F5-v11新功能及配置手册.ppt

Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,F5 Networks,Inc.,#,Click to edit Master title style,Click to edit Master text styles,Second level,Third level,Fourth level,Fifth level,F5 Networks,Inc.,#,F5 Users Group September 13,th,2011,Agenda,TMOS version 11,New features and overview,Demo vCMP,Demo and discuss iApps,User discussion iRules,Survey and suggestions for next meeting,Bowling and/or game play,V11-Revolution,Analytics URL Load Times,Analytics TPS per URL,Analytics Request Throughput per URL,Analytics Response Throughput per URL,Statistics and Reporting,Per Virtual Server CPU,Stats,and Profile Stats,*Improved Visibility for Each Virtual Service,Statistics and Reporting,Per Process CPU&Memory Stats Dashboard Customization,*Improved Diagnostics,Real-time Transaction logs,C,lient,Open Application Logging Engine,High Speed,Logging Engine(HSL),GUI-Request Logging Profile,Unmatched performance-Up to,200,000,HSL(TCP/UDP)messages per second with minimal impact to cpu usage,Support compliance requirements,W3C standard web log format support,F5 Scale,N,Architecture,Ultimate Scalability and Reliability,Scale Up,Scale Out,Virtualization(vCMP),Clustered Multiprocessing(CMP)&SuperVIP,TMOS,The flexibility to scale up,virtualize,and scale out on-demand,Typical Failover Limited Control,Typical ADC runs Active-Standby,Can only fail entire ADC,Failover events disrupt all services,Scale,N,:Device Service ClustersDynamic Service Based Failover,Fail-over targeted application workload,s,Avoid application service disruptions,Move applications needing extra power,Active-active-active,N,Scale,Blade fails on BIG-IP 1,Add new blade to BIG-IP 3,Blade replaced on BIG-IP 1,Any type of BIG-IP device,Scale,N,:Device Service ClustersElastic Scale Driving Efficiency,Akamai,TMOS TCP,HTTP,&iRule Enhancements,Ability to,create TCP/UDP out of band connections via iRules,TCP Connection,Queuing,TCP,Options,inspection&transformation with,iRules,Separate caching&compression profiles from HTTP,HTML Parsing,iRules,*,Bigpipe,is no longer supported in v11,Operates,at TCP level;HTTP not,required,Currently only engages when conn limit hit,Specify queue length limit,time limit,or both,Queues operate per-tmm(no state sharing),Length limit divided by tmm count,FIFO guarantees only per-tmm,Queued at the pool level for non-persistent connections,Queued at the pool member level for persistent connections,If conn limit is overridden by persistence,that conn is not queued,When a pool member becomes available,it checks the head of its queue,and of the pools queue,and services the flow that got there first.,TCP Connection,queuing,New Product and Platform Support,New 6900S(Turbo SSL),11000(48 GB Memory,4xSSDs(4x 300GB),16 Gbps HW Comp.),and 11000/11050F(FIPS)platforms,(October announcement),WOM standalone product and platforms(1600,3600,3900,6900,8900,11000),Modules:Add-on Module support VE and 1600(ASM,WA,APM,GTM,WOM),Modules:Triplet support on 3600 and higher(Any combination excluding LC),VE Production(LTM,APM,ASM,WOM,GTM),*WA coming next release,New VE Lab editions that include all products,3900/3600,8900/8950/8950S,6900 and,6900S,1600,11000,and 11050,October announcement,BIG-IP Advanced Acceleration Overview,Adaptive,Protection for Web 2.0,Applications,Easily,S,ecure,JSON P,ayloads,BIG-IP Application Security Manager,Example:,Protect from,JSON threats,Render,unique blocking message for AJAX,widgets,User,informs admin with support ID for,resolution,Display a Blocking,Message in AJAX Widget,F5 Innovative Protection for Web 2.0 Apps,Secure,all applications,Automatically share policies between devices,Quickly deploy BIG-IP ASM VE,in private,clouds,Internet,Private Cloud Apps,Data Center,Web 2.0 Apps,Hacker,Clients,BIG-IP Application,Security Manager,BIG-IP Application,Security,Manager,Customer Website,Protection from Vulnerabilities,Enhanced Integration:BIG-IP ASM and WhiteHat Sentinel,WhiteHat Sentinel,Finds,a vulnerability,Virtual-patching with one-click on BIG-IP ASM,BIG-IP Application Security Manager,Verify,assess,resolve and retest in one UI,Automatic or manual creation of policies,Discovery,and remediation,in minutes,Vulnerability checking,detection and remediation,Complete website,protection,Policy Tuning,Pen tests,Performance Tests,Final Policy,Tuning,Pen Tests,Incorporate,v,ulnerability assessment into the SDLC,Use business logic to address known vulnerabilities,Allow resources to create value,ASM and the,Software Development Lifecycle,WAF“offload”features:,Cookies,Brute Force,DDOS,Web Scraping,SSL,Caching,Compression,BIG-IP Advanced Acceleration Overview,Advanced Dynamic Services for Unified Access,Control,F5 Unified Access and Control,Flexible and Dynamic ADC,Services BIG-IP v11,BIG-IP Edge Gateway,+Access Policy Manager,+WebAccelerator,+,WAN Optimization Manager,Headquarters and Remote Offices,Corporate,WAN,IPsec:,O,ptimized Site-to-Site Tunnels,Internet,BIG-IP System Virtual Editions,BIG-IP Edge Gateway,Data Center,BIG-IP Global,Traffic Manager,BIG-IP,LocalTraffic Manager,+Access Policy Manager,Mobile and Remote,Users,Public/Private,Cloud,Optimized Applications,to BIG-IP Edge Client,Authentication All in One and Fast SSO,F5 BIG-IP Access Policy Manager,Dramatically reduce infrastructure costs;increase productivity,=BIG-IP v11,New Detailed Reporting,BIG-IP APM,Custom,Built-in and Saved reports,Exported and used,on other devices,e.g How many XP users are still on my network?,e.g.Who accessed app.or network and when?,e.g.Where are users accessing from(geolocation)?,BIG-IP Advanced Acceleration Overview,Scalable,Adaptive,and,Secure,DNS,infrastructure,Scalable GSLB Performance,Step 1:Multicore(CMP)BIG-IP GTM v11,Enable users to access apps during spikes,Scale with GTM query performance utilizing hardware,CMP enabled utilizing full set of processing cores,Up to 6 million QPS on VIPRION,Each CPU Core high performance DNS server=130k+qps,Integrates GTM in TMM for exponential performance,125k QPS,600k QPS,1.5Mil QPS,3Mil QPS,6Mil QPS,2Mil QPS,Preliminary,estimates,:(may exceed),Exponential and Efficient DNS Performance,Step 2:Implement DNS Express,DNS Express,High-speed response and DDoS protection with in-memory DNS,Authoritative DNS serving out of RAM,Configuration size for tens of millions of records,Scalable DNS Performance,Consolidate DNS Servers,Manage,DNS,Records,NIC,OS,Admin,Auth,Roles,Dynamic,DNS,DHCP,Answer,DNS,Query,Answer,DNS,Query,Answer,DNS,Query,Answer,DNS,Query,Answer,DNS,Query,DNS Express in TMOS,DNS Server,Solution:Easily Handle All DNS Requests,Step 3:BIG-IP,GTM and IP Anycast Integration,Same IP Address for,multiple devices,Geographically separate the DNS request load for all requests,Scale DNS infrastructure up and out,per BIG-IP,Revenue,and brand are protected,Eases the IPv6 Evolution,DNS 6,4,Combined NAT64 and DNS64 provide automatic translation,Supports pure IPv6 clients accessing both IPv6/IPv4 sites,Critical,for mobile devices and any client optimized for pure IPv6,Eases evolution and bridges gap between IPv6/IPv4 DNS,Internet,IPv4 and IPv6 Clients,BIG-IP Local Traffic Manager,+Global Traffic Manager,NAT64,Forwarding/Mapping,Virtual,v4 DNS,(A),v6 DNS,(AAAA),DNS64,Removed Basic/Advanced,listener,Usability Enhancements,Route Domains,Monitors,&Default Certificates!,Optional manual selection of prober,assignments,iQuery status in,in the GUI,GTM,Route Domain 0,Route Domain 1,Route Domain 2,BIG-IP Local Traffic Manager,+Global Traffic Manager,BIG-IP Global Traffic Manager,GTM monitor support of Route,Domains,Default certificate is now 10 yrs,!,Free Customer Web-based Training,Whats New in BIG-IP V11,Additional v11 WBTs modules will be available later,Global Customer Training for V11,vCMP Demo,Virtual Clustered Multi-Processing,vCMP=F5s purpose built hypervisor,Currently available with version 11 on the VIPRION platforms,Todays demo is on a VIPRION 2400,V11:The iApp Revolution,Optimizing the network for specific applications takes weeks and can be frustrating,F5s unique application deployment guides helped now just days,F5s new iApp capability reduces process to,hours and minutes and its portable like virtual machines,Framework to unify,simplify and control Application Delivery Services,Application-centric,Contextual view and advanced analytics,Rapid and predictable deployment,BIG-IP V10 Managing Objects&Services,BIG-IP V11 Managing Application Services,BIG-IP V11 Managing Application Services,F5 iAPPs:,Managing application services not network devices or objects.,IT Network,Security,WAN,and Exchange Team Collaboration,Application,specific questions,Use a single,interface to:,Understand F5 application service dependencies,Rapidly perform,operational,tasks,Quick view of overall application and health,status,View availability status and type for each,service object,Rapidly enable,and disable,resource pool nodes or servers.,The network from an,“Applications Point,of,View,”,iApp Ecosystem,More than 20 iApp templates come with v11,F5s Open iApp Ecosystem is part of DevCentral,Share iApps within organizations,between partners,and other vendors,User Discussion:iRules,Randy Ferguson F5 Consultant(Tempe,AZ),Do you have an iRule you would like to discuss?,Examples:,Select a pool based on the HTTP host header,Sideband Connection new in v11,LDAP Proxy,Proxy Pass,Additional resources,DevCentral Tutorials,