VIPRION | F5 Datasheet

VIPRION
DATASHEET
What’s Inside
2 Increase Intelligence, Not
Operating Costs
2 Simplify Your Network
2 Maximize Large-Scale
Application and Firewall
Performance
3 Achieve Ultimate Reliability
3 The Advantages of VIPRION
Technology
7 VIPRION Platforms
11 F5 Global Services
The On-Demand Application
Delivery Controller
11 More Information
Your organization’s growing infrastructure puts more pressure on the network—from
rising numbers of users to data center consolidation to the deployment of more featurerich applications. Scaling the Application Delivery Network (ADN) to meet these evolving
needs means increased operational cost and complexity. The resulting strain on resources
can limit your organization’s ability to react quickly to developing needs.
Each F5® VIPRION® platform is a single, powerful Application Delivery Controller (ADC)
with modular performance blades you can add or remove with no disruption to your
applications. Instead of adding more devices in the network and segmenting applications,
you can simply add more power to your existing infrastructure as needs arise. VIPRION
gives you the scalability you need to establish a solid and sustainable ADN growth strategy.
Key benefits
Reduce costs
Consolidate devices
Decrease OpEx and CapEx with the F5 ScaleN™
architecture, which provides the unique flexibility
to scale on demand, virtualize, and deliver
application scaling in a device cluster.
Reduce the number of servers and ADCs along
with power, space, cooling, and management
requirements.
Maximize performance
Manage and protect demanding apps with
industry-leading layer 4 and layer 7 performance
and SSL processing power.
Achieve ultimate reliability
Make the ADN always available with redundancy
at both the chassis and blade levels.
DATASHEET
VIPRION
Increase Intelligence, Not Operating Costs
As your growing infrastructure requires more processing power for layer 4 and layer 7
processing, SSL, compression, and more, you can simply add a blade to the VIPRION
chassis and it will start processing traffic automatically. Whether you’re using one blade or
four, VIPRION remains one device with fixed management costs.
Simplify Your Network
VIPRION can help you simplify your network by offloading servers and consolidating devices,
saving management costs as well as power, space, and cooling in the data center.
VIPRION 4800 Chassis
With VIPRION’s massive performance and scalability, you can reduce the number of
Application Delivery Controllers you need to deliver even the most demanding applications.
By offloading computationally intense processes, VIPRION can significantly reduce the
number of application servers needed. VIPRION includes:
• SSL hardware acceleration—Offloads costly SSL encryption. Accelerates key exchange
and bulk encryption to provide best-in-market SSL performance.
• Hardware compression—Enables you to cost effectively offload traffic compression
processing from your servers. Improves page load times and reduces bandwidth
utilization.
VIPRION 4480 Chassis
• F5 OneConnect™ connection pooling—Aggregates millions of TCP requests into
hundreds of server-side connections. Increases server capacity and ensures requests are
handled efficiently by the back-end system.
Maximize Large-Scale Application and Firewall Performance
VIPRION 2400 Chassis
With its industry-leading layer 4/7 throughput, connection processing, and SSL performance,
VIPRION can manage the most demanding applications, offload the servers, and consolidate
the Application Delivery Network. In addition, as an ICSA Labs Certified firewall solution,
F5 BIG‑IP® Advanced Firewall Manager™ (AFM) on VIPRION provides native, high-performance
network firewall services to protect public-facing websites and data center applications
from distributed, multi-layer cyber attacks.
VIPRION 2200 Chassis
VIPRION blades can be added
or removed without disruption.
For more processing power,
simply add a blade. It starts
processing traffic automatically.
In a VIPRION system with
multiple blades, you can remove
a blade and the others instantly
take over the processing load.
VIPRION high-performance and distributed denial-of-service (DDoS) protection capabilities
are enabled through field-programmable gate array (FPGA) technology tightly integrated
with the F5 traffic management operating system and software.
F5 embedded Packet Velocity® Acceleration (ePVA) FPGA delivers:
• High-performance interconnect between Ethernet ports and processors.
• L4 offload, enabling leading throughput and reduced load on software.
• Hardware-accelerated SYN flood protection.
