16. 9. 2022
F5 News
Roman Tomášek
roman.tomasek@alef.com
1
1
Content
• Introducing F5 r-Series
• VELOS
• F5OS
2
2
16. 9. 2022
Introducing F5
rSeries
3
3
Why Our Customers Choose F5 Hardware
HARDWARE HAS ITS PLACE, EVEN IN A SOFTWARE AND CLOUD-FIRST WORLD
• Best protection and compliance for
regulated environments
• “It just works” simplicity
• Tamper resistant platform with
advanced security
First introduced in 2016
• Predictable performance and scalability
First introduced in 2007
4
4
16. 9. 2022
Innovations from F5 Platforms
BUILT FOR MODERN APPLICATIONS
• Container
Integration
• Modern
Automation
• Advanced
Security
Telemetry
Streaming
5
5
A Modern Platform
for a Digital World
6
6
16. 9. 2022
F5 rSeries: A Next-Gen, Fully Automatable Platform
 Bridges between traditional and modern
architectures
 Delivers agility, performance, and
investment protection for all apps
• More powerful FPGAs and CPU
utilization
rSeries r10000
Current
Rearchitected, modern platform design:
• API-first architecture; fully automatable
with F5OS API and Automation Toolchain
• Scale to 190 Gpbs total Layer 4-7
throughput
rSeries r5000
• Multi-tenancy and flexibility to support
multiple versions
Future
• BIG-IP modularized technology (future)
rSeries r4000
rSeries r2000
• Kubernetes-based F5OS platform
software
7
7
Next Generation Appliance: rSeries
rSeries
BIG-IP iSeries
• Programmable FPGA (TurboFlex)
Previous generation
• Traditional BIG-IP platforms
• Limited Programmable FPGA
• Rearchitected with new
delayered F5OS platform
software
• Runs current BIG-IP (future:
new BIG-IP modular)
• Improved optics and port
configurations
• Larger, modern FPGAs
• Around 2x scale over previous
generation
• Further improved optics
and port configurations
• Runs current gen of BIG-IP software
• Up to 2x performance
improvement vs. iSeries
rSeries platform– rSeries 5k/10k and rSeries 2k/4k
8
8
16. 9. 2022
rSeries Improvements Over iSeries
DESIGNED FOR A NEW APPLICATION LANDSCAPE
iSeries
rSeries Advantage
rSeries
Hardware
Larger FPGAs / 1RU Form Factor
2x enhanced performance
SSL
Modern SSL offload hardware
Up to 200k SSL TPS
Software
New microservices layer (F5OS)
Supports modern architecture
Automation
API-first design
Deployment: weeks to minutes
Licensing
Pay-as-you-Grow licensing
Higher performance as needed
Architecture
Runs current & next-gen BIG-IP
Easy migration path
9
9
F5 rSeries Platform
10
10
16. 9. 2022
r2000 / r4000 - Front Panel Ports - 25G, 10G, 1G
r4000 – (r4600 / r4800)
4 x 10G/1G
Copper
4x 10G RJ45 – 10G/1G
4x SFP28/SFP+/SFP – 25G/10G/1G
4 x 25G/10G/1G
SFP+/SFP28/SFP
r2000 – (r2600 / r2800)
4x 10G RJ45 – 10G/1G
4x SFP28/SFP+/SFP – 25G/10G/1G
4 x 25G/10G/1G
SFP28/SFP+/SFP
4 x 10G/1G
Copper
11
11
r2000 Series (r2800) Platform Specs
Runs F5OS-A R2R4 Image
Tenant Software
Tenant 1







Total CPU Cores - 8
Total vCPU’s – No Hyperthreading
CPU Speed – 2.2Ghz
vCPU’s Available for Tenants – 8 CPU
Total Memory – 32GB RAM
Disk Type/Capacity – 480GB SSD
Max Tenants - 1
Platform Software
Ships with support for TMOS 15.1.6 Tenants only
No CPU’s reserved for F5OS platform layer
12
12
16. 9. 2022
r2000 Series (r2600) Platform Specs
Runs F5OS-A R2R4 Image








Tenant 1
Tenant Software
Platform Software
Total CPU Cores - 8
Total vCPU’s – No Hyperthreading
CPU Speed – 2.2Ghz
Disabled CPU’s (Licensing) - 4
vCPU’s Available for Tenants – 4 CPU
Total Memory – 32GB RAM
Disk Type/Capacity – 480GB SSD
Max Tenants - 1
Ships with support for TMOS 15.1.6 Tenants only
No CPU’s reserved for F5OS platform layer
13
13
r2000 Series - Front View
1000BaseT
MGMT Port
USB3.0 Port
Serial
Console Port
10Gb/1Gb
Copper Ports
25Gb/10Gb/1Gb
SFP28/SFP+/SFP Fiber
Ports
1.0
3.0
5.0
7.0
2.0
4.0
6.0
8.0
Serial
Hardwire Port
(unsupported)
LCD Panel
Status LEDs
STATUS
ALARM
POWER1
POWER2
14
14
16. 9. 2022
r4000 Series (r4800) Platform Specs
Runs F5OS-A R2R4 Image







Total CPU Cores - 16
Total vCPU’s – No Hyperthreading
CPU Speed – 2.2Ghz
vCPU’s Available for Tenants – 16 CPU
Total Memory – 64GB RAM
Disk Type/Capacity – 480GB SSD
Max Tenants - 4
Ships with support for TMOS 15.1.6 Tenants only
No CPU’s reserved for F5OS platform layer
15
15
r4000 Series (r4600) Platform Specs
Runs F5OS-A R2R4 Image








Total CPU Cores - 16
Total vCPU’s – No Hyperthreading
CPU Speed – 2.2Ghz
Disabled CPU’s (Licensing) - 8
vCPU’s Available for Tenants – 8 CPU
Total Memory – 64GB RAM
Disk Type/Capacity – 480GB SSD
Max Tenants - 2
Ships with support for TMOS 15.1.6 Tenants only
No CPU’s reserved for F5OS platform layer
16
16
16. 9. 2022
r4000 Series - Front View
1000BaseT
MGMT Port
USB3.0 Port
10Gb/1Gb
Copper Ports
Serial
Console Port
25Gb/10Gb/1Gb
SFP28/SFP+/SFP
Fiber Ports
1.0
3.0
5.0
7.0
2.0
4.0
6.0
8.0
Serial
Hardwire Port
(unsupported)
LCD Panel
Status LEDs
STATUS
ALARM
POWER1
POWER2
17
17
r5000 Series (r5900) Platform Specs
Runs F5OS-A R5R10 Image








Total CPU Cores / vCPU’s – 16 / 32
CPU Speed – 2.4 Ghz
vCPU’s for F5OS - 6
vCPU’s Available for Tenants - 26
Total Memory – 128GB RAM
Disk Type/Capacity – 1TB – M.2 SSD
1 Power Supply Included / 2nd Optional
Max Tenants - 26
Ships with support for TMOS 15.1.5 Tenants only
6 x vCPU’s reserved for F5OS platform layer
18
18
16. 9. 2022
r5000 Series (r5800) Platform Specs
Runs F5OS-A R5R10 Image









Total CPU Cores / vCPU’s – 16 / 32
CPU Speed – 2.4 Ghz
Disabled vCPU’s (Licensing) – 8
vCPU’s for F5OS - 6
vCPU’s Available for Tenants - 18
Total Memory – 128GB RAM
Disk Type/Capacity – 1TB – M.2 SSD
1 Power Supply Included / 2nd Optional
Max Tenants - 18
Ships with support for TMOS 15.1.5 Tenants only
6 x vCPU’s reserved for F5OS platform layer
19
19
r5000 Series (r5600) Platform Specs
Runs F5OS-A R5R10 Image









Total CPU Cores / vCPU’s – 16 / 32
CPU Speed – 2.4 Ghz
Disabled vCPU’s (Licensing) – 14
vCPU’s for F5OS - 6
vCPU’s Available for Tenants - 12
Total Memory – 128GB RAM
Disk Type/Capacity – 1TB – M.2 SSD
1 Power Supply Included / 2nd Optional
Max Tenants - 8
Ships with support for TMOS 15.1.5 Tenants only
6 x vCPU’s reserved for F5OS platform layer
20
20
16. 9. 2022
r5000 Series - Front View
1000BaseT
MGMT Port
100Gb/40Gb
QSFP28/QSFP+
Ports
Serial
Console Port
1.0
USB3.0 Port
Serial
Hardwire Port
(unsupported)
LED KEY
2.0
25Gb/10Gb
SFP28/SFP+
Ports
3.0 5.0
7.0 9.0
4.0
8.0 10.0
6.0
Status LEDs
100G
LCD Panel
STATUS
40G
ALARM
10/25G
POWER1
POWER2
21
21
r10000 Series (r10900) Platform Specs
Runs F5OS-A R5R10 Image
Total CPU Cores / vCPU’s – 24 / 48
CPU Speed – 2.4Ghz
vCPU’s for F5OS - 12
vCPU’s Available for Tenants - 36
Total Memory – 256GB RAM
Disk Type/Capacity – 2 x 1TB U.2 SSD
 RAID1 Mirrored
 2 Power Supplies Included
 Max Tenants – 36






Ships with support for TMOS 15.1.5 Tenants only
12 x vCPU’s reserved for F5OS platform layer
22
22
16. 9. 2022
r10000 Series (r10800) Platform Specs
Runs F5OS-A R5R10 Image
Total CPU Cores / vCPU’s – 24 / 48
CPU Speed – 2.4Ghz
Disabled vCPU’s (Licensing) – 8
vCPU’s for F5OS - 12
vCPU’s Available for Tenants - 28
Total Memory – 256GB RAM
Disk Type/Capacity – 2 x 1TB U.2 SSD
 RAID1 Mirrored
 2 Power Supplies Included
 Max Tenants – 28







Ships with support for TMOS 15.1.5 Tenants only
12 x vCPU’s reserved for F5OS platform layer
23
23
r10000 Series (r10600) Platform Specs
Runs F5OS-A R5R10 Image
Total CPU Cores / vCPU’s – 24 / 48
CPU Speed – 2.4Ghz
Disabled vCPU’s (Licensing) – 12
vCPU’s for F5OS - 12
vCPU’s Available for Tenants - 24
Total Memory – 256GB RAM
Disk Type/Capacity – 2 x 1TB U.2 SSD
 RAID1 Mirrored
 2 Power Supplies Included
 Max Tenants – 24







Ships with support for TMOS 15.1.5 Tenants only
12 x vCPU’s reserved for F5OS platform layer
24
24
16. 9. 2022
r10000 Series - Front View
1000BaseT
MGMT Port
Serial
Console Port
1.0
USB3.0 Port
2.0
Serial
Hardwire Port
(unsupported)
LED KEY
100Gb/40Gb
QSFP28/QSFP+
Ports
3.0 5.0
7.0 9.0
4.0
8.0 10.0
6.0
100G
LCD Panel
40G
10/25G
13.0 15.0 17.0 19.0
11.0
12.0
25Gb/10Gb
SFP28/SFP+
Ports
14.0 16.0 18.0 20.0
Status LEDs
STATUS
ALARM
POWER1
POWER2
25
25
r10000 Series Back View – Fan Tray Removed
Dual SSD’s are accessible once Fan Tray is removed. SSD’s are hot swappable.
26
26
16. 9. 2022
rSeries PAYG
(Pay-as-youGrow) Strategy
27
27
rSeries - 3 x Tier Pay-as-you-Grow Structure
Mid-range Appliances
r5600
r5800
r5900
High-end Appliances
R10600
R10800
R10900
Feb / March
Feb / March
Available Now
Feb / March
Feb / March
Available Now
(Low PAYG)
(Mid PAYG)
(High PAYG)
(Low PAYG)
(Mid PAYG)
(High PAYG)
BIG-IP
i5600
Series
BIG-IP
i5800
Series
BIG-IP
i7600/i7800
Series
BIG-IP
i10600
Series
BIG-IP
i10800
Series
BIG-IP
i11600
Series
To achieve PAYG performance goals some CPU’s will be disabled on x600 & x800 models
28
28
16. 9. 2022
rSeries - 2 x Tier Pay-as-you-Grow Structure
Lower Range
r2800
r2600
May / June
r4800
r4600
May / June
May / June
(Low PAYG)
(High PAYG)
BIG-IP
i2600
Series
BIG-IP
i2800
Series
May / June
(High PAYG)
(Low PAYG)
BIG-IP
i4600
Series
BIG-IP
i4800
Series
To achieve PAYG performance goals some CPU’s will be disabled on x600 models, and CPU throttling may be implemented
29
29
rSeries – r10900 - PAYG
*Actual core numbers are different
vCPU
1
vCPU
3
vCPU
5
vCPU
7
vCPU
9
vCPU
11
vCPU
13
vCPU
15
vCPU
17
vCPU
19
vCPU
21
vCPU
23
vCPU
25
vCPU
27
vCPU
29
vCPU
31
vCPU
33
vCPU
35
vCPU
2
vCPU
4
vCPU
6
vCPU
8
vCPU
10
vCPU
12
vCPU
14
vCPU
16
vCPU
18
vCPU
20
vCPU
22
vCPU
24
vCPU
26
vCPU
28
vCPU
30
vCPU
32
vCPU
34
vCPU
36
vCPU
37
vCPU
39
vCPU
41
vCPU
43
vCPU
45
vCPU
47
vCPU
38
vCPU
40
vCPU
42
vCPU
44
vCPU
46
vCPU
48
r10900
30
30
16. 9. 2022
rSeries – r10800 - PAYG
*Actual core numbers are different
vCPU
1
vCPU
3
vCPU
5
vCPU
7
vCPU
9
vCPU
11
vCPU
13
vCPU
15
vCPU
17
vCPU
19
vCPU
21
vCPU
23
vCPU
25
vCPU
27
vCPU
29
vCPU
31
vCPU
33
vCPU
35
vCPU
2
vCPU
4
vCPU
6
vCPU
8
vCPU
10
vCPU
12
vCPU
14
vCPU
16
vCPU
18
vCPU
20
vCPU
22
vCPU
24
vCPU
26
vCPU
28
vCPU
30
vCPU
32
vCPU
34
vCPU
36
vCPU
37
vCPU
39
vCPU
41
vCPU
43
vCPU
45
vCPU
47
vCPU
38
vCPU
40
vCPU
42
vCPU
44
vCPU
46
vCPU
48
r10800
31
31
rSeries – r10600 - PAYG
*Actual core numbers are different
vCPU
1
vCPU
3
vCPU
5
vCPU
7
vCPU
9
vCPU
11
vCPU
13
vCPU
15
vCPU
17
vCPU
19
vCPU
21
vCPU
23
vCPU
25
vCPU
27
vCPU
29
vCPU
31
vCPU
33
vCPU
35
vCPU
2
vCPU
4
vCPU
6
vCPU
8
vCPU
10
vCPU
12
vCPU
14
vCPU
16
vCPU
18
vCPU
20
vCPU
22
vCPU
24
vCPU
26
vCPU
28
vCPU
30
vCPU
32
vCPU
34
vCPU
36
vCPU
37
vCPU
39
vCPU
41
vCPU
43
vCPU
45
vCPU
47
vCPU
38
vCPU
40
vCPU
42
vCPU
44
vCPU
46
vCPU
48
r10600
32
32
16. 9. 2022
rSeries – r5900 - PAYG
*Actual core numbers are different
vCPU
1
vCPU
3
vCPU
5
vCPU
7
vCPU
9
vCPU
11
vCPU
13
vCPU
15
vCPU
17
vCPU
19
vCPU
21
vCPU
23
vCPU
25
vCPU
27
vCPU
29
vCPU
31
vCPU
2
vCPU
4
vCPU
6
vCPU
8
vCPU
10
vCPU
12
vCPU
14
vCPU
16
vCPU
18
vCPU
20
vCPU
22
vCPU
24
vCPU
26
vCPU
28
vCPU
30
vCPU
32
r5900
33
33
rSeries – r5800 - PAYG
*Actual core numbers are different
vCPU
1
vCPU
3
vCPU
5
vCPU
7
vCPU
9
vCPU
11
vCPU
13
vCPU
15
vCPU
17
vCPU
19
vCPU
21
vCPU
23
vCPU
25
vCPU
27
vCPU
29
vCPU
31
vCPU
2
vCPU
4
vCPU
6
vCPU
8
vCPU
10
vCPU
12
vCPU
14
vCPU
16
vCPU
18
vCPU
20
vCPU
22
vCPU
24
vCPU
26
vCPU
28
vCPU
30
vCPU
32
r5800
34
34
16. 9. 2022
rSeries – r5600 - PAYG
*Actual core numbers are different
vCPU
1
vCPU
3
vCPU
5
vCPU
7
vCPU
9
vCPU
11
vCPU
13
vCPU
15
vCPU
17
vCPU
19
vCPU
21
vCPU
23
vCPU
25
vCPU
27
vCPU
29
vCPU
31
vCPU
2
vCPU
4
vCPU
6
vCPU
8
vCPU
10
vCPU
12
vCPU
14
vCPU
16
vCPU
18
vCPU
20
vCPU
22
vCPU
24
vCPU
26
vCPU
28
vCPU
30
vCPU
32
r5600
Max Tenants = 8
35
35
rSeries – r4800 - PAYG
No Hyperthreading
r4800
CPUs
Maximum Tenants 4
No Dedicated Cores for F5OS Platform Layer
36
36
16. 9. 2022
rSeries – r4600 - PAYG
r4600
No Hyperthreading
CPUs
Maximum Tenants = 2
No Dedicated Cores for F5OS Platform Layer
37
37
