F5 VIPRION 4480

Overview:

The NEBS-certified 4480 was designed with carrier-grade reliability in mind. With support for industry-first 40GbE and 100Gbe (QSFP28) ports, multi-tenant virtualization support, and the ability to add up to four B4450 blades to its chassis, application delivery network and security scales as business demands grow.

The On-Demand Application Delivery Controller

Your organization’s growing infrastructure puts more pressure on the network—from rising numbers of users and data center consolidation to cloud migrations and more feature-rich applications. Scaling your Application Delivery Network (ADN) to meet these ever-evolving demands means increased operational cost and complexity, limiting your organization’s ability to react quickly to new needs and opportunities.

Each F5 VIPRION platform is a single, powerful Application Delivery Controller (ADC) with modular performance blades you can add or remove without disrupting users or applications. Instead of adding devices and segmenting applications, simply add more power to your existing infrastructure as needs and opportunities arise. VIPRION enables the scalability you need to establish a sustainable ADN growth strategy.

Key Benefits

Reduce costs
Decrease OpEx and CapEx with the F5 ScaleN architecture, which provides unique flexibility to scale on demand, virtualize, and deliver application scaling in a device cluster.

Maximize performance
Manage and protect demanding apps with industry-leading layer 4 and layer 7 performance and SSL processing power.

Consolidate devices
Reduce the number of servers and ADCs along with power, space, cooling, and management requirements.

Achieve ultimate reliability
Make the ADN always available with redundancy at both the chassis and blade levels.

Increase Intelligence, Not Operating Costs

As your infrastructure grows and requires more power for layer 4 and layer 7 processing, SSL, compression, and more, you can simply add a blade to the VIPRION chassis and it will start processing traffic automatically. Whether you’re using one blade, four blades, or eight blades, VIPRION remains one device with fixed management costs.

Intelligent Performance Where It Matters

Traditional performance measurements in terms of throughput don’t accurately represent the complex needs of delivering modern web applications. Connection capacity and L7 transactions per second are critical. For instance, ADCs must be able to process high levels of layer 4 and layer 7 connections and make application-layer decisions such as removing sensitive information or transforming application-specific payloads. BIG-IP appliances have the intelligence and performance to handle application layer decisions while securing your data and infrastructure.

Simplify Your Network

VIPRION can help you simplify your network by offloading servers and consolidating devices, saving management costs as well as power, space, and cooling in the data center.

With VIPRION’s massive performance and scalability, you can reduce the number of Application Delivery Controllers you need to deliver even the most demanding applications. By offloading computationally intense processes, VIPRION significantly reduces the number of application servers you need. VIPRION includes:

• SSL/elliptical curve cryptography (ECC) hardware acceleration—Offloads costly SSL encryption. Accelerates key exchange and bulk encryption to provide best-in-market SSL performance. Enhances perfect forward secrecy (PFS) capabilities through improved ECC performance.
• Hardware compression—Enables you to cost effectively offload traffic compression processing from your servers. Improves page load times and reduces bandwidth utilization.
• F5 OneConnect connection pooling—Aggregates millions of TCP requests into hundreds of server-side connections. Increases server capacity and ensures requests are handled efficiently by the back-end system.

Maximize Large-Scale Application and Firewall Performance

With its industry-leading layer 4/7 throughput, connection processing, and SSL/ECC performance, VIPRION efficiently manages the most demanding applications, offloads servers, and consolidates your Application Delivery Network. In addition, as an ICSA Labs Certified firewall solution, F5 BIG-IP Advanced Firewall Manager (AFM) on VIPRION provides native, high-performance network firewall services to protect public-facing websites and data center applications from distributed, multi-layer cyber attacks.

VIPRION high-performance and distributed denial-of-service (DDoS) protection capabilities are enabled through field-programmable gate array (FPGA) technology tightly integrated with the F5 TMOS technology and software.

F5 embedded Packet Velocity Acceleration (ePVA) FPGA delivers:

• High-performance interconnection between Ethernet ports and processors.
• L4 offload, enabling leading throughput rates and reduced loads on software.
• Hardware-accelerated SYN flood protection.
• Hardware detection and mitigation of more than 100 types of denial-of-service (DoS) and DDoS attacks.
• Support for F5 IP Intelligence Services, with blacklist, whitelist, and graylist capabilities.
• Native network overlay (VXLAN/NVGRE) support.
• Hardware-enabled DNS caching, which hyperscales responses for fast service and app delivery (B2250).
• User selectable hardware profiles that enable different performance levels for targeted workloads. Initial profile options include optimized L4 throughput on select platforms for CGNAT or L4-centric traffic management solutions.

Achieve Ultimate Reliability

In a VIPRION system with multiple blades, you can remove a blade without disruption. The other blades will instantly take over the processing load. You can also deploy VIPRION in an active/standby configuration to add another level of redundancy. The chassis is built with redundant power supplies and field swappable components. This multi-layered redundancy significantly reduces the possibility of downtime.

Features:

Core Capabilities:

The Advantages of VIPRION Technology:

With VIPRION, your organization benefits from the unique F5 ScaleN architecture and patented hardware and software innovations that offer unmatched capabilities.

ScaleN architecture provides the ability to scale performance on demand, virtualize, or horizontally cluster multiple VIPRION chassis, creating an elastic Application Delivery Networking infrastructure that can efficiently adapt as your business needs change.

On-demand scaling improves performance

Increase resource capacity and performance with on-demand scaling, where you can simply add more power to your existing infrastructure instead of adding more devices. VIPRION chassis provide true linear scalability through modular blades that use F5 Clustered Multiprocessing (CMP) technology. As blades are added, their CPU resources, network interfaces, SSL, and compression processing power all automatically become available as the configurations and policies are copied to the new blades from the master blade.

Operational scaling enables consolidation

F5 is able to virtualize services with a multi-tenant architecture that supports a variety of BIG-IP versions and product modules on a single device. Multi-tenant device virtualization is provided by F5’s unique Virtual Clustered Multiprocessing (vCMP) technology, which enables VIPRION to run multiple BIG-IP guest instances. Each BIG-IP guest instance looks and acts like a physical BIG-IP device, with a dedicated allocation of CPU, memory, and other resources. vCMP offers per-guest rate limiting for bandwidth and SSL, enabling customers to achieve different performance levels for each guest.

Each vCMP guest can further be divided using multi-tenant features such as partitions and route domains, which can isolate configuration and networks on a per-virtual-domain basis. Within each virtual domain, organizations can further isolate and secure configuration and policies by using a role-based access system for greater administrative control.

The ability to virtualize BIG-IP ADC services means service providers and enterprise users can isolate based on BIG-IP version, enabling departmental or project-based tenancy as well as performance guarantees, while getting the benefits of managing a single, consolidated application delivery platform and increased utilization of VIPRION systems.

Application scaling boosts capacity and resiliency

Increase capacity by adding BIG-IP resources through an all-active approach. With application scaling, you can scale beyond the traditional device pair to eliminate the need for idle and costly standby resources. Application scaling achieves this through two forms of horizontal clustering: Application Service Clustering, which focuses on application scalability and high availability, and Device Service Clustering, designed to efficiently and seamlessly scale BIG-IP application delivery services.

Application Service Clustering delivers load-aware, application-level failover and comprehensive connection mirroring for a highly available cluster of up to eight heterogeneous devices. Workloads can be moved across a cluster of devices or virtual instances without interrupting other services and can be scaled to meet demand.

Device Service Clustering can synchronize full device configurations in an all-active deployment model, enabling consistent policy deployment and enforcement across devices up to 32 active nodes. This ensures a consistent device configuration that simplifies operations.

The ScaleN architecture provides the ultimate flexibility to scale on demand, virtualize, and deliver application scaling through device clusters.

VIPRION 4800 and VIPRION 4480 chassis: The VIPRION 4800 chassis supports up to eight blades, and the VIPRION 4480 chassis supports up to four blades. The VIPRION 4450 blade has 24 processor cores (a total of 48 hyperthreaded logical processing cores), and the VIPRION 4300 blade has 12 processor cores (a total of 24 hyperthreaded logical processing cores).

VIPRION 2400 and VIPRION 2200 chassis: The VIPRION 2400 chassis can support up to four 2150 or 2250 blades. The VIPRION 2200 chassis can support two 2150 or 2250 blades. The VIPRION 2250 blade has 10 processor cores (a total of 20 hyperthreaded logical processing cores), and the VIPRION 2150 blade has four processor cores (a total of eight hyperthreaded logical processing cores).

