Overview:
F5 rSeries is a next-generation hardware platform that delivers a highly scalable, microservices-based architecture to power your mission-critical applications and network deployments. These high-performance appliances include modern FPGAs to enable industry-leading SSL offloading and hardware-based support for elliptical curve cryptography (ECC) ciphers in a 1 RU form factor. With powerful L7 request-per-second (RPS) performance, rSeries enables consolidating multiple services on a single device and increases the density of high-speed ports per rack unit.
Whether you’re a large enterprise or small to medium-sized business, rSeries allows you to scale up or scale down CPU usage depending on your performance requirements.
Automate and Future-Proof Your Infrastructure with the F5 rSeries Platform
The next-generation Application Delivery Controller (ADC) solution, F5 rSeries, bridges the gap between traditional and modern infrastructures with a rearchitected, API-first platform designed to meet the needs of your traditional and emerging applications. The new F5 rSeries delivers unprecedented levels of performance, a fully automatable architecture, and the highest reliability, security, and access control for your critical applications. You can reduce time-to-market, consolidate your infrastructure and secure critical data at scale while lowering total cost of ownership (TCO) and future-proofing your application infrastructure.
Key Benefits
Future-proof your environment
Future-proof your IT infrastructure for the long-term with frictionless migration, flexible licensing and high performance to scale your capacity as you grow.
Obtain the lowest TCO
Reduce TCO and the infrastructure footprint by consolidating app and security services on a unified, high-performance platform.
Accelerate deployment with automation
Decrease time spent on manual tasks with rSeries’ fully automatable platform design. Rapidly onboard, configure, and deploy F5 application services via simple, yet powerful declarative interfaces with F5 Automation Toolchain.
Secure applications
Deliver the SSL capacity required to protect critical data—including enhanced offload of elliptical curve cryptography (ECC) processing to hardware— enabling forward secrecy scaling. Deliver the most effective protection with integrated, one-pass, full stack (L3–L7) security, high-capacity distributed denial-of-service (DDoS) mitigation, contextual access management, and more.
Enhance your performance
Scale up to two times over previous platforms and manage unpredictable performance requirements. In addition, avoid CPU exhaustion for critical use cases like DDoS protection or UDP traffic processing. F5 rSeries leverages larger, modern FPGA technology to enable more efficient CPU resource utilization, delivering unprecedented performance and greater scalability.
Standardize Your App Delivery Services
F5 appliances simplify your network and reduce TCO by offloading servers, providing a consistent set of comprehensive application services, and consolidating devices – saving management, power, space, and cooling costs in the data center. The massive performance and scalability of the new F5 rSeries appliance reduces the number of ADCs needed to deliver even the most demanding applications. By offloading computationally intense processes, you can significantly reduce the number of application servers needed.
Unmatched Performance for Critical Applications
Application traffic is growing exponentially, driven by the ongoing growth of remote workforces, increasing numbers of applications, video streaming, and IoT, and increasing pressure on global IT infrastructure resources to deliver unprecedented performance and scalability.
Additionally, encrypted SSL/TLS traffic now represents the vast majority of total application traffic, adding additional strain on IT resources that can’t effectively manage the increased load. F5’s rSeries appliances offer up to 2x the level of performance as compared to previous generations, enabling more efficient CPU resource utilization, higher scalability, and industry-leading SSL/TLS processing scale to manage and control the increasing amount of application traffic.
The Advantages of F5 ADC System:
The F5 rSeries platform leverages a modern hardware and software design to balance the need for performance, scalability, agility, and automation. The F5 TMOS operating system provides total visibility, flexibility, and control across all application delivery services. With TMOS, organizations can intelligently adapt to the diverse and evolving requirements of applications and networks.
F5 rSeries also leverages a new architecture and hardware with larger, field-programmable gate arrays (FPGAs) and the latest Intel® processing for CPU.1 The newer generation Intel chipsets provide more modern SSL cipher support and can offload elliptical curve cryptography (ECC) based ciphers in hardware. FPGA technology, tightly integrated with the next-generation F5 operating system technology and platform layer software, enables high- performance capabilities.
rSeries includes:
- Up to 400K TPS SSL and compression offload.
- Reduce loads on software by enabling up to 195 Gbps of L4/L7 throughput.
- Hardware-accelerated SYN flood protection ensures if one application is under attack, others are not affected.
- Protection from more than 100 attack vectors, such as denial-of-service (DoS) and DDoS attacks, hardware detection, and mitigation.
- SSL orchestration supports Layer 3 deployment topologies on all rSeries platforms and Layer 2 in-line service on mid and high-end platforms.
- Support for F5 IP Intelligence Services, with denylist, allowlist, and temporary rejection capabilities.
Other unique or patented hardware and software innovations equip the platform with unmatched capabilities, including:
- Best-in-market SSL performance accelerates SSL/TLS adoption by offloading costly SSL processing and speeding up key exchange and bulk encryption.
- Industry-leading encryption up to 235K TPS P-256 from increased SSL FPGAs from hardware acceleration of ECC ciphers.
