F5 BIG-IP i11400-DS

Overview:

The BIG-IP iSeries platform combines software and hardware innovations that balance the need for performance, scalability, and security. iSeries delivers unrivalled software-defined hardware performance, fast and easy programmability, and ecosystem-friendly orchestration. IT teams can offload SSL processing and deploy comprehensive application delivery and security services across data center and colocation infrastructure.

Gain Agility with the Most Programmable Cloud-Ready ADC

F5’s next-generation, cloud-ready Application Delivery Controller (ADC) platform provides DevOps-like agility with the scale, security depth, and investment protection needed for both established and emerging apps. The new F5 BIG-IP iSeries appliances deliver quick and easy programmability, ecosystem-friendly orchestration, and record breaking, software-defined hardware performance. As a result, customers can accelerate private clouds and secure critical data at scale while lowering TCO and future proofing their application infrastructure.

Key Benefits

Obtain the lowest TCO
Reduce TCO and the infrastructure footprint by consolidating app and security services on to a unified, high-performance platform.

Protect critical data
Deliver the SSL capacity required to protect critical data—including offload of elliptical curve cryptography (ECC) processing to hardware—enabling forward secrecy scaling. Simplify operations and improve customer confidence with the fastest way to an SSL Labs A+ rating.

Secure applications
Deliver the most effective protection with integrated, one-pass, full stack (L3–L7 security, including an ICSA Certified firewall, highcapacity DDoS mitigation, contextual access management, and more.

Ensure the easiest deployment for cloud or container environments
Save time with the only simple, out-of-the-box native integration with leading private cloud, cloud interconnect colocation, and container environments.

Maximize investment protection
The iSeries’ software-defined hardware includes unique F5 TurboFlex FPGA technology that enables on-demand optimized performance for specific use cases such as DDoS protection or UDP traffic processing. Eliminate forklift upgrades and extend the lifecycle of app delivery hardware with software-upgradeable performance.

Maximize uptime
Ensure your critical infrastructure is built on reliable, carrier-grade hardware with hot-swappable components, redundant power supplies and fans, and always-on management integrated with a full baseboard management controller (BMC) with IPMI support.

Standardize Your App Delivery Services

BIG-IP ADC appliances can simplify your network and reduce total cost of ownership (TCO) by offloading servers, providing a consistent set of comprehensive application services, and consolidating devices, saving management, power, space, and cooling costs in the data center.

The massive performance and scalability of the BIG-IP platform reduces the number of ADCs needed to deliver even the most demanding applications. By offloading computationally intense processes, you can significantly reduce the number of application servers needed.

Intelligent Performance Where It Matters

Traditional performance measurements in terms of throughput don’t accurately represent the complex needs of delivering modern web applications. Connection capacity and L7 transactions per second are critical. For instance, ADCs must be able to process high levels of layer 4 and layer 7 connections and make application-layer decisions such as removing sensitive information or transforming application-specific payloads. BIG-IP appliances have the intelligence and performance to handle application layer decisions while securing your data and infrastructure.

Features:

Intelligent local and global traffic management: BIG-IP LTM and BIG-IP DNS

Ensure your apps are fast, available, and secure with local and global server load balancing, performance optimization, crypto-offload and granular traffic visibility.

• Intelligent Traffic Management - From basic load balancing to complex traffic management decisions, BIG-IP LTM and BIG-IP DNS deliver granular control over application traffic.
• Programmability - Gain complete programmatic control over app traffic with iRules, allowing you to implement security rules, fix app-related errors in real-time and much more.
• Blazing Fast SSL - Cost-effectively protect your user experience by encrypting everything from client to server with BIG-IP’s high-performance crypto processing capabilities.

Advanced application and API protection: BIG-IP Advanced WAF

BIG-IP Advanced WAF redefines application security to address the most prevalent threats facing organizations today, including automated bot attacks that overwhelm existing security solutions, web attacks that steal credentials and gain unauthorized access to user accounts, and app-layer attacks that evade static security based on reputation and manual signatures.

• Proactive Bot Defense - Protect apps from automated attacks from bots and other malicious tools.
• App-layer (L7) DoS - Leverage behavioral analytics and machine learning to detect and mitigate L7 DoS attacks before they impact your apps.
• API Protection - Deploy tools that provide comprehensive security for REST/JSON, XML, and GWT APIs.

Secure and unified application access: BIG-IP APM

BIG-IP APM is a secure, flexible, high-performance access management proxy solution, managing global access to your network, the cloud, apps and APIs.

• Identity-Aware Proxy (IAP) - Deploy zero trust model validation based on granular context to secure every app request.
• Identity Federation, MFA, and SSO - Federate identity, drive adaptive MFA (supporting FIDO U2F and RADIUS protocols) and enable SSO to simplify app access.
• Secure Remote and Mobile Access - Unify identity for remote access via SSL VPN with a secure and adaptive per-app VPN.

