and security services on to a unified, high-performance platform.Protect critical dataDeliver the SSL capacity required to protect critical data—including offload of elliptical curve cryptography (ECC) processing to hardware—enabling forward secrecy scaling.
The Advantages of F5 BIG-IP Hardware:The BIG-IP iSeries platform perfectly blends software and hardware innovations that balance the need for performance, scalability, and agility. The F5 TMOS operating system provides total visibility, flexibility, and control across all application delivery services. With TMOS, organizations can intelligently adapt to the diverse and evolving requirements of applications and networks. Other unique or patented hardware and software innovations enable the BIG-IP iSeries platform to offer unmatched capabilities:.
The F5 Networks BIG-IP I5820 Local Traffic Manager Switch unifies application delivery for established and emerging applications in data center and cloud environments. The iSeries appliances provide superior performance, control and versatility.
F5 TurboFlex optimization technology: Field-programmable gate arrays (FPGAs), tightly integrated with CPUs, memory, TMOS, and software, provide specific packet-flow optimizations, L4 offload, support for private cloud tunneling protocols, and denial-ofservice (DoS) protection. These hardware optimizations not only improve performance but free CPU capacity for other app delivery and security tasks.
Only BIG-IP iSeries appliances feature TurboFlex performance profiles—user-selectable, pre-packaged optimizations that provide different performance characteristics depending on the business need:. L4 offload enables unsurpassed throughput and reduced loads on software. Unique per-virtual-IP/application SYN flood protection ensures that if one application is under attack, others are not affected.
Gain Agility and Control in Private Clouds:Enterprises are migrating to private clouds to achieve agility and speed time to market for applications while maintaining control. Regardless of the chosen cloud stack, typically only basic networking and app services like load balancing are provided. Advanced application delivery and security services are required to optimize and protect applications.
Highly scalable BIG-IP platforms, with programmatic interfaces and service delivery templates, enable integration and automation with orchestration systems and deliver rightsized services aligned to specific app needs.F5 solutions integrate with the leading private cloud technology stacks, including OpenStack, VMware, and Microsoft. For OpenStack, F5 provides native orchestration with Heat templates to automate the end-to-end deployment of advanced app and security services, reducing deployment times from days to minutes.
Integration with VMware vRealize Orchestrator through the Blue Medora vRO plug-in reduces configuration time, enables selfservice of F5 application services by app owners, and automates complex, multi-step workflows. F5 iWorkflow enables integration of F5 devices with software-defined networking (SDN) orchestration systems providing a single point of contact between the orchestrator and F5 devices. Two-tier architectureFor enterprises deploying a private cloud, a two-tier architecture provides an optimized design that takes best advantage of both hardware and software app delivery services. The first tier provides services such as L4 traffic management, distributed denial-of-service (DDoS) firewall, or SSL offloading, which are centralized and shared for all north-south traffic entering the network, enforcing consistent app policies. These services, which deal with high-volume traffic and incur heavy CPU loads, require high performance, scalability, and guaranteed service-level agreements (SLAs).
![]()
Dedicated, purpose-built hardware such as BIG-IP iSeries appliances meet those requirements and, depending on the environment and app requirements, can be more cost efficient than commodity servers.Tier 2—the tenant or app tier—includes emerging, cloud-native applications that can be hosted in containers or disaggregated into microservices. The apps require specific services addressing intra-app traffic (east-west traffic).
![]()
Those services, which can include basic load balancing to web app firewall or web performance optimizations, can be delivered on a per-application basis through highly scalable, flexible software such as virtual editions of BIG-IP products. This two-tier architecture model, standardized on F5 application services, offers flexibility, a strategic point of control where proven app policies can be enforced, and complete visibility of all traffic, taking advantage of hardware where it’s needed and software agility near the app.Figure 1: Orchestrated and automated deployment of app services in a two-tier private cloud architecture.
Consistent App Delivery and Security for Public CloudAs more enterprise applications migrate to public cloud, it’s becoming more difficult to maintain network requirements and consistent application policies. In addition, many IT architects are unaware of the amount of public cloud apps deployed, the current configurations and services for those apps, and how to discover apps in flight. Organizations are turning to interconnection services at colocation providers for direct public cloud access; however, application delivery and security services across public cloud providers is disparate and varied, compared to on-premises and private cloud solutions.F5 Application Connector is an add-on to the F5 BIG-IP platform, allowing services insertion for public cloud applications. It also acts as a cloud proxy instance for securely connecting public clouds to an organization’s application service infrastructure within cloud interconnects (colocations) or data centers. This enables the use of public cloud resources as part of an organization’s compute infrastructure. Application Connector also performs workload discovery within the Amazon Web Services (AWS) and Azure public cloud, and provides a secure connection back to interconnect services or data centers, allowing application services insertion on the BIG-IP platform.Figure 2: Application Connector helps you easily search and find public cloud-hosted workloads in AWS and Azure. Securely connect all public cloud apps, and insert app delivery and additional security services such as SSL.
