Service Providers and F5's New VIPRION B4450

Jay Kelley 축소판
Jay Kelley
Published February 22, 2016

Service providers today are swamped.

The connectivity demands of multitudes of personal and business mobile devices are inundating them. According to IDC, more than 2 billion people are expected to access the Internet from mobile devices in 2016.

And, it’s only going to increase. The connectivity demands on service providers are expected to grow exponentially with the rise of the Internet of Things (IoT), as the number of connected devices in homes and businesses of all types continues to explode. According to a Business Insider report, 34 billion devices will be connected by 2020, and 24 billion of those devices will be IoT devices. And, let’s not forget connected autos…per IDC, the hottest U.S. IoT market in 2015 was connected vehicles (34.8% year-over-year growth was expected). With the Internet of Things bringing with it an avalanche of connected devices, service providers will very likely need to support hundreds of millions of concurrent connections. Plus, service providers are—and will continue to be—besieged by the almost non-stop growth of signaling traffic.

Network Migrations & Security

And, that’s not even beginning to consider service provider migration from 4G to 5G networks. Migrating from a 4G to 5G network requires a level of dynamic network extensibility and scalability that is currently unseen. The need to address increased integration of virtualization, to efficiently tackle software defined networking (SDN), and to better enable operationalization of network functions virtualization (NFV) is vital for service providers when moving to a 5G network. Not to mention the number of intensive consumer and enterprise applications that will require significant enhancements in throughput and connectivity, such as ultra-high definition (UHD) video, augmented reality, self-driving vehicles, assisted driver services, complex Internet apps, and so on.

But wait – there’s more! Service providers continue to be overwhelmed by the sheer volume, tenacity, and sophistication of breaches and attacks. According to a study by Ponemon Institute for IBM, there are 1.5 million cyber attacks annually. The need for dynamic, pervasive, and even prescient security against a near-constant onslaught of attempted (and very often successful) breaches and attacks against service provider networks, applications, data, and subscribers only continues to grow.

Where F5's New Offering Fits In 

Enter the purpose-built, NEBS-compliant VIPRION 4450 blade from F5. This performance blade supports over 1 billion concurrent connections when deployed in an F5 8-blade VIPRION 4800 chassis. That’s more than enough scale to effectively address IoT connectivity today, and into the future. The VIPRION B4450 blade, which runs in the F5 VIPRION 4480 4-blade chassis or the VIPRION 4800 8-blade chassis, supports up to 16 100GbE and 48 40GbE ports, vastly increasing application delivery, access, and security efficiency, throughput and performance.

The VIPRION B4450 is the first ADC to provide 100Gb ports in the QSFP28 form factor, which delivers the smallest footprint and lowest power consumption of any 100Gb form factors. It delivers significant performance improvements for 2K keys with SSL and elliptical curve cryptography (ECC), enhancing perfect forward secrecy (PFS) capabilities. It also delivers 1.2 million transactions per second (TPS) when deployed in a VIPRION 4800 chassis, quadrupling the TPS of previous F5 chassis and blade combinations, such as the VIPRION 4300 blade and chassis.

With service providers exploring their options on the best way to address migration from 4G networks to 5G networks, with its exponential expansion of capacity, the need for network scalability and extensibility to address dynamic growth is crucial. The level of scalability available with the VIPRION B4450 blade and 4800 chassis—along with its superior connection setup rate of 20 million connections per second (CPS), when combined with BIG-IP Local Traffic Manager (LTM)—helps to ease service provider migrations from 4G to 5G networks. And, the VIPRION B4450 blade’s ability to support over 1 billion concurrent connections addresses the need for 5G networks to handle 100x connected devices.

While security remains top of mind for service providers, one of the most basic, yet effective network attacks is a distributed denial of service (DDoS). A volumetric DDoS attack is designed to overwhelm a network’s capacity, especially its ability to handle connections per second (CPS). Another form of DDoS attack leverages scores of legitimate connections to flood and overload the memory of stateful defensive devices, forcing them to reject legitimate connections. The F5 VIPRION 4450 blade—in concert with its custom FPGA logic and the full-proxy approach of BIG-IP Advanced Firewall Manager (AFM), F5’s high-performance, stateful, full-proxy firewall that defends service provider networks against network-layer DDoS attacks—can quickly ramp up to distinguish between malicious and legitimate connections, then absorb or discard malicious connections before they consume network resources.

Through its support for over 1 billion concurrent connections, the VIPRION B4450 blade, with the VIPRION 4480 and 4800 chassis, helps address escalating service provider subscriber and data use, and drive the growth of firewalls in a service provider’s SGi-LAN. Combined with BIG-IP AFM, the F5 VIPRION B4450 blade and 4480 or 4800 chassis assure service providers that their network, data, and subscribers are truly safe and sound.

With four times the layer 7 throughput as other F5 blades, and delivering greater than 1 Tbps L4/L7 throughput, the VIPRION 4450 blade supplies the performance necessary to effectively mitigate as well as provide an early warning of application attack vectors and very effectively defends against most multi-pronged, simultaneous vectors. And, when combined with BIG-IP Application Security Manager (ASM), F5’s agile, scalable web application firewall (WAF), the F5 VIPRION B4450 blade can mitigate and defend against nearly every L7 attack coming its way.

With the power and scale of the VIPRION B4450 blade, in conjunction with the VIPRION 4480 and 4800 chassis, organizations won’t need to overprovision, thereby requiring fewer devices to manage. User scale can be addressed on-the-fly without requiring additional devices or forklift moves. As the cost-to-connection ratio plummets, the TCO of the VIPRION B4450 decreases, too. The technology designed into the purpose-built VIPRION B4450 blade reduces costs, removes complexity, improves port density, and increases power efficiency.

The Takeaway

The need of service providers to support multi-millions of concurrent connections is driven by the increasing power of smart devices, an ever-growing number of apps per device, and the massive scale of IoT. To address these challenges and burgeoning opportunities, service providers need a solution with the highest capacity, throughput, and performance. Dynamic, unparalleled scale is imperative. But, so is extensibility and the ability to innovate and grow technologically to address lightning fast changes without requiring costly modifications or swap outs.

In short, to maximize the value and efficiency of, and to future-proof their networks, service providers need the F5 VIPRION B4450 blade.