f5 user’s group september 13 th 2011
DESCRIPTION
F5 User’s Group September 13 th 2011. Agenda TMOS version 11 New features and overview Demo vCMP Demo and discuss iApps User discussion – iRules Survey and suggestions for next meeting Bowling and/or game play. V11 - Revolution. Analytics – URL Load Times. Analytics – TPS per URL. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/1.jpg)
© F5 Networks, Inc.
1
F5 User’s Group September 13th 2011
Agenda TMOS version 11
New features and overview Demo vCMP Demo and discuss iApps
User discussion – iRules
Survey and suggestions for next meeting
Bowling and/or game play
![Page 2: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/2.jpg)
V11 - Revolution
![Page 3: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/3.jpg)
© F5 Networks, Inc.
3
Analytics – URL Load Times
![Page 4: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/4.jpg)
© F5 Networks, Inc.
4
Analytics – TPS per URL
![Page 5: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/5.jpg)
© F5 Networks, Inc.
5
Analytics – Request Throughput per URL
![Page 6: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/6.jpg)
© F5 Networks, Inc.
6
Analytics – Response Throughput per URL
![Page 7: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/7.jpg)
© F5 Networks, Inc.
7
Statistics and Reporting Per Virtual Server CPU Stats and Profile Stats
* Improved Visibility for Each Virtual Service
![Page 8: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/8.jpg)
© F5 Networks, Inc.
8
Statistics and ReportingPer Process CPU & Memory Stats – Dashboard Customization
* Improved Diagnostics
![Page 9: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/9.jpg)
© F5 Networks, Inc.
9
Real-time Transaction logs
Client
Open Application Logging Engine
High Speed Logging Engine (HSL)
• GUI - Request Logging Profile
• Unmatched performance - Up to 200,000 HSL (TCP/UDP) messages per second with minimal impact to cpu usage
• Support compliance requirements
• W3C standard web log format support
![Page 10: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/10.jpg)
© F5 Networks, Inc.
10
F5 ScaleN ArchitectureUltimate Scalability and Reliability
Scale Up
Scale Out
Virtualization (vCMP)
Clustered Multiprocessing (CMP) & SuperVIP
TMOS
The flexibility to scale up, virtualize, and scale out on-demand
![Page 11: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/11.jpg)
© F5 Networks, Inc.
11
Typical Failover – Limited Control
• Typical ADC runs Active-Standby
• Can only fail entire ADC
• Failover events disrupt all services
![Page 12: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/12.jpg)
© F5 Networks, Inc.
12
ScaleN : Device Service ClustersDynamic Service Based Failover• Fail-over targeted application workloads
• Avoid application service disruptions
• Move applications needing extra power
![Page 13: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/13.jpg)
© F5 Networks, Inc.
13
• Active-active-activeN Scale
• Blade fails on BIG-IP 1
• Add new blade to BIG-IP 3
• Blade replaced on BIG-IP 1
• Any type of BIG-IP device
ScaleN: Device Service ClustersElastic Scale Driving Efficiency
![Page 14: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/14.jpg)
© F5 Networks, Inc.
14
Akamai
TMOS – TCP, HTTP, & iRule Enhancements
Ability to create TCP/UDP out of
band connections via iRules
TCP Connection Queuing
TCP Options inspection &
transformation with iRules
Separate caching &
compression profiles from
HTTP
HTML ParsingiRules
*Bigpipe is no longer supported in v11
![Page 15: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/15.jpg)
© F5 Networks, Inc.
15
• Operates at TCP level; HTTP not required• Currently only engages when conn limit hit• Specify queue length limit, time limit, or both• Queues operate per-tmm (no state sharing)
• Length limit divided by tmm count• FIFO guarantees only per-tmm
• Queued at the pool level for non-persistent connections• Queued at the pool member level for persistent connections
• If conn limit is overridden by persistence, that conn is not queued• When a pool member becomes available, it checks the head of its
queue, and of the pool’s queue, and services the flow that got there first.
TCP Connection queuing
![Page 16: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/16.jpg)
© F5 Networks, Inc.
16
New Product and Platform Support
• New 6900S (Turbo SSL), 11000 (48 GB Memory, 4xSSD’s (4x 300GB), 16 Gbps HW Comp.), and 11000/11050F (FIPS) platforms (October announcement)
• WOM standalone product and platforms (1600, 3600, 3900, 6900, 8900,11000)• Modules: Add-on Module support VE and 1600 (ASM, WA, APM, GTM, WOM)• Modules: Triplet support on 3600 and higher (Any combination excluding LC)• VE Production (LTM, APM, ASM, WOM,GTM) *WA coming next release• New VE Lab editions that include all products
3900/3600 8900/8950/8950S6900 and 6900S1600 11000 and 11050
October announcement
![Page 17: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/17.jpg)
© F5 Networks, Inc.