Infrastructure and DDoS protection: BIG-IP AFM

BIG-IP AFM is a high-performance, full-proxy network security solution designed to protect networks and data centers from aggressive DDoS and protocol attacks before they overwhelm and degrade services.

• Network Protection - Identify and mitigate network, protocol, and DNS threats before they reach critical resources.
• DDoS Mitigation - Thwart volumetric DDoS attacks before they impact users’ ability to interact with applications.
• High-Volume Logging Controls - Support SNMP, SIP, DNS and IPFIX collectors, while protecting log servers from being overwhelmed.

Core Capabilities:

Protect critical apps and data

Comply with industry regulations and mitigate targeting every level of your application stack, with best-in-class app and network security.

Cloud-ready deployments

Reduce time-to-market with a simple, out-of-the-box native integration with leading private cloud, interconnects and container environments.

Maximize uptime

Ensure critical infrastructure is built on reliable, carrier-grade hardware with redundant power supplies and hot-swappable components.

Achieve predictable performance

Optimize hardware acceleration and intelligent performance where it matters.

Boost performance for critical functions

Turboflex technology empowers you to optimize performance for specific functions, including L4 offload, DoS protection, and allow/deny-listing.

Deliver best-in-class SSL performance

Offload costly SSL/TLS processing and speed while improving key exchange and bulk encryption.

Virtualize ADC services and achieve multi-tenancy

F5 Virtual Clustered Microprocessing (vCMP) technology allows multiple BIG-IP guest tenants to run on a single system with dedicated resources, including CPU and memory.

Centralize management of your iSeries fleet

Centrally manage and gain visibility into your iSeries fleet as well as other physical and virtual BIG-IP devices with BIG-IQ Centralized Management.

The Advantages of F5 BIG-IP Hardware:

The BIG-IP iSeries platform perfectly blends software and hardware innovations that balance the need for performance, scalability, and agility. The F5 TMOS operating system provides total visibility, flexibility, and control across all application delivery services. With TMOS, organizations can intelligently adapt to the diverse and evolving requirements of applications and networks. Other unique or patented hardware and software innovations enable the BIG-IP iSeries platform to offer unmatched capabilities:

• F5 TurboFlex optimization technology: Field-programmable gate arrays (FPGAs), tightly integrated with CPUs, memory, TMOS, and software, provide specific packet-flow optimizations, L4 offload, support for private cloud tunneling protocols, and denial-ofservice (DoS) protection. These hardware optimizations not only improve performance but free CPU capacity for other app delivery and security tasks. Only BIG-IP iSeries appliances feature TurboFlex performance profiles—user-selectable, pre-packaged optimizations that provide different performance characteristics depending on the business need:
  • L4 offload enables unsurpassed throughput and reduced loads on software.
  • Unique per-virtual-IP/application SYN flood protection ensures that if one application is under attack, others are not affected. Only F5 ADCs implement hardware-based SYN cookies in L4 and full proxy L7 mode.
  • More than 100 types of DoS attacks can be detected and mitigated in hardware, hugely increasing the attack size that can be absorbed compared to software-only implementations.
  • Network virtualization and overlay protocol processing (such as VXLAN and NVGRE tunneling) increases traffic processing capacity.
  • UDP traffic processing increases throughput and reduces both latency and jitter, improving VoIP or streaming media performance.
• Best-in-market SSL performance accelerates SSL/TLS adoption by offloading costly SSL processing and speed key exchange and bulk encryption. BIG-IP iSeries solutions include hardware acceleration of ECC ciphers, enabling forward secrecy. In addition, the ability to achieve an SSL Labs A+ rating with a few simple steps reduces SSL configuration complexity and errors.
• BIG-IP platforms offer maximum hardware compression, enabling cost-effective offloading of traffic compression processing to improve page load times and reduce bandwidth utilization.
• Enterprise class SSD (solid state drive) technology on select BIG-IP platforms improves performance and reliability, saves power, and reduces heat generation and noise.
• Efficiency features include 80 Plus Platinum certified power supplies as well as front-panel touchscreen LCD management, remote boot and multi-boot support, and USB support.

F5 ScaleN

F5 ScaleN technology enables organizations to scale performance, virtualize, or horizontally cluster multiple BIG-IP devices, creating an elastic Application Delivery Networking infrastructure that can efficiently adapt as needs change.

• On-demand scaling—Increase capacity and performance with on-demand scaling, simply adding more power to your existing infrastructure instead of adding devices. Some BIG-IP appliance models can be upgraded to the higher performance model within each series through on-demand software licensing, which enables organizations to support growth without new hardware.
  
  
• Operational scaling—Virtualize ADC services with a multi-tenant architecture that supports a variety of BIG-IP versions and product modules on a single device. F5 Virtual Clustered Multiprocessing (vCMP) technology enables select hardware platforms to run multiple BIG-IP guest instances. Each guest instance acts like a physical BIG-IP device, with a dedicated allocation of CPU, memory, and other resources. vCMP offers per-guest rate limiting for bandwidth, enabling different performance levels for each guest.
  
  Further divide each vCMP guest using multi-tenant features such as partitions and route domains, which can isolate configuration and networks on a per-virtual-domain basis. Within each virtual domain, you can further isolate and secure configuration and policies, with a role-based access system for administrative control. When route domains/partitions are combined with vCMP guests, F5 provides the highest density multi-tenant virtualization solution, which can scale to thousands of virtual ADC (vADC) instances.
  
  This ability to virtualize BIG-IP ADC services means service providers and enterprise users can isolate based on BIG-IP version, enabling departmental or project-based tenancy as well as performance guarantees, consolidated application delivery platform management, and increased utilization.
  
  
• Application scaling—Increase capacity by adding BIG-IP resources through an all-active approach, and scale beyond the traditional device pair to eliminate idle and costly standby resources. Application scaling achieves this through two forms of horizontal scale. One is Application Service Clustering, which focuses on application scalability and high availability. The other is Device Service Clustering, designed to efficiently and seamlessly scale BIG-IP application delivery services and sync application policies.
  
  Application Service Clustering delivers sub-second failover and comprehensive connection mirroring for a highly available cluster of up to eight devices at the application layer, providing highly available multi-tenant deployments. Workloads can be moved across a cluster of devices or virtual instances without interrupting other services and can be scaled to meet business demand.
  
  Device Service Clustering can synchronize full device configurations in an all-active deployment model, enabling consistent policy deployment and enforcement across devices—up to 32 active nodes. This ensures a consistent device configuration, with syncing of hardened firewall and access policies to simplify operations and reduce attack surfaces.

Gain Agility and Control in Private Clouds:

Enterprises are migrating to private clouds to achieve agility and speed time to market for applications while maintaining control. Regardless of the chosen cloud stack, typically only basic networking and app services like load balancing are provided. Advanced application delivery and security services are required to optimize and protect applications. Highly scalable BIG-IP platforms, with programmatic interfaces and service delivery templates, enable integration and automation with orchestration systems and deliver rightsized services aligned to specific app needs.

F5 solutions integrate with the leading private cloud technology stacks, including OpenStack, VMware, and Microsoft. For OpenStack, F5 provides native orchestration with Heat templates to automate the end-to-end deployment of advanced app and security services, reducing deployment times from days to minutes. Integration with VMware vRealize Orchestrator through the Blue Medora vRO plug-in reduces configuration time, enables selfservice of F5 application services by app owners, and automates complex, multi-step workflows. F5 iWorkflow enables integration of F5 devices with software-defined networking (SDN) orchestration systems providing a single point of contact between the orchestrator and F5 devices.

Two-tier architecture

For enterprises deploying a private cloud, a two-tier architecture provides an optimized design that takes best advantage of both hardware and software app delivery services. The first tier provides services such as L4 traffic management, distributed denial-of-service (DDoS) firewall, or SSL offloading, which are centralized and shared for all north-south traffic entering the network, enforcing consistent app policies. These services, which deal with high-volume traffic and incur heavy CPU loads, require high performance, scalability, and guaranteed service-level agreements (SLAs). Dedicated, purpose-built hardware such as BIG-IP iSeries appliances meet those requirements and, depending on the environment and app requirements, can be more cost efficient than commodity servers.

Tier 2—the tenant or app tier—includes emerging, cloud-native applications that can be hosted in containers or disaggregated into microservices. The apps require specific services addressing intra-app traffic (east-west traffic). Those services, which can include basic load balancing to web app firewall or web performance optimizations, can be delivered on a per-application basis through highly scalable, flexible software such as virtual editions of BIG-IP products. This two-tier architecture model, standardized on F5 application services, offers flexibility, a strategic point of control where proven app policies can be enforced, and complete visibility of all traffic, taking advantage of hardware where it’s needed and software agility near the app.

Figure 1: Orchestrated and automated deployment of app services in a two-tier private cloud architecture.

Consistent App Delivery and Security for Public Cloud

As more enterprise applications migrate to public cloud, it’s becoming more difficult to maintain network requirements and consistent application policies. In addition, many IT architects are unaware of the amount of public cloud apps deployed, the current configurations and services for those apps, and how to discover apps in flight. Organizations are turning to interconnection services at colocation providers for direct public cloud access; however, application delivery and security services across public cloud providers is disparate and varied, compared to on-premises and private cloud solutions.

