There is nothing more frustrating than video lag—and with so many businesses shifting to a virtual workplace, we are more reliant on video than ever. Consumer and business customers have high expectations for their networks. They want streaming video without the lag, always-available connectivity, and more. 5G Edge deployments are a critical opportunity for service providers who hope to bring applications and content closer to the end user. These deployments allow significant improvements in performance—including improved performance for video applications—but they carry their own security risks. One key service provider hopes to achieve critical hardware security performance at the edge of their 5G network using F5’s new compact hardware, VELOS.
Globally, service providers are investing heavily in 5G networks as they try to win the battle for both consumer and business markets. Increased throughput and reduced latency are the key drivers for the network edge, particularly for video applications that are straining today’s networks. Service providers also need to develop new consumption models and revenue-generating services to stay competitive.
Supported by F5, a major service provider is building out its network to support 5G service offerings that include virtual reality viewing at sporting events, 5G-enabled autonomous and remotely operated machines, interactive retail displays, and ubiquitous sensors for IoT data collection. This expansion is happening in parallel with an expedited transition to 5G architectures. To make this transition work, they need a hugely flexible, secure, highly distributed, high-performance solution.
Innovative software and hardware both play a role in this service provider’s solution. While digital transformation places emphasis on virtualization (such as VNFs and CNFs), hardware can make the difference in a service provider’s ability to offer differentiated, high-performance services. With its ability to perform in both the data center/core and the edge and far edge, VELOS can play a key role in hardware-driven improvements to service delivery.
VELOS is a Kubernetes-based platform that bridges the gap between traditional and modern architecture. VELOS combines the benefits of software with the benefits of hardware and supports both BIG-IP and microservice-based BIG-IP software. Streamlined software upgrades make it easy to keep VELOS up-to-date and secure. Deployment on VELOS is fully automated, making it faster and easier to deploy and configure F5 application services via simple, powerful declarative interfaces, reducing deployment time from weeks to minutes.
Figure 1: 5G edge infrastructure enablement combines VNFs and app delivery in the distributed telco cloud
This service provider is using VELOS to provide a security solution that protects the network from core to edge and can scale flexibly throughout the transition to 5G. Scaling to ensure high-performance security for the 5G forwarding plane requires the use of high-performance hardware. This is especially true for firewall and distributed denial-of-service (DDoS) mitigation functionality that protects infrastructure from threats. This service provider expressed interest in VELOS in part because of how the hardware is optimized for scalable security. VELOS uses field programmable gate array (FPGA) technology to provide hardware accelerated prioritized flow processing, which reduces latency and CPU usage. Prioritized flow processing offloads simple processing, reserving CPU for more compute-intensive flows such as L7 functionality. Prioritized flow processing is software-configured and significantly reduces CPU usage, adding to overall efficiencies and performance enhancements and further enhancing scalability.
VELOS also enhances security with DDoS mitigation. 5G-ready DDoS mitigation is enabled in an always-on (in-line) configuration, allowing better performance than a traffic-redirect solution. This minimizes the time between when an attack is detected, when mitigation starts, and when the attacks are fully mitigated. Hardware accelerated features include hardware assisted mitigation of DDoS vectors, such as device denylist, device vector bad actor (greylist), device flood vector, per endpoint DoS protection, and wildcard VS SYN cookie protection. These features reduce downtime and ensure that the network is always available.
Given its placement in the Edge and Far Edge, a small footprint was required. VELOS is only 4 RU (rack units high) yet provides powerful throughput of 760 Gbps (L4 and L7), with a fully non-blocking backplane.
For this service provider, F5’s VELOS hardware provides a solution that enables the specific security functionality required for an edge-based device. High-performance hardware is required for network infrastructure protection—in particular, firewall and DDoS functionality. By taking advantage of the scalable security functionality built into VELOS, this service provider will be able to move content closer to the edge, giving customers the secure, reliable, quality performance they demand.