Big-Ip Virtual Edition: Datasheet
Big-Ip Virtual Edition: Datasheet
Big-Ip Virtual Edition: Datasheet
2 Primary Cloud Scenarios Software-based application delivery services are critical to maintaining the
adaptable and secure application infrastructure demanded by enterprises
2 Private Cloud Using Software-
Defined Architectures undergoing digital transformation. F5 accelerates your transition to the cloud and
software-defined architectures with virtual application delivery platforms that
3 Deploy Applications in
provide an agile, flexible, and efficient way to deploy advanced application and
and Across Public Cloud
Environments security services.
4 Application Portability Across Many enterprises have or are planning to deploy applications across multiple cloud environments—
Hybrid and Multi-Cloud both public and private—making it more difficult to implement advanced, consistent and compliant
Environments
application services for every app in their portfolio. Furthermore, they are expanding beyond
5 Colocation Deployments with traditional monolithic applications and deploying more modern, dynamic application architectures
Direct Connect to Public Cloud including containers and microservices that have unique requirements.
Enterprises are migrating to private cloud/SDDCs to achieve agility, application time to market,
and to provide control to application owners and developers via a self-service portal or
catalog. A private cloud or SDDC using F5 application services is ideal for speeding application
deployments, enabling dynamic changes in the data center, and matching infrastructure services
to workloads using a per-app model. F5 products and solutions integrate with the leading private
cloud technology platforms, including OpenStack, VMware, Cisco, and Microsoft Azure Stack. F5
provides cloud solution templates and supports open source tools like Heat, Ansible, and open-
vm-tools to orchestrate and automate the deployment of app delivery and security services.
Some enterprises are moving to a two-tier architecture as part of their SDDC transformation. At
the edge of the network is the application tier that provides front-door services including L4 traffic
management, DDoS firewall, or SSL offload—for all traffic entering the network, based on overall
business and security policies. Services that deal with high-volume traffic require the highest
performance and scalability, a case where dedicated, purpose-built hardware can be more cost-
efficient than commodity servers. The per-app tier manages the application stack inside the data
center, which leverages highly scalable, flexible software to deliver advanced application and
security services on a per-application basis. This two-tier hybrid data center model (see Figure 1)
offers the best of both worlds: hardware where it’s needed and software agility close to the app.
BIG-IP
VE
BIG-IQ
Per-App VE App N
One Commercial Server
Orchestration BIG-IQ
and Automation Centralized
Management
Per-App Dashboard,
Reporting, and Licence
Management
Deploying applications in the leading public clouds gives you the flexibility and scalability you
want, without the investment and capital costs associated with building out additional private
data centers. Using F5 application and security services delivered by BIG-IP VEs provides the
following benefits:
• Repeatable architectures across cloud environments—as you expand and adopt new
clouds, reuse the same secure, validated, and compliant architecture to accelerate multi-
cloud adoption and simplify operations.
• Deep integration with public cloud providers—dynamically scale out app services through
integration with AWS Auto Scaling, or easily apply advanced application security with an out-of-
the-box, pre-configured web application firewall (WAF) solution in the Azure Security Center.
• Flexible licensing models— consume with a licensing model supportive of your business
requirements, whether that’s as a subscription, enterprise licensing agreement (ELA), pay-
as-you-go, or on a perpetual-basis.
CLOUD
Figure 2: BIG-IP VE's deployed within an
autoscaling architecture—either within or AUTOSCALE GROUP
BIG-IP
VE
BIG-IP
VE
Despite the many benefits of public cloud deployments, enterprises often avoid moving
all applications or data to the public cloud due to perceived loss of control, risk, regulatory
compliance, and lack of support for legacy application design. As a result, many elect to operate
within a hybrid cloud or hybrid multi-cloud model whereby part of their operations run in the
public cloud(s) while components unable to move to the cloud or that require advanced security
and compliance monitoring remain on-premises. In some scenarios, applications operate across
environments to increase redundancy or to allow greater scale-out capacity when needed. F5
increases the portability of these apps while reducing management overhead by providing a set
of standardized application services that can be reused wherever an app is currently running, or
wherever it’s redeployed to. In Figure 3, internet-facing front-end applications are deployed in the
public cloud while mission-critical workloads with greater security and compliance requirements
run on-premises. A direct connection links the two environments to reduce latency.
VPN
BIG-IP
VE
Direct
Connect
COMPUTE
FRONT END
Many enterprises operate their application portfolio in a hybrid cloud model similar to that shown
in Figure 3. But, for some, there may be an associated latency increase caused by large distances
between their data center and cloud edge locations. For these organizations, the best option is to
deploy on-premises apps within a colocation facility and use direct connections to connect both
ends of their hybrid architecture. F5 BIG-IP VE can also be deployed in these colocation facilities
and used to provide application service insertion for both apps deployed in the colocation and
those running in the public cloud. As a result, consistent app services can be implemented for
apps running in different cloud environments.
AWS AZURE
Internet
VMWARE DATA CENTER AZURE STACK DATA CENTER INTERCONNECT PROVIDER DEVICES
Local and Global Delivery + Local and Global Delivery + App Delivery Services +
Network Security Network Security SSL + Access +
App Security Services
BIG-IP BIG-IP
VE VE BIG-IP
VE
Figure 4: Consistent application services across public cloud, private cloud, data center, and colocation facilities.
The BIG-IP Virtual Edition is the most scalable, high performing virtual ADC available, capable of
supporting 100Gbps NICs within a single instance, meaning you don’t have to choose between
agility and high performance—you can have both. Below are a few examples of how BIG-IP Virtual
Edition has been augmented to provide even greater performance.
• High Performance VEs—these VE instances aren’t limited by a throughput cap, but are
instead licensed by the number of vCPU cores that can be allocated. That lets you optimize
the underlying host hardware and achieve 85Gbps+ of L4 throughput.
• SR-IOV and Advanced Network Interface Card (NIC) support—BIG-IP VE’s driver is
optimized to interact directly with underlying NIC’s using Single Root I/O Virtualization (SR-
IOV), significantly improving throughput performance and reducing latency. SR-IOV can be
enabled in AWS using AWS ENA, in Azure with Azure Accelerated Networking, and in private
cloud environments with select Intel, Mellanox, Broadcom, and Emulex NIC’s.
F5 Container Ingress Services (CIS) is a container integration solution that helps developers and
system’s teams manage front-door ingress control and advanced application delivery and security
services for container and Platform as a Service (PaaS) deployments. CIS integrate BIG-IP VE
with native container environments and orchestration systems, including Kubernetes and RedHat
OpenShift. That integration enablers dynamic Ingress HTTP routing, load balancing, and security
for containers as they’re spun up.
CIS
REST API
• Telemetry streaming for aggregating, normalizing, and forwarding app stats and events
to third-party analytics tools
• F5 iRules Scripting that provides granular traffic control and visibility, enabling
customization, rapid response to errors in application code and security vulnerabilities,
and support for new protocols.
Visit F5’s GitHub repository for additional information on the F5 Automation Toolchain, Cloud
Solution Templates, and other open-source extensions and integrations.
• Ensure consistent security and traffic management policies across your infrastructure.
• Create, provision, and deploy new BIG-IP VE devices and app services.
• Align to modern development practices and CI/CD workflows through Automation Toolchain.
• Assign and manage machine identities and certificates via Venafi integrations.
BIG-IQ’s VE license management lets you automate large-scale virtual ADC deployments,
including per-app VEs, in supported clouds with an F5 subscription or ELA licensing. With BIG-IQ
Centralized Management, you can spin up and provision individual VE licenses from a single
license pool on demand. When resource requirements decrease, you can spin down the VE
and return it to the license pool for future use.
THROUGHPUT LICENSED VE
Note: BIG-IP APM specifications are maintained within this support.f5.com article.