Provide consistency across app deployments, and securely maintain sensitive SSL keys from a central location. ProgrammabilityEnabling automation and orchestration is key to achieving the benefits of cloud and software-defined architectures and to scaling application services on demand. F5 platforms offers many ways to program the application services fabric and network, enabling organizations to automate deployment, react in real time to events, and easily integrate into orchestration systems. F5 iRules scripting has long provided granular traffic control and visibility, enabling customization, rapid response to code errors and security vulnerabilities, and support for new protocols. New F5 iRules LX lowers costs and speeds deployments by extending iRules to JavaScript developers and providing access to, and easier integration with, over 250,000 community Node.js packages. In addition, with F5 iApps templates, organizations can automate deployment and configuration of application services in minutes.
F5 iControl® REST APIs and SDKs provide integration with leading open source and commercial orchestration systems, VMware, OpenStack clouds, and configuration management systems such as Puppet, Chef, and Ansible. BIG-IQ Centralized ManagementF5 BIG-IQ Centralized Management is F5’s management and orchestration platform. It provides a central point of control for F5 physical and virtual devices and the app delivery and security services that run on them. BIG-IQ Centralized Management is available both as a virtual edition and an F5 appliance. Licenses and Services: Simplified LicensingIt’s never been easier to consolidate application services in data center and cloud environments. F5’s Good-Better-Best licensing provides the flexibility to provision advanced F5 modules on-demand at the best value. Discover the right set of F5 solutions for your application environment.
Procure the Better or Best modules for your applications. Implement comprehensive application services on a virtual or physical platform.F5 Global ServicesF5 Global Services offers world-class support, training, and consulting to help you get the most from your F5 investment. Whether it’s providing fast answers to questions, training internal teams, or handling entire implementations from design to deployment, F5 Global Services can help ensure your applications are always secure, fast, and reliable.
GSLB Integration with F5 GTMTo ensure high availability across geographic regions or data centers, Avi Networks recommends use of multiple data centers to distribute risk and reduce failure domains. Avi recognizes that many customers already own global server load balancers from other vendors, which provide DNS-based load balancing across geographies. Avi Vantage is able to work with most global server load balancing (GSLB) solutions, though the level of integration depends on the vendor used.The procedure in this article works with Avi Vantage version 15.x and higher, and F5 Networks Global Traffic Manager (GTM) version 10.x and higher. Other versions also may work but are not covered or tested under the scope of this article.For help configuring Avi Vantage’s GSLB capabilities, see. AssumptionsThis scope of this document covers integration of Avi Vantage with F5 GTM.
This document assumes that:. Avi Vantage is installed in one or more data centers. F5’s BIG-IP GTM is installed.GTM may or may not be installed in the same data centers where Avi Vantage will be providing local application delivery services.
Configuration of Avi VantageNo special configuration is required for virtual services advertised by Avi Vantage to be load balanced through global server load balancers. The virtual services may exist on a single Avi Controller cluster or they may exist across multiple Controller clusters in different data centers. Create Load Balancer Server ObjectFirst, Avi Vantage must be added as a load balancer object to the GTM. From within the GTM GUI, navigate to DNS GSLB Server and select Create. Configure the following fields within the General Properties section:.
Name: Unique Avi instance name, for example “AviDC1”. Product: Generic Load balancer.
Address: With the recommended configuration, the GTM never uses this IP address. Nonetheless, the field must have a value, so enter any IP address of an Avi Controller from the cluster and click Add. Data Center: Select a pre-configured GTM data center object, for example “DataCenter1”. The GTM uses this information for determining which device will send health checks to Avi Vantage.Within the Configuration section:.Health Monitor.: Avi’s recommendation is to leave this health monitor field empty. It is optional to add a health check to verify access to Avi Vantage. This involves the GTM sending a query to the IP address of the Avi Controller.
This additional check is not recommended by default as it requires the GTM to have access to the Controllers, which are often on protected management networks. Should this check be desired, the Address and Translation Address of the Avi Vantage server object must be correct. The health monitor to check access to the Avi Controller is added via the Health Monitor setting.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |