Embed Size (px)
Citation preview
© F5 Networks, Inc.
1
F5 IPv6 Solutions
Ariel Santa Cruz – FSE SoLA
F5 Networks Inc.
© F5 Networks, Inc.
2
• End of IPv4
• Common Customer Use Cases• Ease the IPv6 Evolution
• Deliver Apps. to all clients
• Internal Access to IPv4 Apps. and Internet
• Who’s F5
• F5 Solution Services
• Additional Resources
Agenda
© F5 Networks, Inc.
3
• Click to edit Master text styles• Second level
• Third level
• Fourth level
• Fifth level
IPv4, the End Is Here!
© F5 Networks, Inc.
4
The Reality
© F5 Networks, Inc.
5
Dual Stack Needed for IPv4 and IPv6
Internet
IPv4 and IPv6 Clients
Load Balancer
v4 DNS
www.server.com(A)
v6 DNSwww.server.com(AAAA)
© F5 Networks, Inc.
6
Eases the IPv6 Evolution Consolidate infrastructure or deploy a Pure IPv6 Network
Internet
IPv4 and IPv6 Clients
BIG-IP Local Traffic Manager
+Global Traffic Manager
NAT64
Forwarding/ Mapping Virtual
v4 DNS
www.server.com(A)
v6 DNSwww.server.com(AAAA)
DNS64
Supports pure IPv6 clients accessing
both IPv6/IPv4 sites
Combined NAT64 and DNS64 provide automatic translation
Critical for mobile devices and any client
optimized for pure IPv6
Eases evolution and bridges gap between IPv6/IPv4 DNS
© F5 Networks, Inc.
7
Deliver Apps. to All Clients Provide IPv6 Access to IPv4 Applications
192.168.114.0/24 Server Network
192.168.114.125192.168.114.126 192.168.114.127
IPv4 VIP
IPv4 Clients
IPv6 ClientsIPv6 VIP
IPv4 App. Servers
HTTP_Pool
Intranet / Internet
IPv4 Network IPv6 Network
BIG-IP
Local Traffic Manager
© F5 Networks, Inc.
8
F5 DNS Services
IPv6 ClientsLDNS
Internet Site
LB
DNS64
• Easily manage global applications
• Combine with balancing DNS Requests
• Enable internal IPv6 access to IPv4 DNS
• Deliver IPv4 Apps to internal IPv6
LB
AAAA
A
BIG-IP LTMIPv6
IPv4
Deliver Apps. to Internal ClientsInternal IPv6 Access to IPv4 Applications and Internet
BIG-IP GTM
DNS64
NAT64
NAT64
Datacenter
9
Design Considerationso H. A.o User exp/perf.o Security/Access/Compliance
WhiteboardCurrent IT Initiatives
1.Virtualization
2.DC Consolidation
3.Access & Security
4.Applications
5.Storage Mgt
✓1. Start Fresh
Strategic Control Points • Reusable Services• Context & Control
Time
Resources
Users
Cost
Dynamic Services Model2. Vendor-Stack3. Transition ✓
✓
Goals
IT Business
Agility
© F5 Networks, Inc.
10
Organizations Worldwide Trust F5
F5 Customer highlights
•8 of the Fortune 10 companies1
•43 of the Fortune 50 companies1
•18 of the top 20 US commercial banks1
•4 of the top 5 securities companies1
•5 of the 5 top US airlines1
•10 of the top 10 US insurance companies - property and casualty1
•4 of the top 5 healthcare: pharmacy and other services1
•15 of the 15 executive branch departments of the US federal government2
•10 of the top 10 fixed AND mobile global service providers3
•4 of the top 5 US Internet search providers4
•18 of 20 cloud infrastructure and Web hosting companies5
Sources: 1 Fortune 2011; 2 USA.gov Web site listing 3 Q311 Ovum Market share, by revenue, global; 4 Comscore May 2011; 5 Gartner Magic Quadrant Cloud Infrastructure as a Service and Web Hosting (On Demand, December 2010)
© F5 Networks, Inc.
11
• Professional Services offering that enables a seamlessly transition to an IPv6 world as part of a new or existing LTM implementation
• Addresses some of the most common IPv6 implementation scenarios, including:
• Support IPv6 clients with DNS64 infrastructure
• IPv6 proxy to IPv4-only applications
• Internal IPv6 service and IPv6 NAT64/DNS64
• IPv4/IPv6 DMZ gateway for IPv4-only applications
• Key Benefits:
• Improve time to market
• Maximize your investment
• Empower your staff
• Minimize risks
F5 IPv6 Solution Services
© F5 Networks, Inc.
12
© 2011 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, BIG-IP, ARX, FirePass, iControl, iRules, TMOS, and VIPRION are registered trademarks of F5 Networks, Inc. in the U.S. and in certain other countries
© F5 Networks, Inc.
13
• IPv6Solution Services Offering http://www.f5.com/pdf/professional-services/ipv6-solution-services-datasheet.pdf
• Controlling Your Migration to IPv6: A Gateway to Tomorrow http://www.f5.com/pdf/white-papers/ipv6-wp.pdf
• Managing Large Scale, Carrier-Grade NAT with BIG-IP Devices http://www.f5.com/pdf/solution-profiles/managing-carrier-grade-nat-sp.pdf
• Managing the IPv6 Migration http://www.youtube.com/f5networksinc#p/a/u/2/8cSKTdOfi3Y
• IPv4 and IPv6 Can Coexist’ or ‘How to eat your cake and have it too’ http://devcentral.f5.com/weblogs/macvittie/archive/2011/02/04/ipv4-ipv6-migration-coexist-gateway.aspx
F5 Resources
© F5 Networks, Inc.
14
F5 IPv6 Solutions
Ariel Santa Cruz – FSE SoLA
F5 Networks Inc.
© F5 Networks, Inc.
15
Plan for Growth and Avoid DowntimeBIG-IP Local Traffic Manager
Eliminate downtime and scale the application
BIG-IP LTM manages at the application level to:
• Ensure the best resources are always selected
• Provide deep visibility into application health
• Proactively inspect and respond to errors
Transactionassurance Session persistence
Dynamic load balancing methods
Application health monitoring
BIG-IP
Local Traffic Manager
High-performancehardware
© F5 Networks, Inc.
16
Ensure Availability and Disaster RecoveryBIG-IP Global Traffic Manager
Direct users to optimal data centers:• Continuously monitor application availability and improve performance • Route based on business logic or location to available applications• User sessions persist upon an application failure
Data Center B
Data Center A
Users
BIG-IP Global Traffic Manager
Applications
Applications
© F5 Networks, Inc.
17
Benefits of LTM and GTM Integration
BIG-IP
Local Traffic Manager
Data Center
BIG-IP
Local Traffic Manager
Data Center
Users
Business logic
Geolocation services
Monitoring via iQuery
BIG-IP Global Traffic Manager
LDNS
One ADC solution provides the same:• Purpose-built hardware and software designed for performance • iControl for extending management control • Centralized management solution
© F5 Networks, Inc.
18
TMOS ArchitectureA Unified System for Application Delivery and IPv6 Translation
© F5 Networks, Inc.
19
• First delivered in 2004
• IPv6/IPv4 dual-stack and proxy translation
• IPv6 addressable BIG-IP LTM objects• Self IP’s
• Virtual Servers
• Nodes
• SNAT’s
• NAT
• BIG-IP GTM may contain both IPv6 and IPv4 virtual servers• VIPs selected based on request type (A or AAAA/A6)
BIG-IP IPv6 Implementation
© F5 Networks, Inc.
20
• BIG-IP NATs, SNATs, and virtual servers can automatically serve as gateways between IPv6 and IPv4 networks• IPv6 VIP to IPv6 node
• IPv6 VIP to IPv4 node
• IPv4 VIP to IPv6 node
• IPv4 VIP to IPv4 node
• Pool may contain both IPv6 and IPv4 nodes
• NAT/SNAT (PAT)
• IPv6 auto-configuration of down stream nodes• Neighbor Discovery Protocol for IPv6 (RFC 2461)
• Dynamic routing (ZebOS) supports IPv6
BIG-IP IPv6 Implementation
© F5 Networks, Inc.
21
• Fully integrated and complete DNS solution • Superior DNS management
• Intelligent global server load balancing
• High performance scalable DNS
• Complete DNSSEC signing for all zones
• Architecture options to fit any environment
F5 GTM & Infoblox Solution
© F5 Networks, Inc.
22
““The combination of F5’s and Infoblox’s appliances
provide enterprise customers an opportunity to build
authoritative DNS infrastructure without giving up
either global server load balancing or DNSSEC —
it’s a no compromise solution.”
Cricket Liu, Infoblox VP of Architecture and author of O’Reilly book “DNS and BIND”
© F5 Networks, Inc.
23
• Configure DNSSEC parameters at the Grid level including NSEC3 and trust anchor records
• Any zone can be signed with a single click by using the “Sign Zone” toolbar button
• Single click to enable DNSSEC or enable validation of records for an external zone
Infoblox Makes DNSSEC Quick and Easy
© F5 Networks, Inc.
24
• Trust anchor configuration inherited from Grid level
• Automatic maintenance of signed zones
• New Zone Signing Keys are automatically generated when the current keys are due to be rolled over so Key rollover is transparent to the admin
• Automatically notified in the GUI when KSK rollover is required
Infoblox Makes DNSSEC Quick and Easy
© F5 Networks, Inc.
25
Three integration architectures:Highly scalable, reliableCombines superior GSLB & comprehensive DNS solutionFlexible, most secure DNS infrastructureHigh availability and DRSuperior management removes likelihood of errors
F5 & Infoblox: A Better Solution http://www.f5.com/solutions/technology-alliances/infrastructure/infoblox.html
F5 Technical Brief Source: F5 and Infoblox DNS Integrated Architecture: Offering a Complete Scalable, Secure DNS Solution
