1 / 41

F5 User’s Group September 13 th 2011

F5 User’s Group September 13 th 2011. Agenda TMOS version 11 New features and overview Demo vCMP Demo and discuss iApps User discussion – iRules Survey and suggestions for next meeting Bowling and/or game play. V11 - Revolution. Analytics – URL Load Times. Analytics – TPS per URL.

bena
Download Presentation

F5 User’s Group September 13 th 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. F5 User’s Group September 13th2011 Agenda TMOS version 11 New features and overview Demo vCMP Demo and discuss iApps User discussion – iRules Survey and suggestions for next meeting Bowling and/or game play

  2. V11 - Revolution

  3. Analytics – URL Load Times

  4. Analytics – TPS per URL

  5. Analytics – Request Throughput per URL

  6. Analytics – Response Throughput per URL

  7. Statistics and Reporting Per Virtual Server CPU Stats and Profile Stats * Improved Visibility for Each Virtual Service

  8. Statistics and ReportingPer Process CPU & Memory Stats – Dashboard Customization * Improved Diagnostics

  9. Open Application Logging Engine Client Real-time Transaction logs High Speed Logging Engine (HSL) • GUI - Request Logging Profile • Unmatched performance - Up to 200,000 HSL (TCP/UDP) messages per second with minimal impact to cpu usage • Support compliance requirements • W3C standard web log format support

  10. TMOS F5 ScaleN ArchitectureUltimate Scalability and Reliability The flexibility to scale up, virtualize, and scale out on-demand Scale Up Clustered Multiprocessing (CMP) & SuperVIP Virtualization (vCMP) Scale Out

  11. Typical Failover – Limited Control • Typical ADC runs Active-Standby • Can only fail entire ADC • Failover events disrupt all services

  12. ScaleN: Device Service ClustersDynamic Service Based Failover • Fail-over targeted application workloads • Avoid application service disruptions • Move applications needing extra power

  13. ScaleN: Device Service ClustersElastic Scale Driving Efficiency • Active-active-activeNScale • Blade fails on BIG-IP 1 • Add new blade to BIG-IP 3 • Blade replaced on BIG-IP 1 • Any type of BIG-IP device

  14. TMOS – TCP, HTTP, & iRule Enhancements Akamai TCP Options inspection & transformation with iRules Ability to create TCP/UDP out of band connections via iRules TCP Connection Queuing HTML Parsing iRules Separate caching & compression profiles from HTTP *Bigpipe is no longer supported in v11

  15. TCP Connection queuing • Operates at TCP level; HTTP not required • Currently only engages when conn limit hit • Specify queue length limit, time limit, or both • Queues operate per-tmm (no state sharing) • Length limit divided by tmm count • FIFO guarantees only per-tmm • Queued at the pool level for non-persistent connections • Queued at the pool member level for persistent connections • If conn limit is overridden by persistence, that conn is not queued • When a pool member becomes available, it checks the head of its queue, and of the pool’s queue, and services the flow that got there first.

  16. New Product and Platform Support October announcement 1600 3900/3600 8900/8950/8950S 6900 and 6900S 11000 and 11050 • New 6900S (Turbo SSL), 11000 (48 GB Memory, 4xSSD’s (4x 300GB), 16 Gbps HW Comp.), and 11000/11050F (FIPS) platforms (October announcement) • WOM standalone product and platforms (1600, 3600, 3900, 6900, 8900,11000) • Modules: Add-on Module support VE and 1600 (ASM, WA, APM, GTM, WOM) • Modules: Triplet support on 3600 and higher (Any combination excluding LC) • VE Production (LTM, APM, ASM, WOM,GTM) *WA coming next release • New VE Lab editions that include all products

  17. BIG-IP Advanced Acceleration Overview Adaptive Protection for Web 2.0 Applications

  18. Easily Secure JSON PayloadsBIG-IP Application Security Manager • Protect from JSON threats • Render unique blocking message for AJAX widgets • User informs admin with support ID for resolution Example: www.stockfacts.com Display a Blocking Message in AJAX Widget

  19. Secure all applications Automatically share policies between devices Quickly deploy BIG-IP ASM VE in private clouds F5 Innovative Protection for Web 2.0 Apps Data Center Internet Hacker Web 2.0 Apps BIG-IP Application Security Manager BIG-IP Application Security Manager Clients Private Cloud Apps

  20. Protection from Vulnerabilities Enhanced Integration: BIG-IP ASM and WhiteHat Sentinel Customer Website WhiteHat Sentinel • Findsa vulnerability • Virtual-patching with one-click on BIG-IP ASM • Vulnerability checking, detection and remediation • Complete website • protection BIG-IP Application Security Manager • Verify, assess, resolve and retest in one UI • Automatic or manual creation of policies • Discovery and remediation in minutes

  21. ASM and the Software Development Lifecycle • Policy Tuning • Pen tests • Performance Tests • Incorporate vulnerability assessment into the SDLC • Use business logic to address known vulnerabilities • Allow resources to create value • WAF “offload” features: • Cookies • Brute Force • DDOS • Web Scraping • SSL, Caching, Compression • Final PolicyTuning • Pen Tests