rSeries – r2800 - PAYG
No Hyperthreading
1 Tenant
r2800
CPUs
No Dedicated Cores for F5OS Platform Layer
38
38
16. 9. 2022
rSeries – r2600 - PAYG
No Hyperthreading
r2600
1 Tenant with 4 CPUs
No Dedicated Cores for F5OS Platform Layer
39
39
rSeries Licensing
40
40
16. 9. 2022
rSeries Licensing
• Licensing in rSeries follows the same model as iSeries
• The entire appliance is licensed, and tenants will inherit licenses from the appliance
• Multitenancy is supported on all rSeries models (except for r2000 which supports max of 1 tenant
• iSeries Only supported multitenancy (vCMP) on the x800 models, and only on specific models
• This provides value to customers as they grow, they don’t need to purchase additional licenses
• ASM is being replaced with AWAF for standalone and bundled SKU’s (BEST)
• AAM is not supported on rSeries as it is EoS, it wasn’t supported on iSeries, bur some Bourne
customers may be utilizing it
41
41
rSeries Networking
42
42
16. 9. 2022
rSeries - Out of Band Management
F5OS can only be managed via out-of-band-network
Out-of-band Management
rSeries
Tenant-1
Tenant-3
Tenant-2
Tenant-4
Tenants inherit VLANs
VLANs
F5OS
LAG
VLANs, Interfaces, LAG’s configured @ F5OS layer
Interface
43
43
Port Groups and Unbundling Restrictions r10000
Both adjacent ports (1.0 & 2.0) or (11.0 & 12.0) must be
40Gb or 100Gb no mix and match
SFP28 ports support any combination of 10G or 25G optics
(SFP28 backward compatible to SFP+)
QSFP28/QSFP+ ports don’t support breakout cables
(no unbundling) to 4 x 25Gb or 4 x 10Gb
44
44
16. 9. 2022
Port Groups and Unbundling Restrictions r5000
Both adjacent ports (1.0 & 2.0) must be
40Gb or 100Gb no mix and match
SFP28 ports support any combination of 10G or 25G optics
(SFP28 backward compatible to SFP+)
QSFP28/QSFP+ ports don’t support breakout cables
(no unbundling) to 4 x 25Gb or 4 x 10Gb
45
45
Key Benefits
and Use Cases
46
46
16. 9. 2022
Key Benefits and Use Cases for Adaptive Apps Platforms
MOVING TO A HIGHLY AUTOMATABLE ARCHITECTURE WITH A LOWER TCO
Enhanced Automation
Leads to Rapid
Deployment
Future-Proof your Investment &
Lower TCO with a Modern
Platform Design
Reduce deployment time
from weeks to minutes
Consolidate infrastructure
and app services with fewer
appliances, reducing TCO
API-first, fully automatable
architecture
Up to 2x performance and
scalability as compared to iSeries
Existing and modern
BIG-IP on same next-gen. platform
design
F5 Automation Toolchain makes it
easy to deploy and configure F5
application services
Highest Platform
Reliability and Security
Hardware detection of more than
100 types of attack vectors
Industry-leading SSL/TLS
processing manages increasing
encrypted application traffic
Enhanced protection keeps mission
critical apps up and running
47
47
Rearchitected with Modern Hardware
ENHANCED PERFORMANCE IN rSERIES
 F5 rSeries delivers up to 2x scale and
performance improvement over the
previous generation iSeries platforms
 Larger, modern FPGAs for hardware
acceleration
 More efficient CPU resource
utilization
 Higher performance to meet
demands
 Greater scalability for peak volumes
 1 RU form factor provides a high-density
solution, with added support to 100G and
25G interfaces
New FPGA’s,
Latest Intel
CPU/Crypto
48
48
16. 9. 2022
F5 rSeries Platform Performance
(Compared to i7800)*
(Compared to i11600)*
(1.2-2X)
(2X)
(2.6X)
(2X)
(1.3X)
(2X)
(1.2X)1
(2X)
*Model comparisons provided for similar price points
49
49
Flexible Ports, Maximum Flexibility
ENHANCED PORT CONFIGURATION
r10000 Series
