Overview:
A true pay-as-you-grow model, the 2400 chassis with four B2250 blades offers on-demand L7, SSL, and compression performance without operational disruption. For agility and improved efficiency, it provides the highest-density, multi-tenant virtualization solution that can dynamically scale virtual ADC instances as business requirements change. The 2400 uses 80 PLUS Gold Certified power supplies to save on cooling and energy costs.
The On-Demand Application Delivery Controller
Your organization’s growing infrastructure puts more pressure on the network—from rising numbers of users and data center consolidation to cloud migrations and more feature-rich applications. Scaling your Application Delivery Network (ADN) to meet these ever-evolving demands means increased operational cost and complexity, limiting your organization’s ability to react quickly to new needs and opportunities.
Each F5 VIPRION platform is a single, powerful Application Delivery Controller (ADC) with modular performance blades you can add or remove without disrupting users or applications. Instead of adding devices and segmenting applications, simply add more power to your existing infrastructure as needs and opportunities arise. VIPRION enables the scalability you need to establish a sustainable ADN growth strategy.
Key Benefits
Reduce costs
Decrease OpEx and CapEx with the F5 ScaleN architecture, which provides unique flexibility to scale on demand, virtualize, and deliver application scaling in a device cluster.
Maximize performance
Manage and protect demanding apps with industry-leading layer 4 and layer 7 performance and SSL processing power.
Consolidate devices
Reduce the number of servers and ADCs along with power, space, cooling, and management requirements.
Achieve ultimate reliability
Make the ADN always available with redundancy at both the chassis and blade levels.
Increase Intelligence, Not Operating Costs
As your infrastructure grows and requires more power for layer 4 and layer 7 processing, SSL, compression, and more, you can simply add a blade to the VIPRION chassis and it will start processing traffic automatically. Whether you’re using one blade, four blades, or eight blades, VIPRION remains one device with fixed management costs.
Intelligent Performance Where It Matters
Traditional performance measurements in terms of throughput don’t accurately represent the complex needs of delivering modern web applications. Connection capacity and L7 transactions per second are critical. For instance, ADCs must be able to process high levels of layer 4 and layer 7 connections and make application-layer decisions such as removing sensitive information or transforming application-specific payloads. BIG-IP appliances have the intelligence and performance to handle application layer decisions while securing your data and infrastructure.
Simplify Your Network
VIPRION can help you simplify your network by offloading servers and consolidating devices, saving management costs as well as power, space, and cooling in the data center.
With VIPRION’s massive performance and scalability, you can reduce the number of Application Delivery Controllers you need to deliver even the most demanding applications. By offloading computationally intense processes, VIPRION significantly reduces the number of application servers you need. VIPRION includes:
- SSL/elliptical curve cryptography (ECC) hardware acceleration—Offloads costly SSL encryption. Accelerates key exchange and bulk encryption to provide best-in-market SSL performance. Enhances perfect forward secrecy (PFS) capabilities through improved ECC performance.
- Hardware compression—Enables you to cost effectively offload traffic compression processing from your servers. Improves page load times and reduces bandwidth utilization.
- F5 OneConnect connection pooling—Aggregates millions of TCP requests into hundreds of server-side connections. Increases server capacity and ensures requests are handled efficiently by the back-end system.
Maximize Large-Scale Application and Firewall Performance
With its industry-leading layer 4/7 throughput, connection processing, and SSL/ECC performance, VIPRION efficiently manages the most demanding applications, offloads servers, and consolidates your Application Delivery Network. In addition, as an ICSA Labs Certified firewall solution, F5 BIG-IP Advanced Firewall Manager (AFM) on VIPRION provides native, high-performance network firewall services to protect public-facing websites and data center applications from distributed, multi-layer cyber attacks.
VIPRION high-performance and distributed denial-of-service (DDoS) protection capabilities are enabled through field-programmable gate array (FPGA) technology tightly integrated with the F5 TMOS technology and software.