• Hardware detection and mitigation of more than 65 types of denial-of-service (DoS) attacks.
• Native network overlay (VXLAN/NVGRE) support.
• Hardware-enabled DNS caching hyperscales responses for fast service and app delivery
(B2250).
2
• User selectable hardware profiles that enable different performance levels for targeted
workloads. Initial profile options include optimized L4 throughput on select platforms
for CGNAT or L4-centric traffic management solutions.
DATASHEET
VIPRION
Achieve Ultimate Reliability
With F5 Virtual Clustered
Multiprocessing,™ multiple
virtual BIG-IP instances can be
run on the VIPRION platform,
each with dedicated CPU/
memory resources allocated by
the user.
APP APP APP
APP APP APP
APP APP APP
APP APP APP
Device and Application Service
Clustering provides true
scale out of BIG-IP devices,
automatic configuration
syncing, and failover of specific
application workloads in an
active N+1 device cluster.
In a VIPRION system with multiple blades, you can remove a blade without disruption.
The other blades will instantly take over the processing load. You can also deploy VIPRION
in an active/standby configuration to add another level of redundancy. The chassis is
built with redundant power supplies and field swappable components. This multi-layered
redundancy significantly reduces the possibility of downtime.
The Advantages of VIPRION Technology
With VIPRION, your organization will benefit from the unique F5 ScaleN architecture and
patented hardware and software innovations that offer unmatched capabilities.
ScaleN architecture provides you with the ability to scale performance on demand, virtualize,
or horizontally cluster multiple VIPRION chassis, creating an elastic Application Delivery
Networking infrastructure that can efficiently adapt as your business needs change.
On-demand scaling improves performance
Increase resource capacity and performance with on-demand scaling, where you can
simply add more power to your existing infrastructure instead of adding more devices.
VIPRION chassis provide true linear scalability through modular blades that use F5 Clustered
Multiprocessing™ (CMP) technology. As blades are added, their CPU resources, network
interfaces, SSL, and compression processing power are all automatically available as the
configurations and policies are copied to the new blades from the master blade.
Operational scaling enables consolidation
F5 is able to virtualize (ADC) services with a multi-tenant architecture that supports a
variety of BIG-IP versions and product modules on a single device. Multi-tenant device
virtualization is provided by F5’s unique Virtual Clustered Multiprocessing (vCMP) technology,
which enables VIPRION to run multiple BIG-IP guest instances. Each BIG-IP guest
instance looks and acts like a physical BIG-IP device, with a dedicated allocation of CPU,
memory, and other resources. vCMP offers per-guest rate limiting for bandwidth and SSL,
enabling customers to achieve different performance levels for each guest.
Each vCMP guest can further be divided using multi-tenant features such as partitions and
route domains, which can isolate configuration and networks on a per-virtual-domain basis.
Within each virtual domain, organizations can further isolate and secure configuration and
policies by using a role-based access system for greater administrative control.
The ability to virtualize BIG-IP ADC services means providers and enterprise users can
isolate based on BIG-IP version, enabling departmental or project-based tenancy as well
as performance guarantees, while getting the benefits of managing a single, consolidated
application delivery platform and increased utilization of VIPRION systems.
Application scaling boosts capacity and resiliency
Increase capacity by adding BIG-IP resources through an all-active approach. With
application scaling, you can scale beyond the traditional device pair to eliminate the need
for idle and costly standby resources. Application scaling achieves this through two forms of
horizontal clustering: Application Service Clustering, which focuses on application scalability
and high availability, and Device Service Clustering, designed to efficiently and seamlessly
scale BIG-IP application delivery services.
3
DATASHEET
VIPRION
Application Service Clustering delivers load-aware, application-level failover and
comprehensive connection mirroring for a highly available cluster of up to eight
heterogeneous devices. Workloads can be moved across a cluster of devices or virtual
instances without interrupting other services and can be scaled to meet the business
demand.
