Technical Articles
F5 SMEs share good practice.
cancel
Showing results for 
Search instead for 
Did you mean: 
David_Holmes_12
Historic F5 Account

It’s still #ddos season, so let’s take another look at the F5 reference architecture around DDoS protection. The second deployment scenario is the enterprise use case, which has lots of inbound application traffic but also some measure of outbound user-generated traffic as well.

0151T000003d5zSQAQ.jpg

Differences between the Enterprise and Global FSI use cases:

  1. In the network diagram product map above, at the top right you can see the user-generated traffic issuing from the green user icon. It flows through a next generation firewall (or some other device that offers web security) and then out through the main datacenter firewall.
  2. The enterprise case is more likely to have the DNS services either consolidated into tier 1 or at least protected by tier 1’s firewall manager. Here we show the services rolled up into the BIG-IP itself.
  3. As I mentioned in the global FSI case, the FSIs always are reticent terminate SSL at tier 1. Enterprises feel much more free to do so and we find that it’s approximately half-and-half for them.
  4. The enterprise use case can benefit from having an Access Policy Manager (APM) to provide Single-Sign On, VDI, and SSL-VPN services. Not seen as much in the Global FSI case.

The essence of the architecture – targeting network attacks with a DDoS-aware network firewall in tier 1 and application attacks in a scalable tier 2 – is the same for both the use cases we’ve looked at so far.

For access to the full F5 DDoS reference architecture, visit the new F5 Synthesis reference architecture site.


Connect with David:Connect with F5:
0151T000003d5QFQAY.png 0151T000003d5QGQAY.png 0151T000003d5QHQAY.png 0151T000003d5QIQAY.png  0151T000003d5QHQAY.png 0151T000003d5QIQAY.png 0151T000003d5QLQAY.png 0151T000003d5QMQAY.png
Version history
Last update:
‎23-Dec-2013 06:00
Updated by:
Contributors