17
BIG-IP Advanced Acceleration Overview
Adaptive Protection for Web 2.0 Applications
![Page 18: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/18.jpg)
© F5 Networks, Inc.
18
Easily Secure JSON PayloadsBIG-IP Application Security Manager
Example: www.stockfacts.com
• Protect from JSON threats
• Render unique blocking message for AJAX widgets
• User informs admin with support ID for resolution
Display a Blocking Message in AJAX Widget
![Page 19: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/19.jpg)
© F5 Networks, Inc.
19
F5 Innovative Protection for Web 2.0 Apps
• Secure all applications• Automatically share policies between devices• Quickly deploy BIG-IP ASM VE in private
clouds
Internet
Private Cloud Apps
Data Center
Web 2.0 Apps
Hacker
Clients
BIG-IP ApplicationSecurity Manager
BIG-IP ApplicationSecurity Manager
![Page 20: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/20.jpg)
© F5 Networks, Inc.
20
Customer Website
Protection from Vulnerabilities Enhanced Integration: BIG-IP ASM and WhiteHat Sentinel
WhiteHat Sentinel• Finds a vulnerability• Virtual-patching with
one-click on BIG-IP ASM
BIG-IP Application Security Manager
• Verify, assess, resolve and retest in one UI• Automatic or manual creation of policies• Discovery and remediation in minutes
• Vulnerability checking, detection and remediation
• Complete website protection
![Page 21: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/21.jpg)
© F5 Networks, Inc.
21
• Policy Tuning• Pen tests• Performance Tests
• Final Policy Tuning• Pen Tests
• Incorporate vulnerability assessment into the SDLC
• Use business logic to address known vulnerabilities
• Allow resources to create value
ASM and the Software Development Lifecycle
• WAF “offload” features:• Cookies • Brute Force• DDOS• Web Scraping• SSL, Caching,
Compression
![Page 22: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/22.jpg)
© F5 Networks, Inc.
22
BIG-IP Advanced Acceleration Overview
Advanced Dynamic Services for Unified Access Control
![Page 23: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/23.jpg)
© F5 Networks, Inc.
23
F5 Unified Access and ControlFlexible and Dynamic ADC Services – BIG-IP v11
BIG-IP Edge Gateway+Access Policy Manager
+WebAccelerator+WAN Optimization Manager
Headquarters and Remote Offices
CorporateWAN
IPsec: Optimized Site-to-Site Tunnels
Internet
BIG-IP System Virtual Editions
BIG-IP Edge Gateway
Data Center
BIG-IP GlobalTraffic Manager
BIG-IP LocalTraffic Manager
+Access Policy Manager
Mobile and Remote Users
Public/PrivateCloud
Optimized Applications to BIG-IP Edge Client
![Page 24: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/24.jpg)
© F5 Networks, Inc.
24
Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager
Dramatically reduce infrastructure costs; increase productivity
= BIG-IP v11
![Page 25: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/25.jpg)
© F5 Networks, Inc.
25
New Detailed ReportingBIG-IP APM
Custom, Built-in and Saved reports
Exported and usedon other devices
e.g How many XP users are still on my network?
e.g. Who accessed app. or network and when?
e.g. Where are users accessing from (geolocation)?
![Page 26: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/26.jpg)
© F5 Networks, Inc.
26
BIG-IP Advanced Acceleration Overview
Scalable, Adaptive and Secure DNS infrastructure
![Page 27: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/27.jpg)
© F5 Networks, Inc.
27
Scalable GSLB PerformanceStep 1: Multicore (CMP) BIG-IP GTM v11
• Enable users to access apps during spikes• Scale with GTM query performance utilizing hardware
– CMP enabled utilizing full set of processing cores– Up to 6 million QPS on VIPRION– Each CPU Core ~ high performance DNS server = 130k+ qps
• Integrates GTM in TMM for exponential performance
125k QPS
600k QPS
1.5Mil QPS
3Mil QPS
6Mil QPS2Mil
QPS
Preliminary estimates: (may exceed)
![Page 28: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/28.jpg)
© F5 Networks, Inc.