Note: Only the same type of supported blades are enabled for traffic processing in each chassis. Different blade models cannot be mixed within the same chassis. Only optics provided by F5 are supported.

Virtualized processing fabric shares the load across blades

Using custom disaggregation, high-speed bridge FPGAs, and advanced Clustered Multiprocessing (CMP) design, VIPRION shares the processing load not just within a blade, but across the entire chassis. The physical interfaces are fully meshed. Any port on any blade can be used for any application, so the system can be wired for redundancy and simplicity.

Clustered management cuts administration time

Spend less time managing your Application Delivery Network. To administrators, the VIPRION unit looks like a single ADC. One blade is automatically selected as the primary, and all settings and controls are mirrored to the other blades. When a new blade is plugged in, it will install the firmware version from the primary blade, copy all of its settings, and begin processing traffic within minutes.

SuperVIP simplifies the network

Rather than requiring that a single, demanding application be segmented, VIPRION uses F5 SuperVIP. This is a virtual IP that can span multiple blades within the VIPRION system. A demanding application will use SuperVIP to harness the processing power of all the blades in the system.

TMOS delivers performance and flexibility

At the heart of VIPRION is the F5 unique operating system called TMOS that provides a unified system for optimal application delivery, giving you total vision, flexibility, and control across all services. TMOS empowers VIPRION to intelligently adapt to the diverse and evolving requirements of applications and networks.

Hardware DDoS approach mitigates attacks

F5 uses a collaborative software SYN cache and hardware SYN cookie approach to protect against large-scale SYN flood DDoS attacks. Using the embedded Packet Velocity Acceleration (ePVA) FPGA, select VIPRION platforms provide significantly higher performance (up to 640 million SYN cookies per second) over a pure software implementation.

When a SYN flood is detected, the ePVA turns on the F5 SYN Check feature to prevent invalid sessions from getting to the servers or exhausting blade resources. SYN Check is unique in that it can be applied on a per-virtual-IP/application basis, meaning if one application is under attack, the others are not affected. F5 is the only ADC that implements hardware-based SYN cookies in L4 and full-proxy L7 mode.

Blade options enable superior performance and security

Given constantly increasing demands for connectivity and growing concerns about tenacious and complex attacks, service providers and enterprises need solutions that keep up. VIPRION blade options deliver flexibility and efficient scaling capabilities. Notably, these options include the purpose-built 4450 blade, which is Network Equipment-Building Systems (NEBS) compliant and offers two 100 GbE ports and six 40 GbE ports for superior efficiency, throughput, and performance. In a fully loaded VIPRION 4800 eight-blade chassis, the 4450 blade supports around 1.2 billion concurrent connections to scale for today’s Internet of Things and into the future.

The 4450 blade is the first ADC to provide 100 GbE ports in the QSFP28 form factor, the leading form factor for data centers adopting 100 GbE, providing the smallest footprint and lowest power consumption of any 100 GbE form factors. The 4450 blade delivers significant performance improvements for 2K keys with SSL as well as for ECC, enhancing PFS capabilities.

The 4450 blade’s advanced FPGAs significantly improve CPU utilization and expand whitelisting, blacklisting, and graylisting capabilities. The software-defined hardware capabilities of the FPGAs, memory, and hardware search enable the VIPRION 4450 blade to efficiently deliver software-defined networking (SDN), providing CPU offloading, optimization, and adaptability, while simplifying the migration to network function virtualization (NFV). The 4450 blade also supports up to 12 vCMP guests for multi-tenant app and security services architectures.

The VIPRION 4450 blade, in conjunction with the VIPRION 4480 or 4800 chassis, enhances performance, enables dynamic resource allocation, and maximizes service consolidation. The superior performance and capacity scale in linear fashion with each additional blade, and traffic begins being processed automatically after a blade addition. When deployed with BIG-IP Advanced Firewall Manager (AFM), F5’s high-performance, stateful, full-proxy firewall, the 4450 blade quickly ramps to mitigate even the worst DDoS attacks, distinguishing between malicious and legitimate connections and discarding malicious connections before they can devastate network resources. When combined with BIG-IP Application Security Manager (ASM), F5’s agile, scalable web application firewall, the solution can mitigate and defend against nearly any L7 attack, too.

