BLOG

Evolve Service Provider network architectures with BIG-IP 12

Misbah Mahmoodi Miniatur
Misbah Mahmoodi
Published May 25, 2016

F5 recently launched the latest TMOS version with BIG-IP v12.1. This release is a long-term release that reduces total cost of ownership, provides the highest performance and scalable solutions, and delivers a rich set of security solutions to secure your devices, networks, and applications. BIG-IP v12.1 also delivers on F5's commitment to provide the quality and reliability our customers expect from the leaders in delivering core service provider network solutions.

Service providers have come to expect the highest quality software releases from F5. With the new v12.1 release, F5 has significantly increased operational efficiency, reliability, and long-term supportability by consolidating over 950 customer request for enhancements (RFE) and bug fixes from the previous BIG-IP 11.x releases and is on a 5-year support cycle.

Version 12 offers new features across the broad portfolio of F5 solutions, including Security, DNS, Intelligent Traffic Steering and Policy Enforcement.

Deliver Security Anywhere at Massive Scale

As service provider networks evolve their network architecture to 4G and 5G and prepare to support the massive increase in applications and data usage, along with supporting billions of devices connecting to the network with the Internet of Things (IoT), they need solutions that can seamlessly scale to support this growth. Along with dealing with the massive number of devices and applications, service providers also have to deal with the new security threats including DDoS attacks, DNS attacks, device-oriented attacks and Advanced Persistent Threats (APT). 

At the recent Mobile World Congress 2016, F5 announced the highest performance and scalable Carrier Class Firewall for 4G and 5G networks with the 100 GbE VIPRION 4450 blade. The VIPRION B4450 provides 100GbE and 40GbE ports in the QSFP28 form factor, which delivers the smallest footprint and lowest power consumption of any 100GbE form factor. To handle the billions of devices connecting to the network, service providers require solutions that not only support high throughput, but are able to support concurrent connections and connection setup rates. In an 8-blade VIPRION 4800 chassis, the B4450 provides over 1.2 Tbps L4-L7 throughput, along with supporting over 1 billion concurrent connections and 20 million connections per second (CPS). The B4450 not only scales to exceed your network performance requirements, but also is designed to lower your Total Cost of Ownership, with improved port density and increased power efficiency.

BIG-IP v12 also has made significant improvements in the security functionality further securing and protecting all points in the network in real-time and on a dynamic basis.

  • Extended DDoS Detection & Attack Mitigation, and the ability to shun bad actors and 'whitelist'
  • Enhanced Protocol Support, including IPSec, IKEv2, SCTP Multi-streaming and Multi-homing
  • Enhancements to the Manageability for Firewall Solutions, providing greater control on implementing and enforcing firewall policies.
  • Integration of Carrier-Grade NAT with BIG-IP Advanced Firewall Manager, enabling a simpler user interface to easily configure NAT and Firewall policies.
  • SIP Protocol ALG for IPv6 VoLTE deployments
  • Port Misuse Detection and Mitigation, by systematically controlling unknown traffic and reducing the attack surface with protection against port misuse

Hyper-scale DNS for Fast Service Selection, Optimized Availability, and Mitigated DNS DDoS Attacks

BIG-IP DNS secures service providers' DNS infrastructure through high performance DNS services and ensures high availability of network services and applications by mitigating high volume increases in DNS DDoS attacks. DNS also ensures service providers deliver a high subscriber quality of experience by delivering content and services to subscribers while ensuring high availability and fast response times.

BIG-IP v12 offers significant improvements within DNS ensuring increasingly fast connections and responses and preventing DDoS attacks.

  • Efficient service selection for subscribers with automatic service availability using GSLB intelligence by incorporating NAPTR and SRV records to monitor and ensure availability of Packet Gateways (PGW)
  • Enhanced subscriber quality of experience (QoE) by reducing DNS latency and intervals with hyperscale DNS cached responses in hardware and absorbing DNS DDoS attacks.
  • Strengthened security posture to reduce service outages with improvements of DNS request validation by 7x of previous versions. DNS can also support legitimate traffic by dropping unsolicited responses and blocking invalid queries.

Monetize New Services and Reduce Service Provider Network Congestion with BIG-IP Policy Enforcement Manager (PEM)

Service Providers look for innovative ways to deliver customized services with best-in-class subscriber experience, while also optimizing network utilization and managing network congestion. BIG-IP PEM delivers insight in the network to understand subscriber behavior and manage network traffic with a wide range of policy enforcement capabilities. BIG-IP v12 introduces added functionality to monetize and optimize networks, helping organizations:

  • Support Traffic Detection Functions (TDF) with Sd interface support, based on 3GPP Release 11, opening new opportunities to interoperate with PCRF solutions in the market.
  • Monitor and detect network congestion, for example in the RAN, with subscriber and network polices such as blocking, throttling, and redirecting traffic that will improve network efficiency and reduce CapEx and OpEx.
  • Tether detection and policy enforcement for tethered subscribers to give service providers the ability to implement new rate plans or upsell existing subscriber rate plans to generate new revenues and improve subscriber QoE.
  • Insert content into HTTP payload, allowing the ability to provide ads, quota notifications, and toolbar insertion, leading to increased revenue and improved subscriber QoE.

For more information on accessing the latest v12.1 release notes and product guide, please visit: https://support.f5.com/kb/en-us/products/

Additional product information for F5's Service Provider solutions can be found here.