LTM Concepts - PowerPoint PPT Presentation

ltm concepts n.
Skip this Video
Loading SlideShow in 5 Seconds..
LTM Concepts PowerPoint Presentation
Download Presentation
LTM Concepts

play fullscreen
1 / 6
Download Presentation
LTM Concepts
Download Presentation

LTM Concepts

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. LTM Concepts Virtualizing servers into highly-available, fault-tolerant applications

  2. Concept Highlights • F5 LTM: full proxy architecture • Separate client/server facing tcp stacks • Client packet terminates at the LTM on one stack • LTM re-creates packet on the other stack • LTM default action is to drop packets arriving at the LTM which don’t match: • A vip address • A SNAT (secure network address translation) • F5 LTM: protocol optimization • TCP/UDP optimization via profiles • Can offer different optimization at the client side and server side tcp stacks • F5 LTM: application optimization • http(s) / FTP / SSL / LDAP / RADIUS / Kerberos / persistence via profiles • Customizable profiles for each application or vip

  3. Highlights (Continued) • F5 LTM: enhanced network and application security • Connection reaping: protects against various DoS attacks • Full proxy architecture: provides full protocol and transmission breaks between client side and server side traffic to thwart malformed packets • Ability to NAT • SSL offload to LTM using dedicated ASIC’s for hardware-based SSL encryption / decryption on either/both client/server side tcp stacks. • iRules: provide fully customizable strategies for security via event-based, packet manipulation • Manipulate header information or packet data • Filter packets based on source/content/protocol/ • Enforce protocol standards • Fix application-induced packet issues • Insert or delete cookies • And more • F5 LTM: local load balancing • Load balance across one or multiple pools per vip • Consolidate server connections via OneConnect to reduce server connection load • Enhance server productivity by offloading SSL intelligently caching data at the LTM, and/or protocol optimization • Servers get to focus solely on serving content • Other tasks offloaded to the LTM to be better handled by dedicated hardware • One application can span many vips • Each vip represents a socket • Each pool or node can have it’s own health monitor to ensure traffic only goes to healthy servers

  4. Example: How it Works

  5. Additional features • Customizable distributed application control via iControl • Let BU teams control their apps objects via secure custom web page • We don’t have to give them login access to the ltms • They don’t have to keep track of which ltm their apps are on • They don’t have to engage us via ticket for simple pool up/down operational maintenance, or for manual cut-over between data centers (with GTM). • They can only change what we authorize them via the page we build for them, and limit who can make the change via LDAP. • Let BU teams see usage statistics, and current pool/vip up/down status at a glance, without having to engage us directly. • Additional modules can be licensed for application firewall protection, user authentication enhancements, web application accelleration, and more

  6. Standard Physical Deployment • Deploy LTM platforms (virtual or hardware) in pairs for HA via redundancy. • “Trunk” sets of interfaces (think EtherChannel) for ease of maintenance (adding additional vlans) and increased bandwidth. • Ensure LTM’s are reachable by protocol via SSH and HTTPS, and physically by both management Ethernet and serial port via console server