Device Service Clustering can synchronize full device configurations in an all-active
deployment model, enabling consistent policy deployment and enforcement across
devices up to 32 active nodes. This ensures a consistent device configuration that
simplifies operations.
vCMP
VIPRION 4800 Chassis
Operational Scaling
+ Multi-Tenant Virtualization
VIPRION Platform
On-Demand
Scaling
VIPRION Platform
VIPRON 4480 Chassis
(fan tray)
Application Scaling
The ScaleN architecture provides the ultimate flexibility to scale on demand, virtualize, and deliver
application scaling through device clusters.
CPUs
VIPRION 4480 Chassis
(power supplies)
CPUs
ePVA High Speed Bridge
Client
ePVA
Switch Fabric
Disaggregator
Switch Fabric
Disaggregator
Switch Fabric
Disaggregator
Switch Fabric
CPUs
The VIPRION chassis has
field-replaceable parts and
redundant power supplies,
significantly reducing the
possibility of downtime.
CPUs
Disaggregator
ePVA High Speed Bridge
VIPRION 2200 Chassis
(power supplies)
CPUs
High Speed Bridge
CPUs
High Speed Bridge
CPUs
Servers
ePVA
CPUs
VIPRION 4480 with four 4300 blades: The VIPRION 4300 blade has 12 processor cores (a total of 24
hyperthreaded logical processing cores), and the VIPRION 4480 chassis can support four blades.
The VIPRION 4800 chassis can support eight 4300 blades.
4
DATASHEET
VIPRION
CPUs
CPUs
High Speed Bridge
ePVA
Disaggregator
Client
Switch Fabric
Disaggregator
ePVA
Switch Fabric
High Speed Bridge
High Speed Bridge
ePVA
Disaggregator
Switch Fabric
Disaggregator
Disaggregator
Switch Fabric
Switch
Fabric
High Speed Bridge
High
Bridge
CPUs
Servers
ePVA
ePVA
CPUs
CPUs
VIPRION 2400 with four 2250 blades: The VIPRION 2150 blade has four processor cores (a total of
eight hyperthreaded logical processing cores), and the 2250 blade has 10 processor cores (a total of
20 hyperthreaded logical processing cores). The VIPRION 2400 chassis can support up to four 2150
or 2250 blades. The VIPRION 2200 chassis can support two 2150 or 2250 blades.
Note: Only the same type of supported blades are enabled for traffic processing in each chassis.
Virtualized processing fabric shares the load across blades
Using custom disaggregation, high-speed bridge FPGAs, and advanced Clustered
Multiprocessing (CMP) design, VIPRION shares the processing load not just within a
blade, but across the entire chassis.
The physical interfaces are fully meshed. Any port on any blade can be used for any
application, so the system can be wired for redundancy and simplicity.
Clustered management cuts administration time
Spend less time managing your Application Delivery Network. To administrators, the
VIPRION unit looks like a single ADC. One blade is automatically selected as the primary,
and all settings and controls are mirrored to the other blades. When a new blade is plugged
in, it will install the firmware version from the primary blade, copy all of its settings, and begin
processing traffic within minutes.
SuperVIP simplifies the network
Rather than requiring that a single, demanding application be segmented, VIPRION uses
F5 SuperVIP®. This is a virtual IP that can span multiple blades within the VIPRION system.
A demanding application will use SuperVIP to harness the processing power of all the
blades in the system.
TMOS delivers performance and flexibility
At the heart of VIPRION is the F5 unique operating system called TMOS® that provides a
unified system for optimal application delivery, giving you total vision, flexibility, and control
across all services. TMOS® empowers VIPRION to intelligently adapt to the diverse and
evolving requirements of applications and networks.
5
DATASHEET
VIPRION
Hardware DDoS approach mitigates attacks
F5 uses a collaborative software SYN cache and hardware SYN cookie approach to
protect against large-scale SYN flood DDoS attacks. Using the embedded Packet Velocity
Acceleration (ePVA) FPGA, select VIPRION platforms provide significantly higher performance
(up to 640 million SYN cookies per second) over a pure software implementation.
When a SYN flood is detected, the ePVA turns on the F5 SYN Check™ feature to prevent
invalid sessions from getting to the servers or exhausting blade resources. SYN Check
is unique in that it can be applied on a per-virtual-IP/application basis, meaning if one
application is under attack, the others are not affected. F5 is the only ADC that implements
hardware-based SYN cookies in L4 and full-proxy L7 mode.
