F5 Overview

Uploaded from authorPOINT Lite
Download as
 PPT
Presentation Description 

No description available

Comments Sign in to comment
By:
 (5 month(s) ago)  
Hi... this is a good presentation. Could you provide it in PPT, please? Thanks a lot. Cheers.

Embed URL Thumbnail


Custom Embed WordPress Embed

Happy Thanksgiving
What's up on authorSTREAM?
Views: 2091
Like it  ( Likes) Dislike it  ( Dislikes)
Added: February 21, 2008 This Presentation is Public 
Presentation Category : Entertainment All Rights Reserved
Presentation Transcript

Slide1: Presented by: Marcos Ong – Sales Director Ken Wong – Pre-Sales Consultant Building a Better Architecture


Agenda: Agenda Overview of F5 Enhance Application Availability Enhance Application performance Security – Prevent Web Application attack


Analyst Leadership Position: Source: Gartner, January 2007 Magic Quadrant for Application Delivery Products, 2007 F5 Strengths Offers the most feature-rich AP ADC, combined with excellent performance and programmability via iRules and a broad product line. Strong focus on applications, including long-term relationships with major application vendors, including Microsoft, Oracle and SAP. Strong balance sheet and cohesive management team with a solid track record for delivering the right products at the right time. Strong underlying platform allows easy extensibility to add features. Support of an increasingly loyal and large group of active developers tuning their applications environments specifically with F5 infrastructure. Analyst Leadership Position F5 Networks Citrix Systems Akamai Technologies Radware Cresendo Coyote Point Zeus Cisco Systems Foundry Networks Nortel Networks Juniper NetContinuum Array Networks


F5 Leads Application Delivery Controller Market Segment for CY 2006: F5 Leads Application Delivery Controller Market Segment for CY 2006 CY 2006 Gartner Application Delivery Controller Market Share SOURCE: Gartner Cisco 29.8% F5 NETWORKS 33.7% Foundry 5.9% Other 12.2% Radware 5.4% Citrix 7.7% CY 2006 ADC* Market Share Leaders F5: 33.7% Cisco: 29.8% Citrix: 7.7% CY 2006 ADC Market Share Revenue Leaders F5: $314.1Million Cisco: $277.7Million Citrix:: $71.4Million CY 2006 ADC Y/Y Revenue Growth F5: 41.3% Cisco: 30.2% Citrix: 55.2% CY 2006 ADC Total Market Numbers Revenue: $932.6Million Y/Y Revenue Growth: 28.2% *Application Delivery Controller Segment Includes: Server Load Balancing/Layers 4-7 Switching and Advanced (Integrated) Platforms Nortel 5.4%


F5 Remains Leader Over Cisco in Application Delivery Controller Market Segment for Q107: F5 Remains Leader Over Cisco in Application Delivery Controller Market Segment for Q107 Q107 Gartner Application Delivery Controller Market Share SOURCE: Gartner Cisco 27.2% F5 NETWORKS 38.3% Foundry 4% Other 17% Radware 5.1% Citrix 8.4% Q107 ADC* Market Share Leaders F5: 38.3% Cisco: 27.2% Citrix: 8.4% Q107 ADC Market Share Revenue Leaders F5: $95.9Million Cisco: $68Million Citrix:: $21Million Q107 ADC Q/Q Revenue Growth F5: 9.2% Cisco: -13.9% Citrix: 7.7% Q107 ADC Total Market Numbers Revenue: $250.2Million Q/Q Revenue Growth: (-)4.5.9% *Application Delivery Controller (ADC) Segment Includes: Server Load Balancing/Layers 4-7 Switching and Advanced (Integrated) Platforms


F5 Grows Market Share in Advanced Platform ADC Segment for CY 2006: F5 Grows Market Share in Advanced Platform ADC Segment for CY 2006 CY 2006 Gartner Advanced Platform ADC Market Share SOURCE: Gartner Citrix 13.6% F5 NETWORKS 59.9% Radware 9.5% Other 3.4% Cisco 5.7% Juniper 4.3% CY 2006 Advanced Platform ADC* Market Share Leaders F5: 59.9% Citrix: 13.6% Radware: 9.5% CY 2006 Advanced Platform ADC Market Share Revenue Leaders F5: $314.1Million Citrix: $71.4Million Radware:: $50Million CY 2006 Advanced Platform ADC Y/Y Revenue Growth F5: 41.3% Citrix: 55.2% Radware: -8.9% Cisco: 90.4% CY 2006 Advanced Platform ADC Total Market Numbers Revenue: $524.4Million Y/Y Revenue Growth: 36.8% *Advanced Platform Segment Includes: ADCs that integrate several functions (typically more than four) on a single platform (for example, load balancing, TCP, connection management, SSL offload, compression and caching) Crescendo 3.5%