VIPRION 4450 Blades:

The purpose-built, NEBS-compliant VIPRION 4450 blade delivers two 100GbE ports and six 40GbE ports, vastly increasing efficiency, throughput, and performance. It’s the first ADC to provide 100GbE ports in the QSFP28 form factor, delivering the smallest footprint and lowest power consumption of any 100GbE form factor. A VIPRION 4800 chassis fully loaded with VIPRION 4450 blades supports more than 1 Billion concurrent connections and over 1Tbps of DDoS protection. In the VIPRION 4480 or 4800 chassis, the 4450 delivers significant improvements for SSL and elliptical curve cryptography (ECC) performance, enhancing perfect forward secrecy (PFS). Advanced FPGAs, memory, and hardware search on the VIPRION 4450 handles and efficiently addresses software-defined networking (SDN) needs, delivering CPU offloading, optimization, and adaptability.

Securing, Optimizing, and Monetizing Service Provider Networks Beyond Scale

Service providers are overwhelmed by an ever-increasing number of mobile devices that require connectivity to the providers’ networks and applications. This number will be dwarfed, though, by the demand for connectivity from the Internet of Things (IoT). In addition, the extent, tenacity, and complexity of attacks against networks, applications, and subscribers continue to worry service providers, who are also besieged by the exponential growth of signaling traffic, the impending loss of IPv4 addresses, and the growing movement to IPv6.

• Two 100 GbE ports and six 40 GbE ports, which vastly increase efficiency, throughput, and performance.
• The first ADC with 100 GbE ports in the QSFP28 form factor, delivering a smaller footprint and lower power consumption.
• Significant performance improvements for 2K keys with SSL.
• Support for over a billion concurrent connections, ensuring network, data, and subscriber security.
• Manage security and connectivity with fewer devices.
• Scale dynamically to meet user growth.
• Reduce total cost of ownership (TCO) and speed return on investment (ROI).
• Remove complexity while increasing efficiency

Unparalleled performance with legendary scale

The F5 VIPRION 4450 blade offers two 100 GbE ports and six 40 GbE ports, vastly increasing efficiency, throughput, and performance. The purpose-built VIPRION 4450, which is Network Equipment-Building System (NEBS) compliant, scales up to 1.2 billion concurrent connections in a fully loaded VIPRION 4800 eight-blade chassis. That’s enough capacity to address IoT today and in the future.

The VIPRION 4450 blade is the first Application Delivery Controller (ADC) to provide 100 GbE ports in the QSFP28 form factor, providing the smallest footprint and lowest power consumption of any 100 GbE form factors. The 4450 blade delivers significant performance improvements for 2K keys with SSL, plus additional elliptical curve cryptography (ECC) performance improvements, enhancing perfect forward secrecy (PFS) capabilities. It also quadruples the bulk throughput transaction per second (TPS) rate of the VIPRION 4300 series blade and chassis combinations.

Simplified 4G to 5G migration

As service providers explore how to best manage the migration from 4G to 5G networks, network scalability and extensibility are crucial. The VIPRION 4450 blade and 4800 chassis combine for a superior connection setup rate of 20 M connections per second (CPS), easing migration.

Furthermore, as organizations run out of IPv4 addresses, supplementing existing IPv4 addresses with IPv6 addresses, the VIPRION 4450 provides support for up to hundreds of millions of concurrent sessions, thus handling the crossover with ease.

Scalable, extensible security

One of the most effective network attacks continues to be distributed denial-of-service (DDoS). The VIPRION 4450, in concert with F5 BIG-IP Advanced Firewall Manager (AFM)—a highperformance, stateful, full-proxy firewall—quickly ramps to distinguish between malicious and legitimate connections. This combined solution then absorbs or discards malicious connections before they can devastate network resources. Escalating subscriber and data usage helps drive the need for firewalls in a service provider’s SGi LAN. The VIPRION 4450 blade’s support for over a billion concurrent connections ensures that service provider networks, data, and subscribers remain secure.