F5 embedded Packet Velocity Acceleration (ePVA) FPGA delivers:
- High-performance interconnection between Ethernet ports and processors.
- L4 offload, enabling leading throughput rates and reduced loads on software.
- Hardware-accelerated SYN flood protection.
- Hardware detection and mitigation of more than 100 types of denial-of-service (DoS) and DDoS attacks.
- Support for F5 IP Intelligence Services, with blacklist, whitelist, and graylist capabilities.
- Native network overlay (VXLAN/NVGRE) support.
- Hardware-enabled DNS caching, which hyperscales responses for fast service and app delivery (B2250).
- User selectable hardware profiles that enable different performance levels for targeted workloads. Initial profile options include optimized L4 throughput on select platforms for CGNAT or L4-centric traffic management solutions.
Achieve Ultimate Reliability
In a VIPRION system with multiple blades, you can remove a blade without disruption. The other blades will instantly take over the processing load. You can also deploy VIPRION in an active/standby configuration to add another level of redundancy. The chassis is built with redundant power supplies and field swappable components. This multi-layered redundancy significantly reduces the possibility of downtime.
The Advantages of VIPRION Technology:
With VIPRION, your organization benefits from the unique F5 ScaleN architecture and patented hardware and software innovations that offer unmatched capabilities.
ScaleN architecture provides the ability to scale performance on demand, virtualize, or horizontally cluster multiple VIPRION chassis, creating an elastic Application Delivery Networking infrastructure that can efficiently adapt as your business needs change.
On-demand scaling improves performance
Increase resource capacity and performance with on-demand scaling, where you can simply add more power to your existing infrastructure instead of adding more devices. VIPRION chassis provide true linear scalability through modular blades that use F5 Clustered Multiprocessing (CMP) technology. As blades are added, their CPU resources, network interfaces, SSL, and compression processing power all automatically become available as the configurations and policies are copied to the new blades from the master blade.
Operational scaling enables consolidation
F5 is able to virtualize services with a multi-tenant architecture that supports a variety of BIG-IP versions and product modules on a single device. Multi-tenant device virtualization is provided by F5’s unique Virtual Clustered Multiprocessing (vCMP) technology, which enables VIPRION to run multiple BIG-IP guest instances. Each BIG-IP guest instance looks and acts like a physical BIG-IP device, with a dedicated allocation of CPU, memory, and other resources. vCMP offers per-guest rate limiting for bandwidth and SSL, enabling customers to achieve different performance levels for each guest.
Each vCMP guest can further be divided using multi-tenant features such as partitions and route domains, which can isolate configuration and networks on a per-virtual-domain basis. Within each virtual domain, organizations can further isolate and secure configuration and policies by using a role-based access system for greater administrative control.
The ability to virtualize BIG-IP ADC services means service providers and enterprise users can isolate based on BIG-IP version, enabling departmental or project-based tenancy as well as performance guarantees, while getting the benefits of managing a single, consolidated application delivery platform and increased utilization of VIPRION systems.
Application scaling boosts capacity and resiliency
Increase capacity by adding BIG-IP resources through an all-active approach. With application scaling, you can scale beyond the traditional device pair to eliminate the need for idle and costly standby resources. Application scaling achieves this through two forms of horizontal clustering: Application Service Clustering, which focuses on application scalability and high availability, and Device Service Clustering, designed to efficiently and seamlessly scale BIG-IP application delivery services.
Application Service Clustering delivers load-aware, application-level failover and comprehensive connection mirroring for a highly available cluster of up to eight heterogeneous devices. Workloads can be moved across a cluster of devices or virtual instances without interrupting other services and can be scaled to meet demand.
Device Service Clustering can synchronize full device configurations in an all-active deployment model, enabling consistent policy deployment and enforcement across devices up to 32 active nodes. This ensures a consistent device configuration that simplifies operations.
The ScaleN architecture provides the ultimate flexibility to scale on demand, virtualize, and deliver application scaling through device clusters.
VIPRION 4800 and VIPRION 4480 chassis: The VIPRION 4800 chassis supports up to eight blades, and the VIPRION 4480 chassis supports up to four blades. The VIPRION 4450 blade has 24 processor cores (a total of 48 hyperthreaded logical processing cores), and the VIPRION 4300 blade has 12 processor cores (a total of 24 hyperthreaded logical processing cores).
VIPRION 2400 and VIPRION 2200 chassis: The VIPRION 2400 chassis can support up to four 2150 or 2250 blades. The VIPRION 2200 chassis can support two 2150 or 2250 blades. The VIPRION 2250 blade has 10 processor cores (a total of 20 hyperthreaded logical processing cores), and the VIPRION 2150 blade has four processor cores (a total of eight hyperthreaded logical processing cores).
Note: Only the same type of supported blades are enabled for traffic processing in each chassis. Different blade models cannot be mixed within the same chassis. Only optics provided by F5 are supported.
Virtualized processing fabric shares the load across blades
Using custom disaggregation, high-speed bridge FPGAs, and advanced Clustered Multiprocessing (CMP) design, VIPRION shares the processing load not just within a blade, but across the entire chassis. The physical interfaces are fully meshed. Any port on any blade can be used for any application, so the system can be wired for redundancy and simplicity.
Clustered management cuts administration time
Spend less time managing your Application Delivery Network. To administrators, the VIPRION unit looks like a single ADC. One blade is automatically selected as the primary, and all settings and controls are mirrored to the other blades. When a new blade is plugged in, it will install the firmware version from the primary blade, copy all of its settings, and begin processing traffic within minutes.
SuperVIP simplifies the network
Rather than requiring that a single, demanding application be segmented, VIPRION uses F5 SuperVIP. This is a virtual IP that can span multiple blades within the VIPRION system. A demanding application will use SuperVIP to harness the processing power of all the blades in the system.
TMOS delivers performance and flexibility
At the heart of VIPRION is the F5 unique operating system called TMOS that provides a unified system for optimal application delivery, giving you total vision, flexibility, and control across all services. TMOS empowers VIPRION to intelligently adapt to the diverse and evolving requirements of applications and networks.
Hardware DDoS approach mitigates attacks
F5 uses a collaborative software SYN cache and hardware SYN cookie approach to protect against large-scale SYN flood DDoS attacks. Using the embedded Packet Velocity Acceleration (ePVA) FPGA, select VIPRION platforms provide significantly higher performance (up to 640 million SYN cookies per second) over a pure software implementation.
When a SYN flood is detected, the ePVA turns on the F5 SYN Check feature to prevent invalid sessions from getting to the servers or exhausting blade resources. SYN Check is unique in that it can be applied on a per-virtual-IP/application basis, meaning if one application is under attack, the others are not affected. F5 is the only ADC that implements hardware-based SYN cookies in L4 and full-proxy L7 mode.
Blade options enable superior performance and security
Given constantly increasing demands for connectivity and growing concerns about tenacious and complex attacks, service providers and enterprises need solutions that keep up. VIPRION blade options deliver flexibility and efficient scaling capabilities. Notably, these options include the purpose-built 4450 blade, which is Network Equipment-Building Systems (NEBS) compliant and offers two 100 GbE ports and six 40 GbE ports for superior efficiency, throughput, and performance. In a fully loaded VIPRION 4800 eight-blade chassis, the 4450 blade supports around 1.2 billion concurrent connections to scale for today’s Internet of Things and into the future.
The 4450 blade is the first ADC to provide 100 GbE ports in the QSFP28 form factor, the leading form factor for data centers adopting 100 GbE, providing the smallest footprint and lowest power consumption of any 100 GbE form factors. The 4450 blade delivers significant performance improvements for 2K keys with SSL as well as for ECC, enhancing PFS capabilities.