Maximum flexibility
with port
configurations
Ability to access lower
speed interface
Increased redundancy
2 x 100G/40G
QSFP28/QSFP+
8 x 25G/10G
SFP+/SFP28
2 x 100G/40G
QSFP28/QSFP+
8 x 25G/10G
SFP+/SFP28
4x QSFP28/QSFP+
16 SFP28/SFP+
r5000 Series
Shortened time to
deploy new
applications
2 x 100G/40G
QSFP28/QSFP+
8 x 25G/10G
SFP+/SFP28
2x QSFP28/QSFP+
8 SFP28/SFP+
50
50
16. 9. 2022
Tiered Licensing: Pay-as-you-Grow
TIERED SOFTWARE LICENSE KEYS
High-End Appliances
Mid-Range Appliances
Avail. Late Q1CY22
r5600
r5800
(Low PAYG) (Mid PAYG)
BIG-IP
i5600
Series
BIG-IP
i5800
Series
Avail. Now
Avail. Late Q1CY22
Avail. Now
r5900
r10600
r10800
r10900
(High PAYG)
(Low PAYG)
(Mid PAYG)
(High PAYG)
BIG-IP
i7600/i7800
Series
BIG-IP
i10600
Series
BIG-IP
i10800
Series
BIG-IP
i11600
Series
To achieve PAYG performance goals some CPU’s will be disabled on x600 & x800 models, and CPU throttling may be implemented
51
51
Upgrade and Consolidate Legacy Products
Lower TCO
BIG-IP Refresh Example
BIG-IP i5600
• F5 ADC with Local Traffic
Manager (LTM) module
• 1.1M L7 RPS each
• $50K each x 8 = $400K
• Annual support: $68K total
F5 r5900
• F5 ADC with LTM module
and future proof w/next-gen.
• 4.3M L7 RPS each
• $98K each x 2 = $196K
• Annual support: $33.3K total
Consolidation Benefits
Number
consolidated
Up to 6
OpEx Savings
(4 years)
$139K
52
52
16. 9. 2022
Key Customer Benefits of Adaptive Apps Platforms
MOVING TO A HIGHLY AUTOMATABLE ARCHITECTURE WITH A LOWER TCO
Enhanced Automation
Leads to Rapid
Deployment
Future-Proof your Investment &
Lower TCO with a Modern
Platform Design
Reduce deployment time
from weeks to minutes
Consolidate infrastructure and
app services with fewer
appliances, reducing TCO
Hardware detection of more than
100 types of attack vectors
API-first, fully automatable
architecture
Up to 2x performance and
scalability as compared to iSeries
Existing and modern
BIG-IP on same next-gen. platform
design
Highest Platform
Reliability and Security
F5 Automation Toolchain makes it
easy to deploy and configure F5
application services
Industry-leading SSL/TLS
processing manages increasing
encrypted application traffic
Enhanced protection keeps mission
critical apps up and running
53
53
Rearchitected with Delayered Platform Software
MODERN SOFTWARE ARCHITECTURE IN rSERIES
• Multitenant by default architecture
• API-first design: full automation at the
new F5OS platform layer
• Leverages microservices architecture to
break beyond constraints of TMOS
o
o
Kubernetes manages workloads but is
abstracted from the admin
No microservices knowledge required to
manage
Existing and Next-Gen BIG-IP on Same Appliance
Existing BIG-IP application
services software
Next-Gen BIG-IP application
services software
New Platform Layer (Kubernetes-based)
New Hardware
Offload Services / FPGA
• Lays the foundation for next-gen BIG-IP
modular technology in H2 2022
54
54
16. 9. 2022
Automated App Services
AUTOMATE AND ACCELERATE MANUAL
PROCESSES
Automation Toolchain
NetOps / SecOps
Many imperative
commands
Single
declarative
statement
Orchestration
Tools
BENEFITS
F5 Automation
Toolchain
Reduce deployment times from weeks
to minutes
F5 rSeries
Appliance
Instance Onboarding & App
Services Configuration
Reduce need for BIG-IP domain
knowledge
TOOLCHAIN FEATURES
Declarative Onboarding (DO) – Automate L1-L3
device onboarding
Prevent deployment/configuration errors
Application Services 3 Extensions (AS3) –
Automate L4-L7 app services configuration
Easily integrate with mainstream A&O
tools like Ansible, Terraform, etc.