The VIPRION 4450 blade effectively mitigates even the most virulent application attacks, provides an early warning of application attack vectors, and very efficiently defends against multi-pronged, simultaneous vectors. When combined with BIG-IP® Application Security Manager™ (ASM)—F5’s agile, scalable web application firewall (WAF)—the F5 solution can mitigate and defend against nearly any L7 attack.

Adaptive, software-defined hardware

The VIPRION 4450 blade’s advanced field-programmable gate arrays (FPGA) enable significantly improved CPU utilization, as well as capabilities for whitelisting, blacklisting, and graylisting. The personality of the FPGAs can be changed programmatically, furthering the 4450’s extensibility and future-proofing the investment. The software-defined hardware capabilities delivered by FPGAs, memory, and hardware search equip the VIPRION 4450 blade to efficiently handle software-defined networking (SDN). This provides CPU offloading, optimization, and adaptability.

The VIPRION 4450 blade, in conjunction with the VIPRION 4480 or 4800 chassis, further enhances performance, enabling dynamic resource allocation and maximizing service consolidation. Performance and capacity scale in linear fashion with each additional blade, so service providers adding a blade can begin processing traffic automatically, without a major upgrade.

VIPRION 4450 Blade Specifications
Intelligent Traffic Processing	5M L7 requests per second 2.9M L4 connections per second 180M max L4 concurrent connections 140 Gbps L4/L7 4.8 Gbps included compression 80 Gbps max hardware compression Included RSA SSL TPS: 24,000 (2K keys) Max RSA SSL TPS: 160,000 (2K keys) Included ECDSA P-256 TPS: 24,000 Max ECDSA P-256 TPS: 80,000 Bulk crypto (RSA): 80 Gbps Note: Compression and SSL resources are allocated evenly across the number of vCMP guests set up.
Hardware DDoS Protection	Support for over 100 different vectors Hardware SYN cookies: 115M SYN cookies per second
Software Architecture	64-bit TMOS
Virtualization (Max Number of vCMP Guests)	48 in a 4480 chassis, 96 in a 4800 chassis (12 per blade)*
Processors	2 Intel 12-core processors (48 hyperthreaded logical processor cores total)
Memory	256 GB
Hard Drive Capacity	1.2 TB SSD
Network Interfaces	One 10/100/1,000 Mbps Ethernet management port Six 40 Gbps QSFP+ ports Optional 40 Gbps QSFP+ SR4 (up to 100m) transceivers Optional 40 Gbps QSFP+ LR4 (up to 10km) transceivers Each QSFP+ port can convert to four 10 Gbps with QSFP+ breakout or AOC cables Two 100 Gbps QSFP28 ports Optional 100 Gbps QSFP28 SR4 (up to 70m) transceiver Optional 100 Gbps QSFP28 LR4 (up to 10km) transceiver
Power Consumption and Heat Output	Please refer to Platform Guide: VIPRION 4800 or VIPRION 4400 for the latest specific power ratings
Weight	19.2 lbs. (8.71 kg)

Note: Only optics provided by F5 are supported
*Requires running TMOS v13+

Specifications:

VIPRION 4480 Chassis Specifications
Dimensions	12.2” (30.9 cm) H x 17.4” (44.2 cm) W x 21” (53.3 cm) D 7U industry standard rack-mount chassis
Weight	87 lbs. (39.5 kg) (4 power supplies, 1 fan tray, 3 blanks)
Power Supply	One to four 90 VAC (1200W) to 240 VAC (2000W) auto ranging 20A per input (max) DC power (option) One to four 1200W -36 to -72 VDC 10 to 40A maximum per supply
Operating Temperature	32° to 104° F (0° to 40° C)
Relative Humidity	5 to 85% at 104° F (40° C)
Safety Agency Approval	UL 60950 (UL1950-3) CSA-C22.2 No. 60950-00 (bi-national standard with UL 60950) CB test certification to IEC 950 EN 60950
Certifications/ Susceptibility Standards	EN55022 1998 Class A EN55024 1998 Class A FCC Part 15B Class A VCCI Class A NEBS Certified

Note: Please refer to the Platform Guide: VIPRION 4800 on askf5.com for the latest specific AC power ratings.

Documentation:

Download the F5 VIPRION Platforms Datasheet (.PDF)

Download the F5 VIPRION 4450 Blade Datasheet (.PDF)