F5 Networks in the Software Defined DataCenter Era Paolo Pambianco – System Engineer CSP

p.pambianco@f5.com

Data Center Transformation Business demands are driving changes in IT service delivery

© F5 Networks, Inc... 3

Driving Towards an Application Centric World IT/Ops Struggle to Deliver

Advanced threats

Mobility Internet of things

SDDC/Cloud

Lines of business

Quality of experience

Time to Market

Application Availability

© F5 Networks, Inc... 4

• Network-bound

• Network-based identity

• Fixed

• Traditional data center

• Over-Provisioning

• Managing boxes

• Hardware products

• Single tenant

• Vertical stack - Closed

• Days

• Human configuration

• Product manuals

New requirements for Application Delivery

YESTERDAY FUTURE

• Federation

• Contextual identity

• Mobile

• Modern / Hybrid data centers

• Just-in-time provisioning

• Managing service chains

• Software Defined platform

• Multi-tenant

• Eco-system - Open

• Minutes

• Automation

• Developer community / API’s

Deployment

Access

Infrastructure

Delivery

© F5 Networks, Inc... 5

Data volumes

double every

18 Months

Applications

double every

4 years

IT Budgets

double every

8 years

Putting Pressure on Networks to Scale

© F5 Networks, Inc... 6

Challenges in Scaling Modern Data Centers

Clients

Application

Data Plane

Architect

VEs Router Switch LB Firewall

Network Engineers and Admins

Time consuming Error prone process Difficult to debug

Manual and Scripted Configuration

SDN is the answer

! ?

© F5 Networks, Inc... 8

Definition of SDN:

“SDN is a family of architectures (not technologies) for operationalizing networks with improved time to market, reduced risks, and reduced operating expenses by centralizing control into a control plane that programmatically controls and extends all network data path elements and services via open APIs.”

© F5 Networks, Inc... 9

Applications Rely on Stateful Layer 4-7 Services

Router Switch

LAYER 2-4 STATELESS SERVICES

LAYER 4-7 STATEFUL SERVICES

Firewall Identity and Access

DDoS Protection

Global Load Balancing

Malware

Detection

ADC Application Security

Local Load Balancing

Application Performance

Secure Web

Gateway

VIRTUAL AND OVERLAY NETWORKING

© F5 Networks, Inc... 10

SDN Solution Space – F5 in L4-L7 Service Chaining

Control Plane

Data Plane

Architect

VXLAN NVGRE …

Interoperability

Interoperability

© F5 Networks, Inc... 11

Programmability is the KEY

© F5 Networks, Inc... 12

External Interfaces Internal Interfaces

F5 Programmability Story

iApp •Packaged

Solutions

•Business Logic

•Templating

iCall •Events & Timers

•Monitoring

•Statistics

iRule •Traffic Intelligence

•Protocol Implementation

iControl REST •GUI & CLI

•External Interaction

BIG-IQ (TMUI)

TMSH

DevOps

Orches-tration

Cloud

Listen

Deliver

© F5 Networks, Inc... 13

One-Step Delivery One-Stop Packaging

F5 Programmability Story

iApp Workspace •Aggregation point for all

components of a solution

•Universal mechanism, even for a single iRule

•3rd Party signing and encryption

•F5 Marketplace

iControl REST •GUI & CLI

•External Interaction

BIG-IQ (TMUI)

TMSH

DevOps

Orches-tration

Cloud

© F5 Networks, Inc... 14

iApp Auto Generates The Configuration Needed Per App

Integrating L4-L7 SDN services with Vmware NSX and Cisco ACI

© F5 Networks, Inc... 16

F5 SDAS and VMware NSX

NSX Fabric Mgmt.

Internet

• VMware’s NSX solution provides an overlay fabric

• Basic L4-7 Services

• Management/Orchestration system

• Customer provides applications and advanced services.

• F5 SDAS provides Stateful L4-7 Intelligence and Traffic

Mgmt.

Hypervisor Hypervisor

Hypervisor Hypervisor Hypervisor

BIG-IQ

iApps

F5 Software Defined Application Services (SDAS)

Intelligent L4-7 Services & Traffic Management

© F5 Networks, Inc... 17

F5 and Cisco ACI Integration Models

Virtual Edition Appliance Chassis

BIG-IQ

APIC to BIG-IQ Integration Model

BIG-IP

ACI Fabric

F5

Syn

the

sis

Fa

bric

© F5 Networks, Inc... 18

BIG-IQ Integration Workflow Connectors

© F5 Networks, Inc... 19

Service Insertion using iAPP templates

© F5 Networks, Inc... 20

Service Insertion with template provisioning under NSX Edge

© F5 Networks, Inc... 21

Deploy iApps thru BIG-IQ – Implementation

Thru BIG-IQ, create a new catalog

template base on the custom iApps.

iApps configurable parameters are

customizable in BIG-IQ, allow use to set

default value or Tenant edible

© F5 Networks, Inc... 22

F5 ACI Service Insertion – Implementation through APIC

Create Function Profile for

ADC 1-Arm mode

© F5 Networks, Inc... 23

Simple to complex deployments

© F5 Networks, Inc... 24

SDN validates F5 vision

It’s all about dynamic services

• SDN drives adoption of three main data center technologies: network virtualization and centralized control plane for L2/L3 and Application Layer SDN for L4-7

• Network and Application Layer SDN are complementary and solve different data center challenges

• F5 brings its industry leading innovation, maturity and expertise in application delivery in traditional data centers to Software Defined Data Centers with Application Layer SDN

Summary

© F5 Networks, Inc... 25