6
7
DATASHEET
VIPRION
VIPRION Platforms
Each VIPRION system consists of a chassis and one to eight blades.
Specifications
Dimensions:
Weight:
Power Supply:
VIPRION 4800 Chassis
VIPRION 4480 Chassis
27.8” (70.6 cm) H x 17.4” (44.2 cm) W x 21.25” (54.0 cm) D
12.2” (30.9 cm) H x 17.4” (44.2 cm) W x 21” (53.3 cm) D
16U industry standard rack-mount chassis
7U industry standard rack-mount chassis
126 lbs. (57.2 kg)
87 lbs. (39.5 kg)
(2 power supplies, 2 fan trays, 8 blanks)
(4 power supplies, 1 fan tray, 3 blanks)
One to four 200 VAC to 240 VAC (2600W) auto ranging
(80+ Gold Efficiency) (2 power supplies included)
One to four 90 VAC (1200W) to 240 VAC (2000W)
auto ranging
18A per input (max)
20A per input line (max)
DC power (option)
DC power (option)
One to four 2600W -44 to -72 VDC
One to four 1200W -36 to -72 VDC
80A per input maximum per supply
10 to 40A maximum per supply
Note: Please refer to the Platform Guide: VIPRION 4800
on askf5.com for the latest specific AC power ratings.
Note: Please refer to the Platform Guide: VIPRION 4400
on askf5.com for the latest specific AC power ratings.
Operating Temperature:
32° to 104° F (0° to 40° C)
32° to 104° F (0° to 40° C)
Relative Humidity:
5 to 85% at 104° F (40° C)
5 to 85% at 104° F (40° C)
Safety Agency Approval:
UL 60950 (UL1950-3)
UL 60950 (UL1950-3)
CSA-C22.2 No. 60950-00
CSA-C22.2 No. 60950-00
(bi-national standard with UL 60950)
(bi-national standard with UL 60950)
CB test certification to IEC 950 EN 60950
CB test certification to IEC 950 EN 60950
EN55022 1998 Class A
Certifications/Susceptibility
Standards
EN55024 1998 Class A
FCC Part 15B Class A
VCCI Class A
EN55022 1998 Class A
EN55024 1998 Class A
FCC Part 15B Class A
VCCI Class A
NEBS Certified
8
DATASHEET
VIPRION
Specifications
VIPRION 4340N/4300 Blade
2M L7 requests per second (B4340N)
2.5M L7 requests per second (B4300)
1.1M L4 connections per second (B4340N)
1.4M L4 connections per second (B4300)
14M L4 HTTP requests per second
36M max L4 concurrent connections (B4300)
72M max L4 concurrent connections (B4340N)
Intelligent Traffic Processing:
80 Gbps L4, 40 Gbps L7
1.2 Gbps included compression
20 Gbps max hardware compression
Included SSL TPS: 12,000/blade
Max SSL TPS: 30,000 (2K keys)
Bulk crypto: 20 Gbps
Note: Compression and SSL resources are allocated
evenly across the number of vCMP guests set up.
Hardware DDoS Protection:
Hardware SYN cookies: 80M SYN cookies per second
Software Architecture:
64-bit TMOS
Virtualization (Max Number of
vCMP Guests):
24 in a 4480 chassis, 48 in a 4800 chassis (6 per blade)
Processors:
2 Intel hex (6) core processors (total 24 hyperthreaded
logical processor cores)
Memory:
Hard Drive Capacity:
96 GB (4340N)
48 GB (4300)
600 GB hard drive
One 10/100/1,000 Mbps Ethernet management port
Network Interfaces:
Eight 1,000 Mbps/10 Gigabit ports (SFP+)
(2 ea. 10GBASE-SR – 850nm transceivers included)
(Optional 1G SFP fiber SX or LX or copper RJ45 transceivers,
10G SFP+ SR or LR, 10G copper direct attach)
Two 40 Gigabit (or eight 10 Gigabit) fiber ports (QSFP+)
(QSFP+ 40GBASE-SR4 100m transceivers sold separately)
(QSFP+ optical breakout cable assemblies available to
convert to 10 Gigabit ports)
Note: Only optics provided by F5 are supported.