F5 Dominates Advanced Platform ADC Segment for Q107: F5 Dominates Advanced Platform ADC Segment for Q107 Q107 Gartner Advanced Platform ADC Market Share SOURCE: Gartner Citrix 13.4% F5 NETWORKS 61.2% Radware 8.1% Other 6.2% Cisco 5.4% Q107 Advanced Platform ADC* Market Share Leaders F5: 61.2% Citrix: 13.4% Radware: 8.1% Q107 Advanced Platform ADC Market Share Revenue Leaders F5: $95.9Million Citrix: $21Million Radware:: $12.8Million Q107 Advanced Platform ADC Q/Q Revenue Growth F5: 9.2% Citrix: 7.7% Radware: -1.9% Cisco: -8.8% Q107 Advanced Platform ADC Total Market Numbers Revenue: $156.6Million Q/Q Revenue Growth: 6% *Advanced Platform Segment Includes: ADCs that integrate several functions (typically more than four) on a single platform (for example, load balancing, TCP, connection management, SSL offload, compression and caching) Crescendo 5.6%


The Leader in Application Delivery Networking: Users Datacenter The Leader in Application Delivery Networking


Slide9: Availability


Business Continuity & Disaster Recovery: Business Continuity & Disaster Recovery GTM, LC and LTM provide best-of-breed solutions for failover upon downed systems on datacenter, links or servers WANJet provides speedy replication of data across data centers to ensure database and application integrity during failovers FirePass provides remote access to users that typically access their internal site, but due to the disaster must now remotely access the back-up site


GTM 101: GTM is authoritative DNS for domain.com Always 2+ GTM’s Geographically distributed Config and metrics automatically synchronized Monitors availability & performance of redundant servers across DC’s LTM virtual servers (via iQuery) Other servers (via Ping/SNMP/EAV) Monitors network proximity from DC – LDNS Clients can be directed to servers based on availability, static distribution, server performance, network proximity, topology, etc. Repeat requests from a client (even to other GTM) can be persisted to same server for transaction continuity GTM in 9.x on 1500 can do (approx): 40K res/sec w/ round robin 19K-40K res/sec w/ path-based LB 28K-40K res/sec w/ topology 21K-25K res/sec w/ dynamic persistence GTM is delivered as: Module on any platform that runs LTM Standalone 1500 (and 6400 in approx. v9.4 timeframe!) GTM 101 Secondary DC LTM Servers DR DC LTM Servers Primary DC Server Servers LTM Server IQ:get_vips() IQ:vips 1..n IQ:vips 1..n IQ:vips 1..n IQ:SNMP() IQ:SNMP data IQ:SNMP data SNMP Response 1st Query 2nd Query persists to same server Primary DC is closest GTM versus BIND Monitoring: GTM hands out the BEST address Persistence Management (GUI, ZoneRunner) TMOS / Integration


Load Balancing and Distribution: Load Balancing and Distribution Static Round Robin Ratio Random Persistence Hash Specialized Quality of Service Global Availability Topology Schedule iRule Dynamic Ratio Dynamic KB Per Second Packet Rate VS Capacity Least Connection Round Trip Times Completion Rate Hops


Application Continuity – Persistence across WideIPs: Application Continuity – Persistence across WideIPs Site 1 Site 2


Composite Monitors – (M of N) Multiple ECVs: Composite Monitors – (M of N) Multiple ECVs Site 1 Site 2


Smart Application Re-direct: Smart Application Re-direct Site 1 Site 2


Directing Traffic Over the Best ISP Link: Directing Traffic Over the Best ISP Link Internet BIG-IP Link Controller Corporate Servers Corporate Users ISP2 Firewalls Corporate Network 2 1 2 1 Inbound Client Request Corporate Server Response Outbound Corporate User Request 2) Internet Server Response Client Server


Art of Server load balancing: Art of Server load balancing Server High Availability Network Health Check Network Check (L2/3 check), services (L4) Application Check (L7 content check – ECV, EAV) Server Monitoring Memory, CPU, Disk…etc - Unique WMI (*.dll Windows Server Platfom) Unique SNMP (all OS platform) Traffic distribution (Load Balancing) Static LB: Round Robin, Ratio, Priority Dynamic LB: Least Connection, Fast response, Dynamic ratio, Predictive, Observed mode Network Flexibility NAT SNAT, iSNAT Network/Host + service Routing VLAN, 802.1ad, 802.1q Spanning Tree Advance Routing Module (RIP, OSPF, BGP)