Telemetry Streaming (TS) – Stream telemetry to
leading analytics solutions
F5 Application Services Templates (FAST) –
Next-gen, declarative config templating
AS3 Configuration Converter (AS3)
55
55
Automate
Everything
IMPROVING PROGRAMMABILITY &
AUTOMATABILITY
62%
… of organizations stated the
need to automate
network operations to
keep pace with
accelerating app deployments
56 | ©2021 F5, INC.
56
CUSTOMER STORY
LARGE EUROPEAN BANK
• “By leveraging F5’s automation capabilities across thousands
of our applications, we can more rapidly and reliably provide
high-quality financial services to our customers. Secured
application service deployments that previously required up to
6 weeks can now take as little as 5 minutes.” IT LEADER, LARGE
EUROPEAN BANK
•
Created a self-service catalog
•
Deployed new application
services within minutes when
it previously took 6 weeks
•
Automated infrastructure,
deployed 3000+ new
application services within 1
year; no manual interaction
56
16. 9. 2022
Key Customer Benefits of Adaptive Apps Platforms
MOVING TO A HIGHLY AUTOMATABLE ARCHITECTURE WITH A LOWER TCO
Future-Proof your Investment &
Lower TCO with a Modern
Platform Design
Consolidate infrastructure and
app services with fewer
appliances, reducing TCO
Up to 2x performance and
scalability as compared to iSeries
Existing and modern
BIG-IP on same next-gen. platform
design
Enhanced Automation
Leads to Rapid
Deployment
Reduce deployment time
from weeks to minutes
API-first, fully automatable
architecture
F5 Automation Toolchain makes it
easy to deploy and configure F5
application services
Highest Platform
Reliability and Security
Hardware detection of more than
100 types of attack vectors
Industry-leading SSL/TLS
processing manages increasing
encrypted application traffic
Enhanced protection keeps mission
critical apps up and running
57
57
Advanced Application Protection
BUILT-IN SECURITY FOR YOUR APPLICATION ENVIRONMENT
Hardware detection and mitigation of more than 100 types of
attack vectors, denial-of-service (DoS) and DDoS attacks, SYN flood
and more
Industry-leading SSL crypto capabilities of up to 200k SSL TPS with
enhanced offload of elliptical curve cryptography (ECC) processing
High availability keeps critical apps up and running; enhanced performance
handles traffic spikes, blocking attackers from bypassing security protocols
58
58
16. 9. 2022
rSeries SSL Improvements
DESIGNED FOR A MODERN SECURITY ENVIRONMENT
iSeries i7800
Enhanced offload of
elliptical curve
cryptography (ECC)
processing
Industry-leading SSL traffic
processing for peak
utilization
ECC 25k TPS
iSeries i11600
rSeries r5900
Improvement
ECC 70k TPS
250% increase / 3.5X*
rSeries r10900
Improvement
ECC 30k TPS
ECC 140k TPS
iSeries i7800
rSeries r5900
192% increase / 2.9X*
Improvement
100k SSL RSA 2k TPS
150% increase*
iSeries i11600
rSeries r10900
Improvement
37k SSL RSA-2k TPS
200k SSL RSA 2k TPS
441% increase*
40k SSL RSA-2k TPS
*Model comparisons provided for similar price points
59
59
Modern SSL
Performance
IMPROVING PROCESSING
POWER & SCALABILITY
86%
… of web page loads are now
encrypted with SSL
CUSTOMER STORY
LARGE EUROPEAN GOVERNMENT BANK
• Ongoing constraints related to encrypted traffic processing
during peak utilization
• Needed a scalable security architecture to mitigate cyber
security risks and accommodate growth
• With F5’s industry-leading SSL power, the bank experienced
the following benefits:
• Consolidated application delivery capabilities into one
integrated platform
• Increased scalable SSL performance
• Gained WAF capabilities to protect banks assets and data
• Just in time scalable hardware platform
60 | ©2021 F5, INC.
60
60
16. 9. 2022
rSerie Performance
and Sizing
61
61
rSeries r5600 / r5800 / r5900 – Performance
R5600
r5800
r5900
L4 Throughput
Performance Metric
95 Gbps
95 Gbps
95 Gbps
L7 Throughput
60 Gbps
35 Gbps
(QAT compress + verify)
35 Gbps
85 Gbps
40 Gbps
(QAT compress + verify)
45 Gbps
95 Gbps
50 Gbps
(QAT compress + verify)
50 Gbps
ECDHE P-256-ECDSA TPS
60k TPS
30k TPS
80k TPS
50k TPS
100k TPS
70k TPS
ECDHE P-256-RSA-2k TPS
30k TPS
50k TPS
55k TPS
L4 FastL4 CPS
1M CPS
1.4M CPS
1.8M CPS
L4 FastL4 Gbps
95 Gbps
2.5M RPS
95 Gbps
3.3M RPS
95 Gbps
4.3M RPS
95 Gbps
350k CPS
60 Gbps
95 Gbps
490k CPS
85 Gbps
95 Gbps
650k CPS
95 Gbps
Compression
SSL Bulk Throughput
SSL RSA-2k TPS
L7 FastHTTP (inf-inf) RPS
L7 FastHTTP Gbps
L7 (1 – 1) CPS
L7 (1 - 1) Gbps
62
62
16. 9. 2022
rSeries r10600 / 10800 / r10900 – Performance
r10600
r10800
L4 Throughput
Performance Metric
190 Gbps
190 Gbps
190 Gbps
L7 Throughput
125 Gbps
80 Gbps
(QAT compress + verify)
75 Gbps
115k TPS
145 Gbps
80 Gbps
(QAT compress + verify)
80 Gbps
150k TPS
190 Gbps
90 Gbps
(QAT compress + verify)
95 Gbps
200k TPS
ECDHE P-256-ECDSA TPS
90k TPS
110k TPS
140k TPS
ECDHE P-256-RSA-2k TPS
Compression
SSL Bulk Throughput
SSL RSA-2k TPS
r10900
90k TPS
110k TPS
110k TPS
L4 FastL4 CPS
2M CPS
2.1M CPS
2.5M CPS
L4 FastL4 Gbps
190 Gbps
4.5M RPS
190 Gbps
5.5M RPS
190 Gbps
6.6M RPS
170 Gbps
680k CPS
125 Gbps
175 Gbps
800k CPS
145 Gbps
190 Gbps
1M CPS
190 Gbps
L7 FastHTTP (inf-inf) RPS
L7 FastHTTP Gbps
L7 (1 – 1) CPS
L7 (1 - 1) Gbps
63
63
VELOS
64
64
16. 9. 2022
Where We’ve Been
F5 VIPRION
• Unparalleled performance and scalability
for 10+ years
• Single, most powerful ADC chassis-based
solution that can add or remove capacity
without disrupting users or apps
• Unique chassis-based virtualization with
flexibility to scale linearly on demand with
high-density multi-tenancy (vCMP)
• More than $100M in revenue contribution
per year for a decade
65
65
Application Landscape is Changing
Trends of Application Economy
Increased adoption of
Multi-Cloud strategy
Acceleration of
Automation and
Orchestration
Multifunctional
collaboration in IT
Elevated security
threats and IT
complexity
So App Services Must Adapt
Cater to the needs of
both modern and
monolithic apps
Interoperate with 3rd
party tools, services and
ecosystems
Scale for explosive
growth from app demand
Move at the speed of
DevOps
BUT NO CHASSIS PLATFORM CAN MEET ALL THESE CUSTOMER NEEDS
66
66
16. 9. 2022
VELOS: Highest Performance With Modern Architecture
• Kubernetes-based platform software
CX410 Chassis
• API first architecture, fully automatable
• Higher density resources per rack unit
• Multi-Tbps total Layer 4-7 throughput
• Flexible support for multi-tenancy and
blade groupings
BX110 Blade
• Redundant System Controllers, mix
and match blades on single chassis
67
67
VELOS Chassis
CX410 Chassis – 4RU supporting up to 8x B110 blades
1
2
3
Controller 1
7
6
5
PSU1
1
1
4
Controller 2
PSU2
PSU3
Fan Tray 1
Fan Tray
2
2
8
PSU4
Redundant
System Controllers
Configurable to N+N
Power Supplies
33
68
68
16. 9. 2022
System Controller (VELOS CX410 Chassis)
69
69
Future Proof
VELOS Provides Flexibility: Multiple Chassis Partitions within a
Single Chassis
•
Unlike VIPRION, the VELOS chassis can be
split into multiple Chassis Partitions
Blade1
Blade2
• Within VIPRION all blades formed a single “cluster”
Blade3
Blade4
•
This allows for complete resource isolation,
service chaining, and the ability to run both
BIG-IP and BIG-IP MA within the same
chassis*
•
Provides another layer of segmentation not
previously available in VIPRION
Blade1
Blade2
Blade3
Blade4
Blade5
Blade6
Blade7
Blade8
*BIG-IP & BIG-IP MA cannot be mixed in the same Chassis Partition initially
70
70
16. 9. 2022
VELOS Improvements Over VIPRION
DESIGNED FROM THE GROUND UP FOR THE NEW APPLICATION LANDSCAPE
VELOS
VIPRION
FPGAs / Line Card
Interfaces
Resources
Switching
QoS
Data Path Paradigm
TBD
In-Line Crypto
Packet Processing Pipeline
Backplane
71
71
B2150 vs B2250 vs VELOS BX110
COMPARISON PER SINGLE BLADE
L7 RPS (K)
MAX SSL TPS (RSA 2K)
4M
3M
100K
3.3x B2150
1.7x B2250
90K
80K
3M
9x B2150
2x B2250
70K
2M
90K
60K
3,3M
2M
50K
40K
2,0M
1M
500K
30K
10K
K
B2150
44K
20K
1,0M
B2250
VELOS BX110
K
