Upload
kimw001
View
85
Download
1
Embed Size (px)
Citation preview
CONFIDENTIAL
Protocol NormalizationRedHat / F5 NFV
October 24, 2016
John D. AllenSr. Solution ArchitectF5 Networks
© F5 Networks, Inc 3CONFIDENTIAL
What is ‘Network Nastiness’??
• Examples:• SSL, Encryption, Compression…• Protocol Translation, Protocol Normalization…• Traffic Management, Overload Protection…• Caching: DNS Queries, Images, HTML Templates….
“Aspects of Data Traffic that have to be dealt with by Application or VAS nodes in order to function correctly, but required additional hardware/network resources, or code libraries in order to process those aspects, that really have nothing to do with said Application or VAS.”
© F5 Networks, Inc 4CONFIDENTIAL
Old-style ‘S/Gi’ Application Architecture
EPC VAS 1 VAS 2 VAS n Internet
• Value Added Services are chained together to intercept all the traffic heading out to the Internet.• Even though they aren’t going to do anything with all the traffic.• Video Optimization just needs video traffic.• Parental Controls just needs family traffic.• Etc.
© F5 Networks, Inc 5CONFIDENTIAL
‘S/Gi’ Traffic when using F5 to deal with Network Nastiness
EPC
VAS 1 VAS 2 VAS n
Internet
• F5 BIG-IP steers only the traffic needed by the VAS to it.
• Traffic doesn’t take unnecessary passes through nodes that don’t do anything with them.
• VAS nodes only need to be sized for just their traffic, not the entire S/Gi stream.
© F5 Networks, Inc 7CONFIDENTIAL
Protocol Normalization• Sometimes Vendor 1 doesn’t speak the same way that Vendor 2 does
• Even though they profess to be using the ‘Standard’
Protocol Variation 1 Protocol Variation 2
Not My Fault Not My Fault
Vendor 1 Vendor 2
HSS
SBC
MME
GGSN/PGW
OCS
HSS
SBC
MME
OCS
GGSN/PGW
Back to Use Cases
© F5 Networks, Inc 8CONFIDENTIAL
Protocol Normalization• Correcting network payloads for proper protocol standards adherence.
• SIP, DIAMETER, RADIUS, HTTP, DNS, SOAP/XML, REST, MQTT, AQMP, CoAP …• Ensuring data is within “normal” value ranges.
• One of your IoT sensors says its 3000 degrees….think that will skew the Analytics?• A Point of Control for your Solution
• Fix bad packets• Kick out invalid packets• Overload protection• DDoS protection• Maintain Uptime• Test Packet injection point
© F5 Networks, Inc 12CONFIDENTIAL
LBaaS Versions
LBaaSv1
• Stable Havana – Kilo, deprecated in Liberty
• Pool Based
• Basic Load Balancing: HTTP, HTTPS, TCP
• Not industry standard terminology/model
LBaaSv2
• Stable in Liberty
• Load Balancer Based
• TLS Termination
• Pool Sharing
• L7 Services
LBaaSv1 is focused on a pool based model, LBaaSv2 is centered around a load balancer object.
LISTENER 1
POOL
MEMBER 1 … MEMBER N
MONITOR
LISTENER N
LB
POOL
MEMBER 1 … MEMBER N
MONITOR
VIP
© F5 Networks, Inc 13CONFIDENTIAL
Heat Architecture
HORIZON DASHBOARD
HEAT ENGINE
NO
VA
CIN
DER
GLA
NCE
NEU
TRO
N
SWIF
T
TRO
VE
KEYS
TON
E
BIG
IP
PLUGIN
THIR
D-P
ARTY
PLUGIN
CONF
IGM
GMT
PUPP
ET, C
HEF,
ETC
Adapted from: https://github.com/zaneb/presentations/releases/download/heat-introduction-2013-10-24/heat-introduction.pdf
© F5 Networks, Inc 15CONFIDENTIAL
• F5 working with OpenShift as a code contributor.• F5 BIG-IP integrates with OpenShifthttps://blog.openshift.com/under-the-hood-f5-integration-commons-briefing-21/• F5 supports OpenShift VXLAN EndPoints.
© F5 Networks, Inc 16CONFIDENTIAL
https://www.redhat.com/en/resources/cloud-app-delivery-red-hat-and-f5-networkshttps://access.redhat.com/solutions/1145933
F5 BIG-IP LBaaS Plug-in Certified for use with RedHat OpenStack Platformhttps://access.redhat.com/ecosystem/software/1446683
© F5 Networks, Inc 17CONFIDENTIAL
https://devcentral.f5.com/articles/f5s-openstack-ecosystem-and-our-red-hat-partnership-19647
© F5 Networks, Inc 19CONFIDENTIAL
References
• https://wiki.openstack.org/wiki/Neutron/LBaaS
• https://wiki.openstack.org/wiki/Heat
• http://docs.openstack.org/developer/heat/
• https://github.com/F5Networks
• https://github.com/F5Networks/f5-openstack-heat-plugins
• https://github.com/F5Networks/f5-openstack-heat
• https://github.com/F5Networks/f5-openstack-lbaasv2-plugin
• https://github.com/F5Networks/f5-openstack-lbaasv1