High Availability: High Availability BIG-IP redundant pair automatic failover Failover <0.5sec (200 ms) Active/Standby, Active/Active mode Stateful failover Network Arm fail safe Gateway Arm fail safe


Application Management: Application Management Load balance and Persistence HTTP Cookie, SSL Session ID, SIP Call id, Expression Content Switching Bandwidth Management Benefit: Add servers/Applications horizontally (Scale Out) Manage Applications instead of Servers


L7 Rate Shaping: Sophisticated Bandwidth Control Flexible bandwidth limits Full support for bandwidth borrowing Traffic queuing (stochastic fair queue, FIFO ToS priority queue) Granular Traffic Classification L2 through L7 iRules support can initiate a rate class on any traffic flow variable Only Multi Direction Control Control throughput in any direction Ceiling Rate Base Rate Class Burst Integrated and Fine Grained Bandwidth Control WAN Pool of Servers Network Segments L7 Rate Shaping


Network Security: Network Security Syn Ack+1 L4 and L7 Protection Denial of Service Syn Ack Solution is Syn Check. BIG-IP “proxies” L4 AND L7 connections until they have been authenticated preventing a Syn or Ack Flood to even know of an attack. Syn Ack+1 Syn Ack+1 Configuration: Can be set globally or per VIP and activated only when configurable connection thresholds are met. Result: Maximum uptime, protection from malicious attacks


Network Security: Dynamic Reaper – Sample Attack : Network Security: Dynamic Reaper – Sample Attack


5x the Scalability to Protect Against SYN Floods: 5x the Scalability to Protect Against SYN Floods BIG-IP v9 and SynCheck ™ Feature provides unmatched protection against SYN Floods, one of the most common attacks on networks today.


Slide24: Acceleration


To Maximize Performance — Let Servers Serve!: To Maximize Performance — Let Servers Serve! Server General-purpose OS General-purpose HW Applications Business logic Content ADC Optimized OS Offload ASICs Server load balancing Connection management SSL termination URL rewrite Compression Object caching Transaction assurance Application security WOC Optimized OS Traffic shaping/QOS Compression/sequence caching Network protocol manipulation Application-specific optimization Servers


Acceleration Focus Areas: Acceleration Focus Areas Tier 1 Acceleration – Network Offload TCP stack and browser/server incompatibility (TCP Express) Duplicate data being transfer across the network (TDR2) Security and Authentication add overhead (ACA and FP) Compression for remote access for all protocols (Comp & fp) Storage and Data Replication eat all of the bandwidth (QoS & TDR) Tier 2 Acceleration – Server Offload Servers are busy serving same data over and over (Caching) Too many connections to back-end servers (OneConnect & spooling) Overflow of connections to back-end servers (RateShape & conn limit) Tier 3 Acceleration – Application Offload Browser re-downloads same content over and over (IBR) Web Apps are slow over the WAN (HTTP accel, comp, PDF linear..) MS File Sharing and file ops over WAN are slow (CIFS Accel)


TCP and IP Optimizations: TCP and IP Optimizations Translate between non-optimized clients and servers on WAN Optimized delivery per WAN conditions and client type Optimized delivery per LAN conditions and application type


BIG-IP’s TCP Optimization Delivers Applications Faster: BIG-IP’s TCP Optimization Delivers Applications Faster *Percentage of Improvement With BIG-IP Optimizing the Applications


Reduce Data = Network Acceleration: Reduce Data = Network Acceleration Data Center Data Center WAN TDR


Application Acceleration Gains: Application Acceleration Gains 500x 90x 50x 15x 5x 5x 10x Average Performance Gains Actual Performance Gains 10x 10x 5x 2x 2x


SSL Leadership: SSL Leadership SSL Termination SSL Acceleration SSL Certificate Management Client Certificate SSL to Server SSL Gateway Failsafe SSL Acceleration built-in 100 TPS standard FIPS 140-1 Certification Load balancing to dedicated SSL devices


OneConnect ™ – Connection Pooling: OneConnect ™ – Connection Pooling Increase server capacity by 30% Aggregates massive number of client requests into fewer server side connections Transformations form HTTP 1.0 to 1.1 for Server Connection Consolidation Maintains Intelligent load balancing to dedicated content servers Good Sources: http://tech.f5.com/home/bigip/solutions/traffic/sol1548.html http://www.f5.com/solutions/archives/whitepapers/httpbigip.html


Static and Dynamic Caching: Static and Dynamic Caching First Request Compression Cache Next Requests Cache Reduced Client Latency Stores compressed and non-compressed content Content Serving Offload Server Connection Offload


Compression Calculator : Compression Calculator http://www.f5demo.com/compression


Reasons Application Offload Needed: Reasons Application Offload Needed


WebAccelerator Functionality: WebAccelerator Functionality Intelligent Browser Referencing : Express Loader Express Connect Express Documents Express Pages Application Smart Caching (Dynamic Caching) Intelligent Compression Network


Express Loader: Features Compatible with any object type Browser and cache transparency No application changes required Benefits Reduces download time Reduces the chattiness of HTTP Reduces network and protocol delays Eliminates unnecessary upstream requests for objects Ensures propagation of valid content Stages Content In Browser & Downstream/Edge Caches Express Loader


Slide39: Benefits Makes more efficient use of the network Reduces wait times Divides the task of requesting and receiving objects among more connections Features Open Multiple TCP connection Handles browser dependencies Enables pipelining Transparent to the origin application Enable the Browser to Increase Simultaneous Connections Express Connect X 2 TCP X 8 TCP


Impact of Acceleration: Impact of Acceleration With WebAccelerator 512K/Sec Connection Repeat Visits to Portal Original Portal Performance


Impact of Acceleration: Impact of Acceleration With Without


Impact of Acceleration: Impact of Acceleration With Without


Impact of Acceleration: Impact of Acceleration With Without


Smart Caching on Dynamic Data (Existing Customer): Smart Caching on Dynamic Data (Existing Customer) Background: Approximately 10 Million Pages were served to gather these metrics 86% of the requests were fulfilled entirely from the Web Accelerators. (Unique Capability) Environment: Multiple Web Accelerators behind Load Balancers Multiple Application Servers running on Solaris


Packaged & Validated Web App Policies: Packaged & Validated Web App Policies Validated in the Microsoft Technology Center


Microsoft SharePoint Performance: Microsoft SharePoint Performance F5 speeds web app delivery 3X-10X


Slide47: Security


Slide48: Owa iNotes Web-Based CRM HR Data Servers, Applications, Intranet Servers Any User Suppliers Consultants Branch Office Employees Telecommuters Mobile employees Partners Any Device Laptops MAC Linux/Unix/Solaris Home PCs Smart Phones PDAs Wi-Fi Access Any Application Mainframe Client-Server Web-Based Web Services FirePass Increases Worker Productivity Broadest Application Support Broadest Device support Broadest User Interface


Application Protection: Application Protection Continuous endpoint security enforcement for individual application AV must be updated w/ in 2 days Windows XP SP2 Pre-installed File Trusted IP subnet Virtual keyboard ON Monday to Friday 0900-1900 AV updated w/ in 7 days Windows XP SP2 Mon to Sat 0700-2400 Met Initial End Point Checking Client/Server Application Full Network Files


Secure Browser: Secure Browser Prevent source code leakage


How BIG-IP MSM Works: How BIG-IP MSM Works with MSM Existing messaging security Email servers SMTP sender request IP reputation request 90% trusted? 50% suspicious? Internet BIG-IP LTM Fast scan 95% bad?


Traditional Security Solutions Don’t Protect Web Applications :                 Traditional Security Solutions Don’t Protect Web Applications Known Web Worms Unknown Web Worms Known Web Vulnerabilities Unknown Web Vulnerabilities Illegal Access to Web-server files Forceful Browsing File/Directory Enumerations Brute Force attacks Buffer Overflow Cross-Site Scripting SQL/OS Injection Cookie Poisoning Hidden-Field Manipulation Parameter Tampering Flood attacks (GET, 404) SSL Flooding Application Firewall X X X X X X X X X X Network Firewall IPS X X X X X X  Limited Limited Limited Limited Limited Limited Limited Partial X Limited Limited Limited Limited Limited Limited


Example: Parameter Tampering: Example: Parameter Tampering Change the requests being sent to the server, either in a URL (shown here) or by viewing the source of the page.


Real-life Example: Online Clothing Store: Real-life Example: Online Clothing Store “Jason Sudowski of Niantic, Connecticut was looking for a nice matching bra and undies set for his loved one when he discovered a way to peek at other customer’s orders.” (New York Times, Oct. 2003)


Solution: Secure at the parameter level: Solution: Secure at the parameter level


Problem: Cookie Poisoning: Problem: Cookie Poisoning Change the cookie file on a computer and appear as another user.


