F5 Networks
Encyclopedia
F5 Networks, Inc. is a networking appliances company. It is headquartered in Seattle, Washington
Seattle, Washington
Seattle is the county seat of King County, Washington. With 608,660 residents as of the 2010 Census, Seattle is the largest city in the Northwestern United States. The Seattle metropolitan area of about 3.4 million inhabitants is the 15th largest metropolitan area in the country...

 and has development and marketing offices worldwide. It originally manufactured and sold some of the very first load balancing
Load balancing (computing)
Load balancing is a computer networking methodology to distribute workload across multiple computers or a computer cluster, network links, central processing units, disk drives, or other resources, to achieve optimal resource utilization, maximize throughput, minimize response time, and avoid...

 products. In 2010, F5 Networks was featured in Fortune
Fortune (magazine)
Fortune is a global business magazine published by Time Inc. Founded by Henry Luce in 1930, the publishing business, consisting of Time, Life, Fortune, and Sports Illustrated, grew to become Time Warner. In turn, AOL grew as it acquired Time Warner in 2000 when Time Warner was the world's largest...

's 100 Fastest-Growing Companies list.

F5 Networks' flagship product, the BIG-IP network appliance, was originally a network load balancer but today also offers other functionality such as access control and application security. Add-on modules to F5's BIG-IP family of products offer email filtering and intelligent compression to allow for lower bandwidth and faster downloads in addition to load balancing and local traffic management capabilities.

F5 offers products in various segments of the Application Delivery Controller
Application delivery controller
An application delivery controller is a network device in the datacenter that helps perform common tasks done by web sites in an effort to remove load from the web servers themselves. Many also provide load balancing. They usually sit between the firewall/router and the web farm. The ADC is in...

 market. According to Gartner
Gartner
Gartner, Inc. is an information technology research and advisory firm headquartered in Stamford, Connecticut, United States. It was known as GartnerGroup until 2001....

, F5 has "a continued market-leading position" in the Application Delivery Controller market. Gartner cites the most significant competitors (in terms of market share) as Cisco Systems
Cisco Systems
Cisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, United States, that designs and sells consumer electronics, networking, voice, and communications technology and services. Cisco has more than 70,000 employees and annual revenue of US$...

 and Citrix Systems
Citrix Systems
Citrix Systems, Inc. is a multinational corporation founded in 1989, that provides server and desktop virtualization, networking, software-as-a-service , and cloud computing technologies, including Xen open source products....

. Other competitors include A10 Networks
A10 Networks
A10 Networks is a privately held company specializing in the manufacture of application delivery controllers . Founded in 2004 by Lee Chen, co-founder of Foundry Networks, A10 originally serviced just the identity management market with its line of ID Series products...

, Armorlogic
Armorlogic
Armorlogic is a security software company founded in 2004 by a group of leading Internet security specialists from some of the world's largest Internet security consulting companies. The Company's product range includes a web application firewall and content load balancer...

, Array Networks
Array Networks
Founded in 2000, and headquartered in Silicon Valley, California, Array Networks is a global technology company that addresses problems related to securely delivering enterprise applications to end users....

, Barracuda Networks
Barracuda Networks
Barracuda Networks, Inc. is a privately held company providing security, networking and storage solutions based on appliances and cloud services. The company’s security products include solutions for protection against email, web surfing, web hackers and instant messaging threats such as spam,...

, Brocade
Brocade Communications Systems
Brocade Communications Systems, Inc. , based in Silicon Valley , is a vendor of storage area network hardware and software. The company also designs, manufactures, and sells networking products and management applications for local, metro, and wide area networks...

, Coyote Point Systems
Coyote Point Systems
Coyote Point Systems is a manufacturer of computer networking equipment for application traffic management, also known as server load balancing....

, Crescendo Networks
Crescendo Networks
Crescendo Networks, Ltd. was a privately held computer networking company headquartered in Sunnyvale, California with regional offices in EMEA and APAC...

, KEMP Technologies, Radware
Radware
Radware , is a provider of integrated Application delivery, Network Security and Load balancing solutions based in Tel Aviv, Israel. Radware, which is a member of the Rad Group of companies, is a public company and its shares are traded on NASDAQ.- History :...

 and Zeus Technology
Zeus Technology
Zeus Technology, Ltd. is a software company based in Cambridge, England. Zeus Technology, Inc. is a wholly owned US subsidiary.- Timeline :...