10K
B2150
72
ECC
50K
72
B2250
VELOS BX110
16. 9. 2022
B2150 vs B2250 vs VELOS BX110
COMPARISON FOR FULL CHASSIS
L7 RPS (K)
MAX SSL TPS (RSA 2K)
30M
800K
6.4x B2150
3.2x B2250
25M
700K
18x B2150
4x B2250
720K
600K
20M
500K
15M
400K
25,6M
300K
10M
ECC
400K
200K
5M
8,0M
100K
176K
4,0M
K
B2150
B2250
VELOS BX110
K
40K
B2150
B2250
73
VELOS BX110
73
Providing Flexibility and Investment Protection
BIG-IP 14.x
Modular BIG-IP
VM Tenant (BIG-IP)
LTM
WAF
DNS
AFM
DP
DP
CP
Guest kernel, TMOS & TMM
DP
DP
Platform SW (VELOS)
Platform SW (VELOS)
Hardware
Hardware
Existing BIG-IP and Modular BIG-IP can run within same VELOS chassis
74
74
16. 9. 2022
The Promise of VELOS
PERFORMANCE
Up to 5x higher computational power per Chassis; Up to 5x higher total L4/L7 throughput per Chassis
VERSATILITY
Support for multi-speed (10/25/40/100GbE)
FAULT TOLERANCE
Reduced Failure Domain by decoupling Compute (Blade) and Fabric (System Controller)
PLATFORM SECURITY
Multiple layers of tenancy providing fully isolated traffic
FLEXIBILITY
Ability to mix and match different VELOS Blade generations
WIRE SPEED FABRIC
Non-Blocking Backplane
AUTOMATION
API-first architecture / fully automatable
TENANT SCALE
Flexible multi-tenancy (future support to 100s of Tenants per blade)
MODERN ARCHITECTURE
K8s Appliance Container (cBIP/mBIP for different tenants, and a path to 3rd party applications)
75
75
F5OS
76
76
16. 9. 2022
More Than Just a Hardware Refresh
 Leverages microservices architecture
to break beyond constraints of TMOS
 Common F5OS architecture layer with
VELOS
 Kubernetes manages workloads, but is
abstracted from the admin, no
microservices knowledge required to
manage rSeries
 Multitenant by default architecture
 API First design – Full automation @
the F5OS layer
 Lays the foundation for next
generation BIG-IP software: BIG-IP
Next
77
77
F5OS Management
 New F5OS platform layer can be managed
via CLI, API, or GUI
 Intuitive GUI, CLI & API provides initial
platform setup, monitoring, and tenant
lifecycle
 TMOS Tenants are still managed as they are
on existing platforms
 Similar to a vCMP guest management
experience
Boston-r10900-1# show running-config
cluster disk-usage-threshold config warning-limit 85
cluster disk-usage-threshold config error-limit 90
cluster disk-usage-threshold config critical-limit 97
cluster disk-usage-threshold config growth-rate-limit 10
cluster disk-usage-threshold config interval 60
cluster nodes node node-1
config name node-1
config enabled
!
fdb mac-table entries entry 00:94:a1:69:59:27 500 tag_type_vid
config mac-address 00:94:a1:69:59:27
78
78
16. 9. 2022
VELOS / F5OS – API Support
https://clouddocs.f5.com/api/velos-api/velos-api-index.html
79
79
F5OS Software Lifecycle
• F5OS Platform layer software uses semantic versioning, which includes a platform type followed by a
three-digit software version
• Versions use the following syntax: F5OS-PLATFORM_TYPE-MAJOR.MINOR.PATCH-LTS, LTS is optional
• LTS releases will typically occur on an annual basis after declaring the initial LTS release
• The Standard Support phase of an LTS release begins with the Introduction Date and ends in three years
• More frequent STS releases will typically occur on a quarterly basis and include backwards compatible
feature additions, enhancements, and bug fixes
• The STS releases usually have standard support phase of six months, or three months from the next STS
release, whichever is longer
SOL will be updated soon:
https://support.f5.com/csp/article/K21501912
80
80
16. 9. 2022
F5OS / TMOS Tenant Compatibility
• F5OS-C Supports v14.1.4 and later, and v15.1.4 and
later, the next major version will be v17.1
• F5OS-A 5k/10k supports v15.1.5 and later, the next
major version will be v17.1
• F5OS-A 2k/4k supports v15.1.6 and later, the next
major version will be v17.1
• None of these platforms will support v16.0, 16.1, or
17.0
https://support.f5.com/csp/article/K9476
81
81
F5OS-C vs. F5OS-A
• F5OS-C (Chassis) is for VELOS
• F5OS-C CONTROLLER
• F5OS-C PARTITION
• F5OS-A (Appliance) is for rSeries
• R5R10 – For r10000/r5000
• R2R4 - For r2000/r4000
• They have different version numbering so
please qualify F5OS-A or F5OS-C
82
82
16. 9. 2022
Q&A
83
83
Thank you
84