- Cost-effective offload of traffic compression processing improves page load times and reduces bandwidth utilization from maximum hardware compression up to 100 Gbps, a 138% increase over previous platforms.
- Enterprise-class solid-state drive (SSD) technology on select F5 platforms improves performance and reliability, saves power, and reduces heat generation and noise.
- Efficiency features include 80 Plus Platinum certified power supplies as well as front panel touchscreen LCD management, remote boot and multi-boot support, and USB support.
F5 ADC System:
Introducing BIG-IP Next: Modern Application Delivery on rSeries
F5’s next-gen software, F5 BIG-IP Next, leverages powerful declarative APIs to make it faster and easier for DevOps, NetOps, and other BIG-IP-reliant teams to manage and automate their BIG-IP deployments. The completely rearchitected software layer and modern framework provide the basis for significantly improved control plane scale and performance, reduced cloud footprint for lower operational costs, and rapid instance upgrades.
Carrying forward the comprehensive suite of advanced BIG-IP functionality developed over the past 20 years, BIG-IP Next will continue to deliver everything from application security and access controls to local and global traffic management—and will be available across the same breadth of deployment and consumption models as its predecessor.
When fully mature, BIG-IP Next will offer the following benefits on rSeries:
- Accelerate time-to-market using a highly automatable, API-first design that enables automation-driven device onboarding and seamless application services configuration via declarative APIs.
- Reduce cloud total cost of ownership with optimized, right-sized instances that reduce annual spending and a containerized core that splits feature modules into individual units, permitting teams to select, choose, and deploy only the functions required.
- Handle extensive application portfolios and complex, resource-intensive app configurations thanks to a highly scalable control plane.
- Reduce application downtime with rapid, hitless upgrades that can be performed while maintaining all existing operations and without disrupting traffic flows or diminishing application availability.
- Maintain a cutting-edge security posture with accelerated and incremental feature delivery software releases every three months–twice as often as TMOS feature releases.
- Continue using the advanced suite of app services and modules you know and trust, as the majority of capabilities are carried forward with BIG-IP Next.
Gain Flexibility With Multi-Tenancy
Virtualization and multi-tenant architectures are often implemented to address business and topological requirements, such as being able to consolidate services and acquire or merge existing networks. Multi-tenancy enables customers to host many different F5 BIG-IP tenants on the same appliance, which may vary in terms of supported versions depending on the needs of particular applications or business requirements. Each tenant can be independently upgraded or patched without impacting other tenants. In addition, multi-tenancy delivers full tenant isolation and failure—independent of traffic, data, and administrative access—for unmatched tenant isolation.
Traditionally, F5’s Virtual Clustered Multiprocessing (vCMP) technology gave organizations a virtualization strategy for application delivery and isolating multi-tenant environments on F5 hardware platforms. F5 rSeries continues to support—and improve on—the vCMP technology that benefits many customers. F5 rSeries supports flexible, multi-tenancy options across system resources and enables even more multi-tenancy density than was previously achievable with BIG-IP iSeries. This allows customers to achieve greater ROI on their new F5 hardware investments by allocating system resources more effectively.
A Modern Platform Architecture Design
F5 rSeries relies on a F5OS (a new Kubernetes-based platform layer) that’s fully integrated with F5’s TMOS software, aligning with your modern architecture plans. Going to a microservice-based platform layer allows rSeries to provide new and exciting features that were not possible in previous generations of F5® BIG-IP® platforms. This layer powers the new platform and is abstracted through F5OS interfaces so you can manage it via familiar CLI, GUI, and API interfaces. This means you can simultaneously run tenants with the current and next generation of BIG-IP software with more modern microservice-based BIG-IP software that will be introduced in the future. rSeries is more aligned to modern architectures, which allows you to future-proof your deployments and environments.
Figure 1: F5 rSeries Architecture.
Purpose-Built for Automation
With the demands of your business, you’re under pressure to deploy and scale application services faster than ever before. Now, you don’t need to implement software-only infrastructure to take advantage of CI/CD toolset integration, declarative APIs, and telemetrybased implementations. With its API-first architecture, F5 rSeries provides a fully automatable system that can deliver the agility you need today.
With rSeries, you can take advantage of F5’s Automation Toolchain for F5 TMOS based BIG-IP software. Automation Toolchain offers a way to simplify and streamline your F5 portfolio with simple, yet powerful declarative interfaces that minimize F5 knowledge requirements, reduce errors, increase deployment velocity, and make workflows more repeatable. Automation Toolchain is comprised of a unified set of REST API endpoints built using human-readable JSON source of truth documents installed on BIG-IP or on BIG-IQ in any environment that supports those solutions. The Automation Toolchain makes it faster, easier, and more programmatic to configure and deploy F5 application delivery and security services.
Programmability
Enabling automation and orchestration is key to achieving the benefits of cloud and software-defined architectures and to scaling application services on demand. F5 platforms offer many ways to program the application services fabric and network, enabling organizations to automate deployment, react to events in real time, and easily integrate into orchestration systems.
F5 iRules scripting has long provided granular traffic control and visibility, enabling customization, rapid response to code errors and security vulnerabilities, and support for new protocols. F5 rSeries and BIG-IP tenants are fully automatable with iRules and AS3. F5 iRules LX lowers costs and speeds deployments by extending iRules to JavaScript developers and providing access to, and easier integration with, over 300,000 community Node.js packages.
In addition, F5 iApps and F5 Application Services Templates (FAST) templates are powerful tools that enable you to automate deployment and configuration of enterprise application services as a whole, rather than individually managing configuration and objects. iApps and FAST give you greater visibility into and control over application delivery—and helps you deploy in hours rather than weeks.
F5 iControl® REST APIs and SDKs integrate with leading open source and commercial orchestration systems, VMware, OpenStack clouds, and configuration management and automation systems such as Puppet, Chef, Ansible, and Terraform.
BIG-IQ Centralized Management
F5 BIG-IQ Centralized Management is F5’s management and orchestration platform for BIG-IP. It provides a central point of control for F5 physical and virtual devices and the app delivery and security services that run on them. BIG-IQ Centralized Management is available as a virtual edition. It simplifies management, helps ensure compliance, and gives you the visibility and reporting you need to troubleshoot and respond to issues and security attacks.
BIG-IQ manages policies, licenses, SSL certificates, images, and configurations for F5 devices and the following BIG-IP software modules:
- BIG-IP Local Traffic Manager (LTM)
- BIG-IP Advanced Firewall Manager (AFM)
- BIG-IP Access Policy Manager (APM)
- BIG-IP DNS
- BIG-IP Advanced Web Application Firewall (WAF)
- BIG-IP SSL Orchestrator
- BIG-IP DDoS Hybrid Defender
- F5 Secure Web Gateway Services
BIG-IQ Centralized Management supports rSeries appliances, BIG-IP iSeries appliances, VELOS and VIPRION chassis/blades, and BIG-IP virtual editions (VE), whether they’re running in private or public cloud environments. This solution is ideal for organizations that require central management of F5 devices and modules, license management of BIG-IP VEs, or central reporting and alerting on application availability, performance, and security.
FIPS compliance at scale
The Federal Information Processing Standards (FIPS) specify requirements for cryptographic modules. FIPS compliance is required for many government agencies and industries, such as financial services and healthcare, that demand the highest standards in information, application, and data security. F5 offers a broad range of FIPS-validated hardware appliances that support a FIPS 140-2 Level 2 and FIPS 140-3 Level 2 implementations for RSA cryptographic key generation, use, and protection when running validated versions of BIG-IP TMOS. Current Validations and those Under Test can be viewed here in the “F5 FIPS Cryptographic Modules” section.
For additional protection, the F5 r10920-DF and r5920-DF ship with an embedded 3rd Party FIPS grade Internal HSM (PCI card), tested by the Marvell company at FIPS 140-3 Level 3 to ensure compliance and operate in a FIPS Ready mode. F5 Hardware FIPS appliances include integrated HSMs that have tamper-evident seals with a hardened-epoxy cover which, if removed, will render the card useless.
Service Provider Solutions
Globally, service providers are investing in 5G networks and in trying to secure both consumer and business markets. Increased throughput and reduced latency are the key drivers for the network edge, particularly for video applications that are straining today’s networks. Service providers also need to develop new consumption models and revenuegenerating services to stay competitive. A flexible, secure, high-performance solution is required. The rSeries provides hardware-assisted L4 offload for high-performance tunneling protocols (VXLAN, IPSec, GTP, GRE, and others) and for high-performance security services to protect public-facing websites and data center applications from distributed, multi-layer cyberattacks through AFM. The rSeries also offers hardware-assisted DDoS mitigation of DDoS vectors, per-endpoint DoS protection, wildcard VS SYN cookie protection, and zonebased DDoS support. BIG-IP CGNAT eases IPv6 migration and improves network scalability with IPv4 address management. A combined CGNAT and BIG-IP Policy Enforcement Manager (PEM) enables a secure, subscriber-aware network firewall that masks subscriber addresses, and can be part of an optimized S/Gi-LAN/N6 solution. PEM can create differentiated services, manage traffic by leveraging subscriber and application awareness, and implement enforcement policies.
Migrating to F5 rSeries
F5’s migration tool, Journeys, helps users adopt newer platforms like rSeries by providing a frictionless migration experience. It allows users to migrate from any source platform (F5 chassis, appliance, or VE) running BIG-IP software to the platform of their choice. The tool assists in checking feature compatibility issues between different platforms and software versions, identifying and troubleshooting migration issues, and reducing overall complexity and time spent on migration. It’s a single tool with an easy-to-use GUI interface that helps to migrate all the L4–L7 customer configurations with minimal disruption to a customer’s existing operational procedures. This tool also provides post-migration validation metrics in terms of the memory footprint, cluster status, and configuration object count, for improved visibility into the migration status and reduced runtime issues.