.

Corporate history

F5 Networks, originally named F5 Labs, was founded in 1996. F5's first product was a load balancer called BIG-IP. If a server went down or became overloaded, BIG-IP directed traffic away from that server to other servers that could handle the load. In 1999 the company went public and was listed on the NASDAQ stock exchange (NASDAQ: FFIV). Corporate focus is on network intelligence. In 2004, 80% of the F5 business was with Fortune 500 companies.

Using internal development and acquisitions the company extended its reach beyond load balancing, producing a range of products for Application Delivery Networking. These products seek to improve the delivery of the applications by attempting to make them run faster and more securely.

Acquisitions

  • uRoam (SSL VPN vendor) for USD 25M in 2003
  • Magnifire (Web Application Firewall) for USD 29M in 2004
  • Swan Labs (WAN acceleration and web acceleration) for USD 43M in 2005.
  • Acopia Networks (file virtualization) for USD 210M in 2007.

BIG-IP

F5's BIG-IP product is based on a network appliance (either virtual or physical), which runs F5's Traffic Management Operating System (TMOS), which runs on top of Linux. This appliance can then run one or more product modules (depending on the appliance selected), which provide the BIG-IP functionality.

BIG-IP Appliances

The current line of BIG-IP appliance was released between 2008 and 2010, and the hardware models internally use a single custom-fabricated system board. The previous platforms had two internal boards - a PC/server-type motherboard connected to a switchplane. Some models include hardware SSL acceleration
SSL acceleration
SSL acceleration is a method of offloading the processor-intensive public key encryption algorithms involved in SSL transactions to a hardware accelerator....

 for key exchanges and bulk encryption/decryption provided by Cavium Networks
Cavium Networks
Cavium is a San Jose, California-based company specializing in ARM-based and MIPS-based network, video and security processors. Cavium offers processor and board level products targeting routers, switches, appliances, storage and servers.-Major acquisitions::...

, and hardware compression assistance. The current hardware line-up uses Intel CPUs, but some previous models have included AMD Opteron
Opteron
Opteron is AMD's x86 server and workstation processor line, and was the first processor which supported the AMD64 instruction set architecture . It was released on April 22, 2003 with the SledgeHammer core and was intended to compete in the server and workstation markets, particularly in the same...

 CPUs. Hardware models include a front LCD panel for configuration and monitoring and a separate service processor for out-of-band management.

The Viprion is chassis/blade based hardware. It is a chassis which can hold up to 4 blades for enhanced redundancy and performance using Clustered Multiprocessing
Multiprocessing
Multiprocessing is the use of two or more central processing units within a single computer system. The term also refers to the ability of a system to support more than one processor and/or the ability to allocate tasks between them...

.

Following the 2009 release of Citrix Systems' NetScaler VPX virtualised load balancer as a XenServer virtual appliance and criticism from Gartner regarding F5's lack of "SoftADC" development, in early 2010 F5 released a BIG-IP LTM virtual appliance
Virtual appliance
A virtual appliance is a virtual machine image designed to run on a virtualization platform ....

 for VMware
VMware
VMware, Inc. is a company providing virtualization software founded in 1998 and based in Palo Alto, California, USA. The company was acquired by EMC Corporation in 2004, and operates as a separate software subsidiary ....

.

The full model line-up is as follows, with approximate best-case throughput indicated:
Model Advertised throughput
BIG-IP LTM Virtual Edition 10 Mbit/s, 200 Mbit/s or 1 Gbit/s
BIG-IP 1600 1 Gbit/s
BIG-IP 3600 2 Gbit/s
BIG-IP 3900 4 Gbit/s
BIG-IP 6900 6 Gbit/s
BIG-IP 8900 12 Gbit/s
BIG-IP 8950 20 Gbit/s
BIG-IP 11050 42 Gbit/s
Viprion 4400 Up to 160 Gbit/s
Viprion 2400 Up to 160 Gbit/s L4 & Up to 72  Gbit/s L7. Per Blade Up to 40G L4 & Up to 20G L7

BIG-IP Product Modules

  • Local Traffic Manager (LTM): Local load balancing based on a full-proxy
    Proxy server
    In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...

     architecture.
  • Global Traffic Manager (GTM): Global Server Load Balancing using DNS
    Domain name system
    The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...