  22. BIG-IP Advanced Acceleration Overview Advanced Dynamic Services for Unified Access Control

  23. F5 Unified Access and ControlFlexible and Dynamic ADC Services – BIG-IP v11 BIG-IP System Virtual Editions Optimized Applications to BIG-IP Edge Client Internet Public/Private Cloud Data Center BIG-IP Global Traffic Manager IPsec: Optimized Site-to-Site Tunnels Headquarters and Remote Offices BIG-IP Edge Gateway Corporate WAN BIG-IP Edge Gateway +Access Policy Manager +WebAccelerator +WAN Optimization Manager BIG-IP LocalTraffic Manager +Access Policy Manager Mobile and Remote Users

  24. Authentication All in One and Fast SSO F5 BIG-IP Access Policy Manager Dramatically reduce infrastructure costs; increase productivity = BIG-IP v11

  25. New Detailed ReportingBIG-IP APM e.g. Who accessed app. or network and when? e.g How many XP users are still on my network? e.g. Where are users accessing from (geolocation)? Custom, Built-in and Saved reports Exported and used on other devices

  26. BIG-IP Advanced Acceleration Overview Scalable, Adaptive and Secure DNS infrastructure

  27. Scalable GSLB PerformanceStep 1: Multicore (CMP) BIG-IP GTM v11 • Enable users to access apps during spikes • Scale with GTM query performance utilizing hardware • CMP enabled utilizing full set of processing cores • Up to 6 million QPS on VIPRION • Each CPU Core ~ high performance DNS server = 130k+ qps • Integrates GTM in TMM for exponential performance Preliminary estimates: (may exceed) 6Mil QPS 2Mil QPS 3Mil QPS 125k QPS 1.5Mil QPS 600k QPS

  28. Exponential and Efficient DNS Performance Step 2: Implement DNS Express DNS Express • High-speed response and DDoS protection with in-memory DNS • Authoritative DNS serving out of RAM • Configuration size for tens of millions of records • Scalable DNS Performance • Consolidate DNS Servers DNS Server DNS Express in TMOS Manage DNS Records Answer DNS Query Answer DNS Query Answer DNS Query OS Admin Auth Roles Answer DNS Query Answer DNS Query NIC Dynamic DNS DHCP

  29. Same IP Address for multiple devices Geographically separate the DNS request load for all requests Scale DNS infrastructure up and out per BIG-IP Revenue and brand are protected Solution: Easily Handle All DNS Requests Step 3: BIG-IP GTM and IP Anycast Integration

  30. Combined NAT64 and DNS64 provide automatic translation Supports pure IPv6 clients accessing both IPv6/IPv4 sites Critical for mobile devices and any client optimized for pure IPv6 Eases evolution and bridges gap between IPv6/IPv4 DNS Eases the IPv6 EvolutionDNS 6  4 Forwarding/ Mapping Virtual Internet NAT64 BIG-IP Local Traffic Manager +Global Traffic Manager DNS64 v4 DNS www.server.com (A) v6 DNS www.server.com (AAAA) IPv4 and IPv6 Clients

  31. Usability EnhancementsRoute Domains, Monitors, & Default Certificates! BIG-IP Global Traffic Manager BIG-IP Local Traffic Manager +Global Traffic Manager Route Domain 0 Removed Basic/Advanced listener Optional manual selection of prober assignments iQuery status in in the GUI Default certificate is now 10 yrs! GTM Route Domain 1 Route Domain 2 GTM monitor support of Route Domains

  32. Global Customer Training for V11 • Free Customer Web-based Training What’s New in BIG-IP V11 • Additional v11 WBTs modules will be available later

  33. vCMP DemoVirtual Clustered Multi-Processing • vCMP = F5’s purpose built hypervisor • Currently available with version 11 on the VIPRION platforms • Today’s demo is on a VIPRION 2400

  34. V11: The iApp Revolution • Framework to unify, simplify and control Application Delivery Services • Application-centric • Contextual view and advanced analytics • Rapid and predictable deployment • Optimizing the network for specific applications takes weeks … and can be frustrating • F5’s unique application deployment guides helped … now just days • F5’s new iApp capability reduces process to hours and minutes and it’s portable like virtual machines

  35. BIG-IP V10 Managing Objects & Services BIG-IP V11 Managing Application Services

  36. BIG-IP V11 Managing Application Services F5 iAPPs:Managing application services … not network devices or objects.

  37. IT Network, Security, WAN, and Exchange Team Collaboration • Application specific questions

  38. The network from an “Application’s Point of View” • Use a single interface to: • Understand F5 application service dependencies • Rapidly perform operational tasks • Quick view of overall application and health status • View availability status and type for each service object • Rapidly enable and disable resource pool nodes or servers.

  39. iApp Ecosystem • More than 20 iApp templates come with v11 • F5’s Open iApp Ecosystem is part of DevCentral • Share iApps within organizations, between partners, and other vendors

  40. User Discussion: iRulesRandy Ferguson – F5 Consultant (Tempe, AZ) • Do you have an iRule you would like to discuss? • Examples: • Select a pool based on the HTTP host header • Sideband Connection – new in v11 • LDAP Proxy • Proxy Pass • Additional resources – DevCentral Tutorials

More Related