28
Exponential and Efficient DNS Performance Step 2: Implement DNS Express
DNS Express• High-speed response and DDoS protection with in-memory DNS
• Authoritative DNS serving out of RAM
• Configuration size for tens of millions of records
• Scalable DNS Performance
• Consolidate DNS ServersManage
DNSRecords
NIC
OSAdminAuthRoles
DynamicDNS
DHCP
AnswerDNS
QueryAnswer
DNSQuery
AnswerDNS
Query
AnswerDNS
Query
AnswerDNS
Query
DNS Express in TMOS
DNS Server
![Page 29: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/29.jpg)
© F5 Networks, Inc.
29
Solution: Easily Handle All DNS Requests Step 3: BIG-IP GTM and IP Anycast Integration
• Same IP Address for multiple devices• Geographically separate the DNS request load for all requests• Scale DNS infrastructure up and out per BIG-IP • Revenue and brand are protected
![Page 30: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/30.jpg)
© F5 Networks, Inc.
30
Eases the IPv6 EvolutionDNS 6 4• Combined NAT64 and DNS64 provide automatic translation• Supports pure IPv6 clients accessing both IPv6/IPv4 sites• Critical for mobile devices and any client optimized for pure IPv6• Eases evolution and bridges gap between IPv6/IPv4 DNS
Internet
IPv4 and IPv6 Clients
BIG-IP Local Traffic Manager+Global Traffic Manager
NAT64
Forwarding/ Mapping Virtual
v4 DNSwww.server.com
(A)
v6 DNSwww.server.com(AAAA)
DNS64
![Page 31: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/31.jpg)
© F5 Networks, Inc.
31
Removed Basic/Advanced
listener
Usability EnhancementsRoute Domains, Monitors, & Default Certificates!
Optional manual selection of prober
assignments
iQuery status in in the GUI
GTM
Route Domain 0
Route Domain 1
Route Domain 2
BIG-IP Local Traffic Manager+Global Traffic Manager
BIG-IP Global Traffic Manager
GTM monitor support of Route
Domains
Default certificate is now 10 yrs!
![Page 32: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/32.jpg)
© F5 Networks, Inc.
32
• Free Customer Web-based Training What’s New in BIG-IP V11
• Additional v11 WBTs modules will be available later
Global Customer Training for V11
![Page 33: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/33.jpg)
© F5 Networks, Inc.
33
vCMP DemoVirtual Clustered Multi-Processing
vCMP = F5’s purpose built hypervisor
Currently available with version 11 on the VIPRION platforms
Today’s demo is on a VIPRION 2400
![Page 34: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/34.jpg)
© F5 Networks, Inc.
34
V11: The iApp Revolution
• Optimizing the network for specific applications takes weeks … and can be frustrating
• F5’s unique application deployment guides helped … now just days
• F5’s new iApp capability reduces process to hours and minutes and it’s portable like virtual machines
• Framework to unify, simplify and control Application Delivery Services
• Application-centric
• Contextual view and advanced analytics
• Rapid and predictable deployment
![Page 35: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/35.jpg)
© F5 Networks, Inc.
35
BIG-IP V10 Managing Objects & ServicesBIG-IP V11 Managing Application Services
![Page 36: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/36.jpg)
© F5 Networks, Inc.
36
BIG-IP V11 Managing Application Services
F5 iAPPs:Managing application services … not network devices or objects.
![Page 37: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/37.jpg)
© F5 Networks, Inc.
37
• IT Network, Security, WAN, and Exchange Team Collaboration
• Application specific questions
![Page 38: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/38.jpg)
© F5 Networks, Inc.
38
Use a single interface to:
• Understand F5 application service dependencies
• Rapidly perform operational tasks
• Quick view of overall application and health status
• View availability status and type for each service object
• Rapidly enable and disable resource pool nodes or servers.
The network from an “Application’s Point of View”
![Page 39: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/39.jpg)
© F5 Networks, Inc.
39
iApp Ecosystem• More than 20 iApp templates come with v11
• F5’s Open iApp Ecosystem is part of DevCentral
• Share iApps within organizations, between partners, and other vendors
![Page 40: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/40.jpg)
© F5 Networks, Inc.
40
User Discussion: iRulesRandy Ferguson – F5 Consultant (Tempe, AZ)
Do you have an iRule you would like to discuss?
Examples:
Select a pool based on the HTTP host header
Sideband Connection – new in v11
LDAP Proxy
Proxy Pass
Additional resources – DevCentral Tutorials
![Page 41: F5 User’s Group September 13 th 2011](https://reader035.vdocuments.mx/reader035/viewer/2022062521/56813627550346895d9da0a9/html5/thumbnails/41.jpg)
© 2011 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, iControl, iRules, TMOS, and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries