CONFIDENTIAL

Protocol NormalizationRedHat / F5 NFV

October 24, 2016

John D. AllenSr. Solution ArchitectF5 Networks

Network Nastiness

© F5 Networks, Inc 3CONFIDENTIAL

What is ‘Network Nastiness’??

• Examples:• SSL, Encryption, Compression…• Protocol Translation, Protocol Normalization…• Traffic Management, Overload Protection…• Caching: DNS Queries, Images, HTML Templates….

“Aspects of Data Traffic that have to be dealt with by Application or VAS nodes in order to function correctly, but required additional hardware/network resources, or code libraries in order to process those aspects, that really have nothing to do with said Application or VAS.”

© F5 Networks, Inc 4CONFIDENTIAL

Old-style ‘S/Gi’ Application Architecture

EPC VAS 1 VAS 2 VAS n Internet

• Value Added Services are chained together to intercept all the traffic heading out to the Internet.• Even though they aren’t going to do anything with all the traffic.• Video Optimization just needs video traffic.• Parental Controls just needs family traffic.• Etc.

© F5 Networks, Inc 5CONFIDENTIAL

‘S/Gi’ Traffic when using F5 to deal with Network Nastiness

EPC

VAS 1 VAS 2 VAS n

Internet

• F5 BIG-IP steers only the traffic needed by the VAS to it.

• Traffic doesn’t take unnecessary passes through nodes that don’t do anything with them.

• VAS nodes only need to be sized for just their traffic, not the entire S/Gi stream.

#12: Protocol Normalization

© F5 Networks, Inc 7CONFIDENTIAL

Protocol Normalization• Sometimes Vendor 1 doesn’t speak the same way that Vendor 2 does

• Even though they profess to be using the ‘Standard’

Protocol Variation 1 Protocol Variation 2

Not My Fault Not My Fault

Vendor 1 Vendor 2

HSS

SBC

MME

GGSN/PGW

OCS

HSS

SBC

MME

OCS

GGSN/PGW

Back to Use Cases

© F5 Networks, Inc 8CONFIDENTIAL

Protocol Normalization• Correcting network payloads for proper protocol standards adherence.

• SIP, DIAMETER, RADIUS, HTTP, DNS, SOAP/XML, REST, MQTT, AQMP, CoAP …• Ensuring data is within “normal” value ranges.

• One of your IoT sensors says its 3000 degrees….think that will skew the Analytics?• A Point of Control for your Solution

• Fix bad packets• Kick out invalid packets• Overload protection• DDoS protection• Maintain Uptime• Test Packet injection point

OpenStack Support

© F5 Networks, Inc 10CONFIDENTIAL

https://github.org/F5Networks

© F5 Networks, Inc 11CONFIDENTIAL

© F5 Networks, Inc 12CONFIDENTIAL

LBaaS Versions

LBaaSv1

• Stable Havana – Kilo, deprecated in Liberty

• Pool Based

• Basic Load Balancing: HTTP, HTTPS, TCP

• Not industry standard terminology/model

LBaaSv2

• Stable in Liberty

• Load Balancer Based

• TLS Termination

• Pool Sharing

• L7 Services

LBaaSv1 is focused on a pool based model, LBaaSv2 is centered around a load balancer object.

LISTENER 1

POOL

MEMBER 1 … MEMBER N

MONITOR

LISTENER N

LB

POOL

MEMBER 1 … MEMBER N

MONITOR

VIP

© F5 Networks, Inc 13CONFIDENTIAL

Heat Architecture

HORIZON DASHBOARD

HEAT ENGINE

NO

VA

CIN

DER

GLA

NCE

NEU

TRO

N

SWIF

T

TRO

VE

KEYS

TON

E

BIG

IP

PLUGIN

THIR

D-P

ARTY

PLUGIN

CONF

IGM

GMT

PUPP

ET, C

HEF,

ETC

Adapted from: https://github.com/zaneb/presentations/releases/download/heat-introduction-2013-10-24/heat-introduction.pdf

F5 and RedHat

© F5 Networks, Inc 15CONFIDENTIAL

• F5 working with OpenShift as a code contributor.• F5 BIG-IP integrates with OpenShifthttps://blog.openshift.com/under-the-hood-f5-integration-commons-briefing-21/• F5 supports OpenShift VXLAN EndPoints.

© F5 Networks, Inc 16CONFIDENTIAL

https://www.redhat.com/en/resources/cloud-app-delivery-red-hat-and-f5-networkshttps://access.redhat.com/solutions/1145933

F5 BIG-IP LBaaS Plug-in Certified for use with RedHat OpenStack Platformhttps://access.redhat.com/ecosystem/software/1446683

© F5 Networks, Inc 17CONFIDENTIAL

https://devcentral.f5.com/articles/f5s-openstack-ecosystem-and-our-red-hat-partnership-19647

© F5 Networks, Inc 19CONFIDENTIAL

References

• https://wiki.openstack.org/wiki/Neutron/LBaaS

• https://wiki.openstack.org/wiki/Heat

• http://docs.openstack.org/developer/heat/

• https://github.com/F5Networks

• https://github.com/F5Networks/f5-openstack-heat-plugins

• https://github.com/F5Networks/f5-openstack-heat

• https://github.com/F5Networks/f5-openstack-lbaasv2-plugin

• https://github.com/F5Networks/f5-openstack-lbaasv1