Power Consumption and
Heat Output:
Note: Please refer to the Platform Guide: VIPRION 4800
or the Platform Guide: VIPRION 4400 on askf5.com for
the latest specific blade power ratings.
Weight:
18.5 lbs. (8.39 kg)
9
DATASHEET
VIPRION
Specifications
Dimensions:
Weight:
Power Supply:
VIPRION 2400 Chassis
VIPRION 2200 Chassis
6.89” (17.5 cm) H x 17.64” (44.8 cm) W x 21.18” (53.8 cm) D
3.4” (8.6 cm) H x 17.3” (44.0 cm) W x 24.5” (62.2 cm) D
4U industry standard rack-mount chassis
2U industry standard rack-mount chassis
42.5 lbs. (19.3 kg)
31.0 lbs. (14.1 kg)
(3 blank line cards, 0 power supplies, 0 blades, 1 fan tray)
(1 blank line card, 0 power supplies, 0 blades, 1 fan tray)
AC power supply
AC power supply
One to two 100-127 VAC (1200W)/200-240 VAC (1400W)
auto ranging (80+ Gold Efficiency)
One to two 100-240 VAC (800W)
17A per input line (max)
10A per input line (max)
50/60 Hz auto ranging
DC power supply (option)
DC power supply (option)
One to two 1400W 44 to 65 VDC
Note: Please refer to the Platform Guide: VIPRION 2200
on askf5.com for the latest specific power ratings.
44A per input (max)
Note: Please refer to the Platform Guide: VIPRION 2400
on askf5.com for the latest specific power ratings.
Operating Temperature:
32° to 104° F (0° to 40° C)
32° to 104° F (0° to 40° C)
Relative Humidity:
5 to 85% at 104° F (40° C)
5 to 85% at 104° F (40° C)
Safety Agency Approval:
EN 60950-1:2006, 2nd Edition
EN 60950-1:2006 + A11:2009 + A1:2010 + A12:2011
Evaluated to all CB Countries
IEC 60950-1:2005, A1:2009
UL 60950-1, 2nd Edition, CSA C22.2 No. 60950-1-03
CSA 60950-1-07, Including Amendment 1:2011
ANSI/UL 60950-1-2011
Evaluated to all CB Countries
Certifications/Susceptibility
Standards
FCC Part 15 Class A
FCC Part 15 Class A
VCCI Class A
VCCI Class A
EN 300 386 V1.3.2 (2003-05)
ETSI EN 300 386 V1.5.1 (2010)
EN 55022:2006 + C1:2006
EN 55022:2010 Class A
EN 61000-3-2:2000
EN 61000-3-2:2006 A1:2009+A2:2009
EN 61000-3-3:1995 +A1:2000
EN 61000-3-3:2008
EN 55022:2006 + C1:2006 Class A
EN 55024:2010
EN 61000-3-3:1995 +A1:2000+ A2:2005
EN 55022:2010 Class A
EN 55024:1998 +A1: 2001 +A2:2003
EN 61000-3-2:2006 A1:2009+A2:2009
EN 61000-3-3:2008
10
DATASHEET
VIPRION
Specifications
Intelligent Traffic Processing:
VIPRION 2250 Blade
VIPRION 2150/2100 Blade
2M L7 requests per second
1M L7 requests per second
1M L4 connections per second
400K L4 connections per second
14M L4 HTTP requests per second
7M L4 HTTP requests per second
48M max L4 concurrent connections
12M max L4 concurrent connections (B2100)
80 Gbps L7/L4 throughput (C2400)
24M max L4 concurrent connections (B2150)
155* Gbps L4, 80 Gbps L7 throughput (C2200)
40 Gbps L4, 18 Gbps L7
1 Gbps included compression
400 Mbps included compression
40 Gbps maximum hardware compression
10 Gbps maximum hardware compression
Included SSL TPS: 10,000 TPS (2K keys)
Included SSL TPS: 4,000/Blade
Maximum SSL TPS: 44,000 TPS (2K keys)
Maximum SSL TPS: 10,000 TPS (2K keys)
Bulk crypto: 36 Gbps
Bulk crypto: 9 Gbps
Note: Compression and SSL resources are allocated
evenly across the number of vCMP guests set up.
