Overview:
The mid-range BIG-IP 7000 series has impressive performance and provides an integrated platform for application delivery and security, even for the most demanding applications.
Gain Agility with the Most Programmable Cloud-Ready ADC
F5’s next-generation, cloud-ready Application Delivery Controller (ADC) platform provides DevOps-like agility with the scale, security depth, and investment protection needed for both established and emerging apps. The new F5 BIG-IP iSeries appliances deliver quick and easy programmability, ecosystem-friendly orchestration, and record breaking, software-defined hardware performance. As a result, customers can accelerate private clouds and secure critical data at scale while lowering TCO and future proofing their application infrastructure.
Key Benefits
Obtain the lowest TCO
Reduce TCO and the infrastructure footprint by consolidating app and security services on to a unified, high-performance platform.
Protect critical data
Deliver the SSL capacity required to protect critical data—including offload of elliptical curve cryptography (ECC) processing to hardware—enabling forward secrecy scaling. Simplify operations and improve customer confidence with the fastest way to an SSL Labs A+ rating.
Secure applications
Deliver the most effective protection with integrated, one-pass, full stack (L3–L7 security, including an ICSA Certified firewall, highcapacity DDoS mitigation, contextual access management, and more.
Ensure the easiest deployment for cloud or container environments
Save time with the only simple, out-of-the-box native integration with leading private cloud, cloud interconnect colocation, and container environments.
Maximize investment protection
The iSeries’ software-defined hardware includes unique F5 TurboFlex FPGA technology that enables on-demand optimized performance for specific use cases such as DDoS protection or UDP traffic processing. Eliminate forklift upgrades and extend the lifecycle of app delivery hardware with software-upgradeable performance.
Maximize uptime
Ensure your critical infrastructure is built on reliable, carrier-grade hardware with hot-swappable components, redundant power supplies and fans, and always-on management integrated with a full baseboard management controller (BMC) with IPMI support.
Standardize Your App Delivery Services
BIG-IP ADC appliances can simplify your network and reduce total cost of ownership (TCO) by offloading servers, providing a consistent set of comprehensive application services, and consolidating devices, saving management, power, space, and cooling costs in the data center.
The massive performance and scalability of the BIG-IP platform reduces the number of ADCs needed to deliver even the most demanding applications. By offloading computationally intense processes, you can significantly reduce the number of application servers needed.
Intelligent Performance Where It Matters
Traditional performance measurements in terms of throughput don’t accurately represent the complex needs of delivering modern web applications. Connection capacity and L7 transactions per second are critical. For instance, ADCs must be able to process high levels of layer 4 and layer 7 connections and make application-layer decisions such as removing sensitive information or transforming application-specific payloads. BIG-IP appliances have the intelligence and performance to handle application layer decisions while securing your data and infrastructure.
The Advantages of F5 BIG-IP Hardware:
The BIG-IP iSeries platform perfectly blends software and hardware innovations that balance the need for performance, scalability, and agility. The F5 TMOS operating system provides total visibility, flexibility, and control across all application delivery services. With TMOS, organizations can intelligently adapt to the diverse and evolving requirements of applications and networks. Other unique or patented hardware and software innovations enable the BIG-IP iSeries platform to offer unmatched capabilities:
- F5 TurboFlex optimization technology: Field-programmable gate arrays (FPGAs), tightly integrated with CPUs, memory, TMOS, and software, provide specific packet-flow optimizations, L4 offload, support for private cloud tunneling protocols, and denial-ofservice (DoS) protection. These hardware optimizations not only improve performance but free CPU capacity for other app delivery and security tasks. Only BIG-IP iSeries appliances feature TurboFlex performance profiles—user-selectable, pre-packaged optimizations that provide different performance characteristics depending on the business need:
- L4 offload enables unsurpassed throughput and reduced loads on software.
- Unique per-virtual-IP/application SYN flood protection ensures that if one application is under attack, others are not affected. Only F5 ADCs implement hardware-based SYN cookies in L4 and full proxy L7 mode.
- More than 100 types of DoS attacks can be detected and mitigated in hardware, hugely increasing the attack size that can be absorbed compared to software-only implementations.
- Network virtualization and overlay protocol processing (such as VXLAN and NVGRE tunneling) increases traffic processing capacity.
