F5 Networks in the city

Virtualisation

How would you like a free tour of the Facebook security system? But, I don't mean a business-class, all-expenses trip round a whole world of anonymous data centres guarded by men in Mirrorshades. No. I am talking about a complete preview of the world-spanning, traffic-distributing, super-tough resilient gateway that front-ends all its kit and passes all traffic.

To do this you need to assemble a simple list of ingredients. A VMware vSphere capable PC (mine cost me 109), a free copy of vSphere (cost, zero, if you allow for download time and the usual inside-leg personal data gathering by VMware) and ideally a few spare LAN cards of speeds and types suitable or your machine and supported by vSphere.

The underlying party trick is that, assuming you bring up the Hypervisor and then go and get the trial VM version of the security proxy device from F5 networks, you can finish up in a software environment which is identical in all important ways with the one presented by the heaviest lump of metal in the F5 cookbook. And I do mean, truly identical: a configuration file from the VM version can be saved and then later uploaded to a full-fat, registered and permanently deployable VM, or to a physical device.

I know what you're all thinking. Why on earth would you bother with a physical device these days? Surely that's all old hat and there's a nice easy world of VM build and configure waiting for us out there, right? This isn't just a demo of F5's tight self-control in coding and deployment, it's a poster child for software defined networking (SDN), which as we know is going to be such a big thing in the next few years.

Well, not really. F5 has a very simple answer. It has benchmarked its physical kit against its own VM versions. In its market sector, the simple answer is that it's all about performance. To get the right kind of value from an F5 setup you need to be moving millions of transactions per hour, front-ending thousands of servers, and you should really also be interested in levels of intrusion into traffic with customers which transgress traditional boundaries of architecture, protocol and use-case.

Most devices with overlapping descriptions with the F5 product portfolio call them firewalls, border devices, proxies, load-balancers, and so on are bottom-up designs.