Note: Compression and SSL resources are allocated
evenly across the number of vCMP guests set up.
Hardware DDoS Protection:
Hardware SYN cookies: 60M SYN cookies per second
Hardware SYN cookies: 40M SYN cookies per second
Software Architecture:
64-bit TMOS
64-bit TMOS
Virtualization (Max Number of
vCMP Guests):
80 (4 B2250 blades, 20 per blade)
Processors:
Single Intel 10-core Xeon processor (total 20 hyperthreaded
logical processor cores)
Memory:
64 GB
Hard Drive Capacity:
One 800 GB solid state drive
32 (4 B2150 blades, 8 per blade)
16 (4 B2100 blades, 4 per blade)
Single Intel quad core Xeon processor (total 8 hyperthreaded
logical processor cores)
32 GB (B2150)
16 GB (B2100)
400 GB solid state drive (B2150)
300 GB 10,000 RPM (B2100)
One 10/100/1,000 Mbps Ethernet management port
One 10/100/1,000 Mbps Ethernet management port
Four 40 Gigabit (or sixteen 10 Gigabit) fiber ports (QSFP+)
(QSFP+ 40GBASE-SR4 100m transceivers sold separately)
(QSFP+ optical breakout cable assemblies available to
convert to 10 Gigabit ports)
Eight 1,000 Mbps/10 Gbps SFP+ ports
(2 ea. 10GBASE-SR – 850nm transceivers included)
(Optional 1G SFP fiber SX or LX) or copper RJ45
transceivers, 10G SFP+ SR or LR, 10G copper direct attach)
Note: Only optics provided by F5 are supported.
Note: Only optics provided by F5 are supported.
Power Consumption and
Heat Output:
Note: Please refer to the Platform Guide: VIPRION 2400 or
Platform Guide: VIPRION 2200 on askf5.com for the latest
relevant blade power ratings.
Note: Please refer to the Platform Guide: VIPRION 2400 or
Platform Guide: VIPRION 2200 on askf5.com for the latest
relevant blade power ratings.
Weight:
10.0 pounds (4.5 kg)
9.5 lbs. (4.3 kg)
Network Interfaces:
*
*Requires TMOS v11.6 and selecting L4 Performance Optimized FPGA firmware configuration option (see BIG-LTM Manual on askf5.com for specific instructions).
11
DATASHEET
VIPRION
F5 Global Services
F5 Global Services offers world-class support, training, and consulting to help you get the
most from your F5 investment. Whether it’s providing fast answers to questions, training
internal teams, or handling entire implementations from design to deployment, F5 Global
Services can help ensure your applications are always secure, fast, and reliable. For more
information about F5 Global Services, contact consulting@f5.com or visit f5.com/support.
More Information
For more information about VIPRION, visit f5.com to find these resources. For the latest
product specifications, see the applicable platform guide on askf5.com.
Datasheets
BIG-IP Local Traffic Manager
BIG-IP Application Security Manager
BIG-IP DNS
BIG-IP Access Policy Manager
BIG-IP Application Acceleration Manager
BIG-IP Advanced Firewall Manager
BIP-IP Policy Enforcement Manager
BIG-IP Carrier-Grade NAT
White papers
Clustered Multiprocessing: Changing the Rules of the Performance Game
Virtual Clustered Multiprocessing (vCMP)
The Application Delivery Firewall Paradigm
BIG-IP Application Delivery Hardware: A Critical Component
ScaleN: Elastic Infrastructure
Multi-Tenancy Security with vCMP
F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119
Americas
info@f5.com
Asia-Pacific
apacinfo@f5.com
888-882-4447
Europe/Middle East/Africa
emeainfo@f5.com
f5.com
Japan
f5j-info@f5.com
©2015 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com.
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. DC0714 DS-BIGIP-41150 0715
Download PDF