* Maximum performance specs are based on ideal lab testing conditions with maximum supported vCPUs and may vary due to customer or cloud provider
environmental conditions, type of hypervisor used, and capacity of host server hardware. Please refer to SOL14810 on askf5.com for specific license and
performance details that may impact your performance.
** 10 Gbps throughput requires use of NICs that support SR-IOV.
*** Based on ECDHE_ECDSA_AES256_GCM_SHA384 cipher string, running BIG-IP TMOS v12.1.
Note: BIG-IP APM specifications are maintained within this support.f5.com article.
F5 offers the most flexible deployment options in the industry, with support across all major
virtualization platforms.
Microsoft Hyper-V ● ● ● ● ●
* Maximum performance specs are based on ideal lab testing conditions, optimized host and guest settings, maximum supported vCPUs, SR-IOV capable
NICs, and may vary due to customer or cloud provider environmental conditions, type of hypervisor used, and capacity of host server hardware and NICs.
Please refer to SOL14810 on askf5.com for specific license and performance details that may impact your performance.
** 85 Gbps throughput achieved using Mellanox CX-5 100G NIC configured for SR-IOV using KVM CentOS 7.5.
F5 offers support for leading public cloud providers including Amazon Web Services, Microsoft
Azure, Google Cloud Platform, and IBM Cloud.
Amazon IC Marketplace ● ● ●
* 10Gbps & HPVE throughput limit applies to non-Internet facing IP traffic only—due to cloud platform ingress throughput limitations.
** Includes VMware on AWS.
*** Achievable using AWS ENA NIC with Gen5 EC2 instances (multi—NIC interfaces and v14.1.x and higher)
**** Achievable using Azure Accelerated Networking (multi-NIC interfaces and v15.0 and higher)
† BYOL only
†† Utility (PAYG) billing only
Please refer to this support matrix on askf5.com to learn more about support for BIG-IP VE in the
cloud. You can also leverage the BIG-IP Image Generator Tool to create custom VE images for
specific TMOS releases or hot-fixes that may not be available in cloud marketplaces.
BIG-IP Virtual Editions are available in a range of licensing models to suit your individual business
and budget and budgeting requirements, including:
The Good, Better, Best bundle offerings from F5 provide you with the best value through flexibility
to provision additional advanced application traffic management and security modules as needed.
For teams with app delivery and security concerns, F5 BIG-IP Cloud Edition is a great option.
It was designed to enable app teams with self-serve app services in public and private cloud
environments. BIG-IP Cloud Edition delivers dedicated, right-sized, and secure F5 application
services with per-app manageability and analytics at every stage of the application lifecycle—
from initial development to production deployment.
And it does it through the same scalable, secure, and customizable services provided by
traditional F5 VEs—at a price and with a license model (limited to one Virtual IP and three Virtual
Servers) appropriate for supporting individual applications—a more flexible and agile way to
ensure your apps are always available and performing optimally.
F5 GLOBAL SERVICES
Demands on you and your teams are high. You have to balance implementing business solutions
rapidly while maintaining a very high level of solution availability. Accordingly, F5 Global Services
and its partners offer world-class consulting, support, and training to help you get the most from
your F5 investment. Whether it’s providing fast answers to questions, training internal teams, or
handling entire implementations from design to deployment, F5 Global Services and its partners
can help ensure that your applications scale and are always secure, fast, and available. For more
information about F5 Global Services, contact consulting@f5.com or visit f5.com/support.
MORE INFORMATION
To learn more about the BIG-IP family of products, visit f5.com to find these
and other resources:
White papers
Migrating Tier 1 Application Workloads to AWS with F5
How to Add F5 Application Delivery Services to OpenStack
The BIG-IP Platform and Microsoft Azure: Application Services in the Cloud
Overview
VE FIPS Solution Overview
©2020 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com.
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, expressed or implied, claimed by F5.
DC0620 | DS-CLOUD-493260770