Real-life Example: Gateway Computer: Real-life Example: Gateway Computer “The computer maker's site assigned a user number to anyone who opened an account; [saved in a cookie] If you changed your cookie, the site's computers would think you were the owner of that second number, and would display in your browser that other person's name, address, phone number and order history, along with the last four digits, expiration date and even "verification code" of his or her credit card.” (Wall St. Journal, February 2004) Full Story http://webreprints.djreprints.com/950910380730.html


Solution: Proactive Security Model: Solution: Proactive Security Model


What’s Required to Solve the Problem?: What’s Required to Solve the Problem?


Application Security Methodology: Application Security Methodology Policy-based reverse proxy Dedicated security appliance; built-in SSL acceleration Stops generalised and targeted attacks Application content & context aware Bi-directional; request filtering & application cloaking VPN App Firewall App User Traffic Mgt Intelligent Client Network Plumbing Application Infrastructure Application Firewall IDS-IDP Anti-Virus


The Application Flow Model: The Application Flow Model


The Application Flow Model: The Application Flow Model


Real-World Testing: Real-World Testing Most Extensive Testing To Date Europe’s foremost independent network testing facility 150 Tests completed across all vendors Ixia and Spirit Validated Tests and Detailed Methodology Documentation Goal: Real World, Open, Honest, and Repeatable Testing Markets had too many engineered and isolated “hero statistics” Results “BIG-IP 6800 emerged comfortably ahead on all tests” Demonstrated 2x–5x better performance across all major functions (L4,L7, SSL, Compression, DoS Protection, and Mixed Traffic Tests)


Faster Compression Processing: Faster Compression Processing Ave. Site 32KB-64KB 3x to 4x the capacity 3x to 4x Lower Latency BIG-IP = 56 ms TTLB Netscaler = 235 ms TTLB Redline = 312 ms TTLB Dramatic improvements on larger request sizes TTLB - Time To Last Byte New New


Slide65: L4 Connection and Throughput


Clear L7 Leadership: Clear L7 Leadership Broadband -- “BIG-IP 6800 emerged comfortably ahead on all tests, with the Cisco CSM and NetScaler 9950 performing as the best of the rest at 75% and 62% of the BIG-IP device’s connection rate respectively, and Redline, Radware, and Nortel performing at a fraction of that.”


Delivering 2 to 10 times SSL Performance: Delivering 2 to 10 times SSL Performance Only Integrated ASIC offloading SSL TPS and Bulk Crypto Continue SSL Leadership demonstrated by 14 Quarters of #1 position for Integrated SSL encryption market – Infonetics


Encryption Everywhere: Encryption Everywhere Business Benefit: The F5 Solution: High Performance SSL Acceleration A groundbreaking SSL solution which accelerates both SSL key exchange and bulk encryption, plus significantly increases concurrent SSL connections. AES Encryption – Highest level Encryption Standard Allows enterprises to deploy and scale SSL without compromise. Reduced management and lower TCO. (10 to 1 box reduction ratio) SSL everywhere is now a reality


Slide69: Solution Platform Summary


Centralized Management and Integration with the Applications: Applications Users International Data Center Centralized Management and Integration with the Applications Business Goal: Achieve these objectives in the most operationally efficient manner


TMOS Architecture : TMOS Architecture OneConnect Compression Client Side Server Side Content Spooling Server TCP Express Caching Microkernel TMOS Traffic Plugins High-performance Networking Microkernel Powerful Application Protocol Support iControl – External monitoring and control iRules – Network Programming Language High Performance HW iRules Client iControl API TCP Proxy SSL XML Rate Shaping ASM (added Security) Web Accel (Offload App) 3rd Party


Slide72: Users FirePass Router Router Internet ISP ISP ISP1 ISP2 WANJet WANJet BIG-IP Local Traffic Manager ISP TrafficShield Router Router Router Router WebAccelerator FirePass Global Traffic Manager FirePass DMZ DMZ Global Traffic Manager DMZ Enterprise Manager Primary Data Center Remote Users Branch Office Disaster Recovery Site Link Controller BIG-IP Local Traffic Manager WANJet Only F5 has the Complete Solution


BIG-IP Platform – Better ROI: BIG-IP Platform – Better ROI 8400 6800 6400 8800 *All Models Include 100 TPS SSL Acceleration Simplified Management: Lights Out Management Multi-Boot Support LCD for Simplified Management Hot-Swappable Parts Redundant Power / Fans Port Flexibility PCI Slots Independent Secure Management Access


FirePass Product Line: FirePass Product Line A product sized appropriately for every customer