    .
  • Link Controller: Inbound and outbound ISP load balancing.
  • Application Security Manager (ASM): A Web Application Firewall.
  • WebAccelerator: An asymmetric or symmetric advanced caching solution for HTTP and HTTPS traffic.
  • Edge Gateway: An SSL VPN.
  • WAN Optimisation Module: A data centre symmetric WAN optimization solution.
  • Access Policy Manager: Provides access control and authentication for HTTP and HTTPS applications.

BIG-IP Software Development History

On September 7, 2004 F5 Networks released version 9.0 of the BIG-IP software in addition to a new collection of BIG-IP appliances on which customers could run said software. Version 9.0 was significantly different than the previous versions of BIG-IP. The significant changes include:
  • Moved from BSD to Linux
    Linux
    Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...

     to handle sys management functions (disks, logging, bootup, console access, etc.)
  • Creation of a Traffic Management Microkernel (TMM) to directly talk to the networking hardware and handle all network activities
  • Creation of the standard full-proxy mode which fully terminates network connections at the BIG-IP and establishes new connections between the BIG-IP and the real servers. This allows for optimum TCP stacks on both sides as well as the complete ability to modify traffic in either direction.


On April 3, 2009, F5 Networks released version 10.0 of the BIG-IP software. BIG-IP v10 is a major release supporting the company goals of "Unified Application and Data Delivery Services". This is the company vision on how applications, servers, storage, and network resources are managed in an organization.

Version 10 of BIG-IP contained new features to reduce latency, remove congestion or other impediments. Application delivery is enhanced by features such as symmetric adaptive compression operates between any two BIG-IP appliances, providing the data reduction, optimization and acceleration found in WAN traffic optimization products.

BIG-IP Software Features

  • iControl Application Programming Interface
    Application programming interface
    An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...

     (API): an open API for management of the BIG-IP
  • iRules: a TCL
    Tcl
    Tcl is a scripting language created by John Ousterhout. Originally "born out of frustration", according to the author, with programmers devising their own languages intended to be embedded into applications, Tcl gained acceptance on its own...

    -based scripting language allowing arbitrary manipulation of traffic flowing through the BIG-IP, including real-time modification of said data.

FirePass

The FirePass is an SSL VPN appliance and comes in the following models:
Model Recommended Concurrent Users
FirePass Virtual Edition Up to 2000
FirePass 1200 100
FirePass 4100 500
FirePass 4300 2000


Compared to a traditional IPsec
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...

 VPN, FirePass and other competing SSL VPNs have the following differences:
  • Granular access control: grant users different sets of privileges based on who they are, what client they are on, and where they are coming from. When combined with an authentication server such as Active Directory
    Active Directory
    Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....

     or LDAP
    Lightweight Directory Access Protocol
    The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...

    , the group memberships for the user can determine which resources they can access with fine-grained control.
  • Access through firewalls: IPsec
    IPsec
    Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...

     connections may be blocked by firewalls or proxy servers while port 443/TCP is almost always allowed.
  • Endpoint security: the client can be checked for an active virus scanner, registry entries, personal firewall, etc., before being allowed access to the network.
  • In addition to providing full network access like IPsec
    IPsec
    Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...

    , the FirePass can provide access to only one server and port, and provide portal access to web sites and file shares, thus eliminating the need for any network access.

ARX Series

The ARX series is a series of file virtualisation appliances that use technology F5 acquired through its acquisition of Acopia Networks. The devices work as proxies for CIFS and NFS
NFS
NFS may mean:* Network File System , the Network File System protocol developed by Sun Microsystems* NFS , a former Icelandic television news service* National Financial Switch, a bank network in India...

, enabling administrators to control where files physically reside based on policies for age, file type, etc. whilst presenting users with a single target.

Enterprise Manager

The Enterprise Manager appliance optionally provides centralised management of multiple F5 BIG-IP devices.
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK