Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Equinix powers the world’s digital leaders, and F5 Silverline gives those same organizations the comfort of knowing their applications and digital assets are safe and secure from a wide variety of attacks and threats. Users benefit from better connectivity, greater flexibility, reduced administrative overhead and costs, and above all else security and protection for their entire digital presence—applications, data, and connectivity.
F5 Silverline is a cloud-based managed security services platform that is best known for its ability to defend against large volumetric DDoS attacks, web exploits and automated attacks. It includes the following capabilities:
With our customers’ varying needs and their widespread locations, F5 Silverline leverages the global presence of the Equinix PlatformTM to ensure business continuity for our customers. The components and tools that make up these services must reside somewhere with excellent connectivity and a truly global footprint, which Equinix provides.
For ingress traffic into the Silverline Service, we offer both a Routed mode and a Proxy mode operating topology. As detailed in a previous article, Proxy mode leverages DNS and GSLB to ensure traffic is directed to the optimal Silverline PoP. For Routed mode customers, we leverage a combination of IP Anycast address and BGP route advertisements.
To ensure maximum availability and bandwidth to mitigate attacks, F5 leverages three Tier-1 Carriers to ingress the traffic to scrubbing centers around the globe. After the traffic has been cleaned via the F5 Silverline service, we leverage five Tier-1 Carriers to egress traffic back to the customers’ data centers. More carriers are used for egress traffic in order to provide maximum flexibility and performance back to customer sites, no matter where their apps and infrastructure are hosted.
Often, a Generic Routing Encapsulation (GRE) tunnel establishes a route between F5 Silverline and the customer’s data center. Once traffic has been scrubbed, it is routed into the GRE tunnel and back to the data center over the Internet. The advantage of this method is that attackers cannot attack your network since all traffic must come through F5 Silverline for inspection.
Unfortunately, there are several documented challenges with GRE tunnels, including bandwidth constraints of GRE and MTU sizes and MTU Path Discovery. Accordingly, many F5 Silverline customers seek alternatives to GRE tunnels to return their cleaned traffic, the most scalable and cost effective being Equinix Fabric. Using Equinix Fabric software-defined interconnection, F5 Silverline offers direct and secure, private connectivity to F5 Silverline.
The last few years have seen a steady rise in the amount of traffic flowing through F5 Silverline to the big-three public cloud providers: AWS, Microsoft Azure, and Google Cloud Platform. To meet this demand, F5 relies on Equinix, through their public peering ring (part of the Equinix Fabric), to enhance connectivity to the public cloud. This simple, scalable, high-performance service from Equinix even provides F5 direct contact with the cloud providers for resolving support issues.
As we scale our connected links, we also increase routing options and complexity for the return of clean traffic to customers. Thus, there is a need to implement additional monitoring and performance optimization services in each of our locations. For example, for route optimization F5 Silverline leverages an intelligent routing platform that provides continuous monitoring of routing links, for availability, performance, latency, and packet loss. Each of our PoPs operates its own instance of the solution to help detect and bypass congestion or outages. The traffic to each of our customers’ protected endpoints is constantly tracked to ensure it is routed via the optimum route on every occasion, thereby ensuring we help deliver the optimal digital experience for your users.
For a service like F5 Silverline, hardware appliances and infrastructure within each of our scrubbing centers is a major differentiator. In 2020, we experienced some constraints on rack space as our service offerings and customer base grew. With new technologies in the growing F5 portfolio, we also needed to find room for both NGINX and Shape infrastructure—both of which bolster the F5 Silverline services. This led to a wave of physical expansion within each of the Equinix hosted scrubbing centers.
F5 Silverline is in broad use across Fortune 500 companies, and a few examples of real-world attacks mitigated by the Silverline Security Operations Center (SOC) are featured on the DevCentral YouTube channel.
For more information regarding any of the F5 Silverline services, please see the Silverline pages on F5.com.