1 / 6

LTM Concepts

LTM Concepts. Virtualizing servers into highly-available, fault-tolerant applications. Concept Highlights. F5 LTM: full proxy architecture Separate client/server facing tcp stacks Client packet terminates at the LTM on one stack LTM re-creates packet on the other stack

salene
Download Presentation

LTM Concepts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LTM Concepts Virtualizing servers into highly-available, fault-tolerant applications

  2. Concept Highlights • F5 LTM: full proxy architecture • Separate client/server facing tcp stacks • Client packet terminates at the LTM on one stack • LTM re-creates packet on the other stack • LTM default action is to drop packets arriving at the LTM which don’t match: • A vip address • A SNAT (secure network address translation) • F5 LTM: protocol optimization • TCP/UDP optimization via profiles • Can offer different optimization at the client side and server side tcp stacks • F5 LTM: application optimization • http(s) / FTP / SSL / LDAP / RADIUS / Kerberos / persistence via profiles • Customizable profiles for each application or vip

  3. Highlights (Continued) • F5 LTM: enhanced network and application security • Connection reaping: protects against various DoS attacks • Full proxy architecture: provides full protocol and transmission breaks between client side and server side traffic to thwart malformed packets • Ability to NAT • SSL offload to LTM using dedicated ASIC’s for hardware-based SSL encryption / decryption on either/both client/server side tcp stacks. • iRules: provide fully customizable strategies for security via event-based, packet manipulation • Manipulate header information or packet data • Filter packets based on source/content/protocol/ • Enforce protocol standards • Fix application-induced packet issues • Insert or delete cookies • And more • F5 LTM: local load balancing • Load balance across one or multiple pools per vip • Consolidate server connections via OneConnect to reduce server connection load • Enhance server productivity by offloading SSL intelligently caching data at the LTM, and/or protocol optimization • Servers get to focus solely on serving content • Other tasks offloaded to the LTM to be better handled by dedicated hardware • One application can span many vips • Each vip represents a socket • Each pool or node can have it’s own health monitor to ensure traffic only goes to healthy servers

  4. Example: How it Works

  5. Additional features • Customizable distributed application control via iControl • Let BU teams control their apps objects via secure custom web page • We don’t have to give them login access to the ltms • They don’t have to keep track of which ltm their apps are on • They don’t have to engage us via ticket for simple pool up/down operational maintenance, or for manual cut-over between data centers (with GTM). • They can only change what we authorize them via the page we build for them, and limit who can make the change via LDAP. • Let BU teams see usage statistics, and current pool/vip up/down status at a glance, without having to engage us directly. • Additional modules can be licensed for application firewall protection, user authentication enhancements, web application accelleration, and more

  6. Standard Physical Deployment • Deploy LTM platforms (virtual or hardware) in pairs for HA via redundancy. • “Trunk” sets of interfaces (think EtherChannel) for ease of maintenance (adding additional vlans) and increased bandwidth. • Ensure LTM’s are reachable by protocol via SSH and HTTPS, and physically by both management Ethernet and serial port via console server

More Related