F5 Application Connector is an add-on to the F5 BIG-IP platform, allowing services insertion for public cloud applications. It also acts as a cloud proxy instance for securely connecting public clouds to an organization’s application service infrastructure within cloud interconnects (colocations) or data centers. This enables the use of public cloud resources as part of an organization’s compute infrastructure. Application Connector also performs workload discovery within the Amazon Web Services (AWS) and Azure public cloud, and provides a secure connection back to interconnect services or data centers, allowing application services insertion on the BIG-IP platform.

Figure 2: Application Connector helps you easily search and find public cloud-hosted workloads in AWS and Azure. Securely connect all public cloud apps, and insert app delivery and additional security services such as SSL. Provide consistency across app deployments, and securely maintain sensitive SSL keys from a central location.

Programmability

Enabling automation and orchestration is key to achieving the benefits of cloud and software-defined architectures and to scaling application services on demand. F5 platforms offers many ways to program the application services fabric and network, enabling organizations to automate deployment, react in real time to events, and easily integrate into orchestration systems. F5 iRules scripting has long provided granular traffic control and visibility, enabling customization, rapid response to code errors and security vulnerabilities, and support for new protocols. New F5 iRules LX lowers costs and speeds deployments by extending iRules to JavaScript developers and providing access to, and easier integration with, over 250,000 community Node.js packages. In addition, with F5 iApps templates, organizations can automate deployment and configuration of application services in minutes. F5 iControl® REST APIs and SDKs provide integration with leading open source and commercial orchestration systems, VMware, OpenStack clouds, and configuration management systems such as Puppet, Chef, and Ansible.

BIG-IQ Centralized Management

F5 BIG-IQ Centralized Management is F5’s management and orchestration platform. It provides a central point of control for F5 physical and virtual devices and the app delivery and security services that run on them. BIG-IQ Centralized Management is available both as a virtual edition and an F5 appliance. It simplifies management, helps ensure compliance, and gives you the visibility and reporting you need to troubleshoot and respond to issues and security attacks.

BIG-IQ Centralized Management manages policies, licenses, SSL certificates, images, and configurations for F5 devices and the following BIG-IP software modules:

• BIG-IP Local Traffic Manager (LTM)
• BIG-IP Application Security Manager (ASM)
• BIG-IP Advanced Firewall Manager (AFM)
• BIG-IP Access Policy Manager (APM)
• F5 Secure Web Gateway Services
• BIG-IP DNS
• F5 WebSafe and F5 MobileSafe (monitoring only)

BIG-IQ Centralized Management supports BIG-IP appliances, VIPRION chassis/blades, and BIG-IP virtual editions (VE), whether they are running locally or in the cloud. It is ideal for organizations that require central management of F5 devices and modules, license management of BIG-IP VEs, or central reporting and alerting on application availability, performance, and security.

Simplified and enhanced diagnostics and troubleshooting

BIG-IP iSeries appliances include a baseboard management controller (BMC) and support for the Intelligent Platform Management Interface (IPMI) protocol. With the BMC and Always-On Management (AOM) firmware, F5 customers can have deeper access to internal sensor data for system monitoring, including multiple thermal, airflow, and voltage readings. Out-of-band alerts for hardware-level problems are possible without a running TMOS instance. Gain remote system console access to the BMC and AOM functions through the same IP address of the TMOS management port, eliminating the need for a special or separate network. BIG-IP iSeries appliances also can show system information, such as sensor values for troubleshooting, on their color touchscreen LCD displays.

FIPS compliance at scale

The Federal Information Processing Standards (FIPS) specify requirements for cryptographic modules. FIPS compliance is required for many government agencies and industries such as financial services and healthcare that demand the highest standards in information, application, and data security. F5 offers a broad range of FIPS-validated hardware appliances that support FIPS 140-2 Level 2 and FIPS 140-3 Level 2 implementations for RSA cryptographic key generation, use, and protection when running validated versions of BIG-IP TMOS.

For additional protection, the F5 10350v-F/i7820-DF/i5820-DF ship with an embedded 3rd party FIPS-grade internal HSM (PCI card), validated by the Marvell company at FIPS 140-3 Level 3. F5 hardware FIPS appliances include integrated HSMs that have tamper-evident seals with a hardened-epoxy cover which, if removed, will render the card useless. The F5 BIG-IP system is not 140-2 Level 3 validated.

Specifications:

Notes: Performance-related numbers are based on local traffic management services only. Only optics provided by F5 are supported. SFP+ ports in i11800, i11600, i10800, i10600, i7800, i7600, i5800, and i5600 are compatible with F5 SFP modules.
* Maximum throughput.
** Please refer to the Platform Guide: i10000/i11000 Series for the latest power ratings for your specific configurations (number of PS, highline input voltage, DC, etc.).
† ECDHE-ECDSA-AES128-SHA256 cipher string tested.

Documentation:

Download the F5 BIG-IP Platforms Datasheet (.PDF)