The 4450 blade’s advanced FPGAs significantly improve CPU utilization and expand whitelisting, blacklisting, and graylisting capabilities. The software-defined hardware capabilities of the FPGAs, memory, and hardware search enable the VIPRION 4450 blade to efficiently deliver software-defined networking (SDN), providing CPU offloading, optimization, and adaptability, while simplifying the migration to network function virtualization (NFV). The 4450 blade also supports up to 12 vCMP guests for multi-tenant app and security services architectures.
The VIPRION 4450 blade, in conjunction with the VIPRION 4480 or 4800 chassis, enhances performance, enables dynamic resource allocation, and maximizes service consolidation. The superior performance and capacity scale in linear fashion with each additional blade, and traffic begins being processed automatically after a blade addition. When deployed with BIG-IP Advanced Firewall Manager (AFM), F5’s high-performance, stateful, full-proxy firewall, the 4450 blade quickly ramps to mitigate even the worst DDoS attacks, distinguishing between malicious and legitimate connections and discarding malicious connections before they can devastate network resources. When combined with BIG-IP Application Security Manager (ASM), F5’s agile, scalable web application firewall, the solution can mitigate and defend against nearly any L7 attack, too.
VIPRION 2250 Blades:
The purpose-built VIPRION 2250 blade delivers four 40GbE ports and supports 48M concurrent connections with 80Gbps of L4 throughput. In the VIPRION 2400 or 2200 chassis, the 2250 blade delivers significant SSL performance, advanced FPGAs, CPUs, and memory that handles and efficiently addresses enterprise data center, private cloud, and software-defined networking (SDN) needs. The 2250 blade incorporates enterprise-class, solid-state drive (SSD) storage for improved disk i/o performance and reliability. For Layer-4 centric workloads like CGNAT and traffic management, users can select an optimized performance profile that approximately doubles the throughput to 155Gbps.
*Compatible with the VIPRION 2400 and VIPRION 2200 chassis.
VIPRION 2250 Blade Specifications |
Intelligent Traffic Processing |
2M L7 requests per second
1M L4 connections per second
14M L4 HTTP requests per second
48M max L4 concurrent connections
80 Gbps L7/L4 throughput (C2400)
155* Gbps L4, 80 Gbps L7 throughput (C2200)
1 Gbps included compression
40 Gbps maximum hardware compression
Included SSL TPS: 10,000 TPS (2K keys)
Maximum SSL TPS: 44,000 TPS (2K keys)
Bulk crypto: 36 Gbps
Note: Compression and SSL resources are allocated evenly across the number of vCMP guests set up. |
Hardware DDoS Protection |
Hardware SYN cookies: 60M SYN cookies per second |
Software Architecture |
64-bit TMOS |
Virtualization (Max Number of vCMP Guests) |
80 (4 B2250 blades, 20 per blade) |
Processors |
Single Intel 10-core Xeon processor (total 20 hyperthreaded logical processor cores) |
Memory |
64 GB |
Hard Drive Capacity |
One 800 GB solid state drive |
Network Interfaces |
One 10/100/1,000 Mbps Ethernet management port
Four 40 Gigabit (or sixteen 10 Gigabit) fiber ports (QSFP+)
(QSFP+ 40GBASE-SR4 100m transceivers sold separately)
(QSFP+ optical breakout cable assemblies available to convert to 10 Gigabit ports)
Note: Only optics provided by F5 are supported. |
Power Consumption and Heat Output |
Note: Please refer to the Platform Guide: VIPRION 2400 or Platform Guide: VIPRION 2200 on askf5.com for the latest relevant blade power ratings. |
Weight |
10.0 pounds (4.5 kg) |
*Requires TMOS v11.6 and selecting L4 Performance Optimized FPGA firmware configuration option (see BIG-LTM Manual on askf5.com for specific instructions).