- UDP traffic processing increases throughput and reduces both latency and jitter, improving VoIP or streaming media performance.
- Best-in-market SSL performance accelerates SSL/TLS adoption by offloading costly SSL processing and speed key exchange and bulk encryption. BIG-IP iSeries solutions include hardware acceleration of ECC ciphers, enabling forward secrecy. In addition, the ability to achieve an SSL Labs A+ rating with a few simple steps reduces SSL configuration complexity and errors.
- BIG-IP platforms offer maximum hardware compression, enabling cost-effective offloading of traffic compression processing to improve page load times and reduce bandwidth utilization.
- Enterprise class SSD (solid state drive) technology on select BIG-IP platforms improves performance and reliability, saves power, and reduces heat generation and noise.
- Efficiency features include 80 Plus Platinum certified power supplies as well as front-panel touchscreen LCD management, remote boot and multi-boot support, and USB support.
F5 ScaleN
F5 ScaleN technology enables organizations to scale performance, virtualize, or horizontally cluster multiple BIG-IP devices, creating an elastic Application Delivery Networking infrastructure that can efficiently adapt as needs change.
- On-demand scaling—Increase capacity and performance with on-demand scaling, simply adding more power to your existing infrastructure instead of adding devices. Some BIG-IP appliance models can be upgraded to the higher performance model within each series through on-demand software licensing, which enables organizations to support growth without new hardware.
- Operational scaling—Virtualize ADC services with a multi-tenant architecture that supports a variety of BIG-IP versions and product modules on a single device. F5 Virtual Clustered Multiprocessing (vCMP) technology enables select hardware platforms to run multiple BIG-IP guest instances. Each guest instance acts like a physical BIG-IP device, with a dedicated allocation of CPU, memory, and other resources. vCMP offers per-guest rate limiting for bandwidth, enabling different performance levels for each guest.
Further divide each vCMP guest using multi-tenant features such as partitions and route domains, which can isolate configuration and networks on a per-virtual-domain basis. Within each virtual domain, you can further isolate and secure configuration and policies, with a role-based access system for administrative control. When route domains/partitions are combined with vCMP guests, F5 provides the highest density multi-tenant virtualization solution, which can scale to thousands of virtual ADC (vADC) instances.
This ability to virtualize BIG-IP ADC services means service providers and enterprise users can isolate based on BIG-IP version, enabling departmental or project-based tenancy as well as performance guarantees, consolidated application delivery platform management, and increased utilization.
- Application scaling—Increase capacity by adding BIG-IP resources through an all-active approach, and scale beyond the traditional device pair to eliminate idle and costly standby resources. Application scaling achieves this through two forms of horizontal scale. One is Application Service Clustering, which focuses on application scalability and high availability. The other is Device Service Clustering, designed to efficiently and seamlessly scale BIG-IP application delivery services and sync application policies.
Application Service Clustering delivers sub-second failover and comprehensive connection mirroring for a highly available cluster of up to eight devices at the application layer, providing highly available multi-tenant deployments. Workloads can be moved across a cluster of devices or virtual instances without interrupting other services and can be scaled to meet business demand.
Device Service Clustering can synchronize full device configurations in an all-active deployment model, enabling consistent policy deployment and enforcement across devices—up to 32 active nodes. This ensures a consistent device configuration, with syncing of hardened firewall and access policies to simplify operations and reduce attack surfaces.
Gain Agility and Control in Private Clouds:
Enterprises are migrating to private clouds to achieve agility and speed time to market for applications while maintaining control. Regardless of the chosen cloud stack, typically only basic networking and app services like load balancing are provided. Advanced application delivery and security services are required to optimize and protect applications. Highly scalable BIG-IP platforms, with programmatic interfaces and service delivery templates, enable integration and automation with orchestration systems and deliver rightsized services aligned to specific app needs.
F5 solutions integrate with the leading private cloud technology stacks, including OpenStack, VMware, and Microsoft. For OpenStack, F5 provides native orchestration with Heat templates to automate the end-to-end deployment of advanced app and security services, reducing deployment times from days to minutes. Integration with VMware vRealize Orchestrator through the Blue Medora vRO plug-in reduces configuration time, enables selfservice of F5 application services by app owners, and automates complex, multi-step workflows. F5 iWorkflow enables integration of F5 devices with software-defined networking (SDN) orchestration systems providing a single point of contact between the orchestrator and F5 devices.
