Written by Tim Cullen, CISSP and F5-CTS
Senior Security Architect at ADAPTURE
A few months ago, I was suddenly aware of a “disturbance in the force.” (That’s my way of saying my inbox started blowing up). It was a product announcement from F5—they had launched the F5 iSeries product. I was intrigued, and many of my clients and colleagues had questions. There was now a flurry of information to digest and try to determine the best way to disseminate. So here is what I could ascertain from the product announcement.
I have learned that there is a lot more to the F5 iSeries announcement than just a new generation of hardware. I will try to illustrate this as succinctly as possible, but there is a lot of ground to cover.
F5 iSeries Hardware
iSeries is the new generation of hardware from F5. The hardware has a new internal architecture that optimizes for speed and performance. This sounds like standard terminology and vendor boasting, I know. But wait, there’s more… (using my Billy Mays voice here).
I don’t want to get into a whole “data plane and control plane” conversation here, but as with all new hardware devices, F5 used the latest technologies in chipsets, CPU’s, NIC’s, Memory, drives and so on. However, putting in all-new and latest-generation hardware can only give marginal performance increases unless you change the software too. Putting a turbo in your car will only give you so much speed increase, but change your car’s computer to use the turbo, and you enter a whole new realm of speed.
Changing and rewriting the software enabled F5 to utilize that hardware scale to give you a blisteringly fast network device. So we have new hardware (CPU, Memory, Drives, NICs, ASICs) with software that is custom designed to take advantage of this new generation of hardware. Here is an example of the scale of difference: a low-end BIP2200 device had a L4/L7 max throughput of 5G. The new iSeries equivalent i2800 has an amazing throughput of 10G of full L4/L7 proxied connections. Now let’s go over some of those mysterious software wonderments. (You can tell I love this stuff.)
F5 iSeries Software
As with all software upgrades, more “features” means a larger footprint on the installed device. As Architects, we cringe when we hear the words, “the new version is a very different.” That’s because this typically means major changes, time spent learning and researching, and ultimately slowness after adding the 10 new cool features breaks a legacy feature or two. But I don’t feel this way about the new version of code for the iSeries devices. Taking advantage of new hardware upgrades is what F5 has been doing for years, and they do it well. (Ok, better than most…) The new software went a step further though. It moved its core processing and decisioning off of the board and into memory for faster processing. The by-product of this is more available room on the drive. This means we now have room for the new features without having to sacrifice space.
Now what are these other cool new features? Think about Cloud connectors, templated deployment options, increased SSL encrypt and decrypt processing and orchestration connectors for third party technologies using Node.js and REST. Adding these options and code integrations enable the device to not just be on-premise, but “cloud-ready” as well. You can multi-tenant or virtualize a device, not just a chassis in a 1U form factor, for even the larger Enterprise devices.
Take a BIP10250v Enterprise class device that has a 2RU, Rack Unit, footprint that has a total throughput capability of 80 Gbps at L4 and a 40 Gbps at L7. The new i10600 device touts a throughput ability of processing 160 Gbps of L4 traffic and 80 Gbps of full L7 based proxied traffic. That is just the overall throughput.
Stipulations: F5 iSeries
With version 12.x of TMOS and beyond, there are major memory requirements, as mentioned earlier. The memory and hardware offloading is used to increase performance and scalability, but all of that is based in the TMOS software and hardware architecture. The oldest currently supported devices will possibly be able to run the version 12 software sufficiently, but the version beyond 12 may not. These current devices just do not have the new hardware architecture and offload devices embedded or enough memory to run the TMOS software as efficiently as the F5 iSeries devices. The software will run on some of the current devices, but care must be taken before trying to upgrade to version 12 and beyond.
Because the new code runs many of it’s functions and calls from the RAM space, you could run into a problem processing large amounts of iRules or other custom features. Let me be clear, I am not saying version 12 will not run on the currently supported hardware. It does. I am just letting you know that there will be a point where the appliance will need to be changed to the new iSeries device to accommodate the new code base.
Please feel free to contact ADAPTURE if you have questions about developing your F5 roadmap. We’re F5 GUARDIAN partners (which means we are awesome at F5, as this is an exclusive partnership tier). I’m happy to join you for a whiteboarding session and eager to help you meet your goals.
F5 EOL Announcements in 2016
A number of BIG-IP devices have reached EOL/EOSL status, as designated by the OEM. Customers whose platforms are designated End of Life (EoL), and who are currently under maintenance contracts, will continue to receive technical support until the expiration of the service contract renewal date. But customers are encouraged to upgrade their systems before the service contract renewal date expires.