Two-tier architecture
For enterprises deploying a private cloud, a two-tier architecture provides an optimized design that takes best advantage of both hardware and software app delivery services. The first tier provides services such as L4 traffic management, distributed denial-of-service (DDoS) firewall, or SSL offloading, which are centralized and shared for all north-south traffic entering the network, enforcing consistent app policies. These services, which deal with high-volume traffic and incur heavy CPU loads, require high performance, scalability, and guaranteed service-level agreements (SLAs). Dedicated, purpose-built hardware such as BIG-IP iSeries appliances meet those requirements and, depending on the environment and app requirements, can be more cost efficient than commodity servers.
Tier 2—the tenant or app tier—includes emerging, cloud-native applications that can be hosted in containers or disaggregated into microservices. The apps require specific services addressing intra-app traffic (east-west traffic). Those services, which can include basic load balancing to web app firewall or web performance optimizations, can be delivered on a per-application basis through highly scalable, flexible software such as virtual editions of BIG-IP products. This two-tier architecture model, standardized on F5 application services, offers flexibility, a strategic point of control where proven app policies can be enforced, and complete visibility of all traffic, taking advantage of hardware where it’s needed and software agility near the app.
Figure 1: Orchestrated and automated deployment of app services in a two-tier private cloud architecture.
Consistent App Delivery and Security for Public Cloud
As more enterprise applications migrate to public cloud, it’s becoming more difficult to maintain network requirements and consistent application policies. In addition, many IT architects are unaware of the amount of public cloud apps deployed, the current configurations and services for those apps, and how to discover apps in flight. Organizations are turning to interconnection services at colocation providers for direct public cloud access; however, application delivery and security services across public cloud providers is disparate and varied, compared to on-premises and private cloud solutions.
F5 Application Connector is an add-on to the F5 BIG-IP platform, allowing services insertion for public cloud applications. It also acts as a cloud proxy instance for securely connecting public clouds to an organization’s application service infrastructure within cloud interconnects (colocations) or data centers. This enables the use of public cloud resources as part of an organization’s compute infrastructure. Application Connector also performs workload discovery within the Amazon Web Services (AWS) and Azure public cloud, and provides a secure connection back to interconnect services or data centers, allowing application services insertion on the BIG-IP platform.
Figure 2: Application Connector helps you easily search and find public cloud-hosted workloads in AWS and Azure. Securely connect all public cloud apps, and insert app delivery and additional security services such as SSL. Provide consistency across app deployments, and securely maintain sensitive SSL keys from a central location.
Programmability
Enabling automation and orchestration is key to achieving the benefits of cloud and software-defined architectures and to scaling application services on demand. F5 platforms offers many ways to program the application services fabric and network, enabling organizations to automate deployment, react in real time to events, and easily integrate into orchestration systems. F5 iRules scripting has long provided granular traffic control and visibility, enabling customization, rapid response to code errors and security vulnerabilities, and support for new protocols. New F5 iRules LX lowers costs and speeds deployments by extending iRules to JavaScript developers and providing access to, and easier integration with, over 250,000 community Node.js packages. In addition, with F5 iApps templates, organizations can automate deployment and configuration of application services in minutes. F5 iControl® REST APIs and SDKs provide integration with leading open source and commercial orchestration systems, VMware, OpenStack clouds, and configuration management systems such as Puppet, Chef, and Ansible.
BIG-IQ Centralized Management
F5 BIG-IQ Centralized Management is F5’s management and orchestration platform. It provides a central point of control for F5 physical and virtual devices and the app delivery and security services that run on them. BIG-IQ Centralized Management is available both as a virtual edition and an F5 appliance. It simplifies management, helps ensure compliance, and gives you the visibility and reporting you need to troubleshoot and respond to issues and security attacks.
BIG-IQ Centralized Management manages policies, licenses, SSL certificates, images, and configurations for F5 devices and the following BIG-IP software modules:
- BIG-IP Local Traffic Manager (LTM)
- BIG-IP Application Security Manager (ASM)
- BIG-IP Advanced Firewall Manager (AFM)
- BIG-IP Access Policy Manager (APM)
- F5 Secure Web Gateway Services
- BIG-IP DNS
- F5 WebSafe and F5 MobileSafe (monitoring only)
BIG-IQ Centralized Management supports BIG-IP appliances, VIPRION chassis/blades, and BIG-IP virtual editions (VE), whether they are running locally or in the cloud. It is ideal for organizations that require central management of F5 devices and modules, license management of BIG-IP VEs, or central reporting and alerting on application availability, performance, and security.
Simplified and enhanced diagnostics and troubleshooting
BIG-IP iSeries appliances include a baseboard management controller (BMC) and support for the Intelligent Platform Management Interface (IPMI) protocol. With the BMC and Always-On Management (AOM) firmware, F5 customers can have deeper access to internal sensor data for system monitoring, including multiple thermal, airflow, and voltage readings. Out-of-band alerts for hardware-level problems are possible without a running TMOS instance. Gain remote system console access to the BMC and AOM functions through the same IP address of the TMOS management port, eliminating the need for a special or separate network. BIG-IP iSeries appliances also can show system information, such as sensor values for troubleshooting, on their color touchscreen LCD displays.
FIPS compliance at scale
The Federal Information Processing Standards (FIPS) specify requirements for cryptographic modules. FIPS compliance is required for many government agencies and industries such as financial services and healthcare that demand the highest standards in information, application, and data security. F5 offers a broad range of FIPS-certified hardware appliances that support a FIPS 140-2 Level 2 implementation for RSA cryptographic key generation, use, and protection. Keys generated on or imported into a BIG-IP system hardware security module (HSM) are not extractable in plain-text format. BIG-IP hardware appliances with integrated HSMs also have tamper-evident seals with a hardened-epoxy cover that, if removed, will render the card useless. For additional protection, the BIG-IP 10350v-F supports a FIPS 140-2 Level 3 implementation of the Internal HSM (PCI card). This security rating means the 10350v-F HSM card adds tamper-resistance, which is an additional means of detection to the tamper-evident methods of Level 2, as well as a response to physical access attempts, or to cryptographic module use or tampering.
Specifications:
| Platform |
7000s / 7050s / 7055s |
7200v-F / 7200v-SSL / 7250v / 7255v |
| L7 requests per second |
800K |
1.6M |
| L4 connections per second |
390K |
775K |
| L4 HTTP requests per second |
3.5M
|
7M
|
| Maximum L4 concurrent connections |
24M
|
24M
|
| Throughput |
40 Gbps/20 Gbps L4/L7 |
40 Gbps/20 Gbps L4/L7 |
| SSL/TLS |
Included: 15,000 TPS (2K keys)
Maximum: 15,000 TPS (2K keys)
18 Gbps bulk encryption* |
Included: 25,000 TPS (2K keys)
Maximum for 7200v: 25,000 TPS (2K keys)
Maximum for 7200v-SSL: 60,000 TPS (2K keys)
18 Gbps bulk encryption for 7200v
19 Gbps bulk encryption* for 7200v-SSL |
| FIPS SSL |
F5 Full-Box FIPS 140-2 Level 2 (Option)
RSA: 15K TPS (2K keys)
18 Gbps bulk encryption* |
FIPS 140-2 Level 2 (7200v-F option)***
9,000 TPS (2K keys) (Asymmetric key creation/protection);
18 Gbps* (Dual FIPS 140-2 Level 2 AES symmetric bulk encryption) |
| Hardware Compression |
N/A |
Included: 18 Gbps,
Maximum: 18 Gbps |
| Hardware DDoS Protection |
20M SYN cookies per second |
40M SYN cookies per second |
| TurboFlex Performance Profiles |
N/A |
N/A |
| Software Compression |
Included: 9 Gbps,
Maximum: 9 Gbps |
N/A |
| Software Architecture |
64-bit TMOS |
64-bit TMOS |
| On-Demand Upgradable |
Yes |
N/A |
| Virtualization (Maximum Number of vCMP Guests) |
N/A |
8 (7250v)
4 (7200v) |
| Processor |
1 quad core Intel Xeon processor (total 8 hyperthreaded logical processing cores) |
1 quad core Intel Xeon processor (total 8 hyperthreaded logical processing cores) |
| Memory |
32 GB |
32 GB |
| Hard Drive |
Two 1 TB (RAID 1) (7000s)
400 GB solid state drive (7050s)
Two 400 GB solid state drive (RAID1) (7055s) |
Two 1 TB (RAID 1) (7200v)
400 GB solid state drive (7250v)
Two 400 GB solid state drive (RAID1) (7255v) |
| Gigabit Ethernet CU Ports |
4 |
4 |
| Gigabit Fiber Ports (SFP) |
Optional SFP (SX, LX, or copper) |
Optional SFP (SX, LX, or copper) |
| 10 Gigabit Fiber Ports (SFP+) |
8 SR or LR (sold separately, 2 SR included);
Optional 10G copper direct attach |
8 SR or LR (sold separately, 2 SR included);
Optional 10G copper direct attach |
| 40 Gigabit Fiber Ports (QSFP+) |
N/A |
N/A |
| Power Supply |
Two 400W included (80 Plus Gold Efficiency), DC optional |
Two 400W included (80 Plus Gold Efficiency), DC optional |
| Typical Consumption |
205W (dual supply, 110V input)** |
205W (dual supply, 110V input)** |
| Input Voltage |
90-240 VAC +/- 10% auto switching, 50/60hz |
90-240 VAC +/- 10% auto switching, 50/60hz |
| Typical Heat Output |
700 BTU/hour (dual supply, 110V input)** |
700 BTU/hour (dual supply, 110V input)** |
| Dimensions |
3.45” (8.76 cm) H x 17.3” (43.94 cm) W x 21.4” (54.36 cm) D
2U industry standard rack-mount chassis |
3.45” (8.76 cm) H x 17.3” (43.94 cm) W x 21.4” (54.36 cm) D
2U industry standard rack-mount chassis |
| Weight |
43 lbs. (19.5 kg) (dual power supply) |
43 lbs. (19.5 kg) (dual power supply) |
| Operating Temperature |
32° to 104° F (0° to 40° C) |
32° to 104° F (0° to 40° C) |
| Operational Relative Humidity |
5% to 85% at 40º C |
5% to 85% at 40º C |
| Safety Agency Approval |
ANSI/UL 60950-1-2011
CSA 60950-1-07, including Amendment 1:2011
Low Voltage Directive 2006/95/EC
CB Scheme; EN 60950-1:2006+A11:2009+A1:2010+A12:2011
IEC 60950-1:2005, A1:2009 |
ANSI/UL 60950-1-2011
CSA 60950-1-07, including Amendment 1:2011
Low Voltage Directive 2006/95/EC
CB Scheme; EN 60950-1:2006+A11:2009+A1:2010+A12:2011
IEC 60950-1:2005, A1:2009 |
| Certifications/ Susceptibility Standards |
EN 300 386 V1.5.1 (2010-10); EN 55022:2010
EN 61000-3-2:2006+A1:2009+A2:2009; EN 61000-3-3:2008
EN 55024:2010; EN 55022:2010; EN 61000-3-3:2008
EN 55024:2010; USA FCC Class A; VCCI Class A |
EN 300 386 V1.5.1 (2010-10); EN 55022:2010
EN 61000-3-2:2006+A1:2009+A2:2009; EN 61000-3-3:2008
EN 55024:2010; EN 55022:2010; EN 61000-3-3:2008
EN 55024:2010; USA FCC Class A; VCCI Class A |
Notes: Performance-related numbers are based on local traffic management services only. Only optics provided by F5 are supported.
* Maximum throughput.
** Please refer to the Platform Guide: 7000 Series for the latest power ratings for your specific configurations (SSL, SSD, highline input voltage, DC, etc.).
*** vCMP guest access to FIPS resources not supported.
Licenses and Services:
Simplified Licensing
It’s never been easier to consolidate application services in data center and cloud environments. F5’s Good-Better-Best licensing provides the flexibility to provision advanced F5 modules on-demand at the best value.
- Discover the right set of F5 solutions for your application environment.
- Procure the Better or Best modules for your applications.
- Implement comprehensive application services on a virtual or physical platform.
F5 Global Services
F5 Global Services offers world-class support, training, and consulting to help you get the most from your F5 investment. Whether it’s providing fast answers to questions, training internal teams, or handling entire implementations from design to deployment, F5 Global Services can help ensure your applications are always secure, fast, and reliable.
