DevCentral ICYMI - September 2024
DevCentral publishes new content constantly, and it’s easy to miss the latest from F5’s technical user community with all that turnover. So here’s a monthly round-up of DevCentral news, content, and events—in case you missed it! New and Notable Share Your Expertise at F5 AppWorld 2025! CFP is now open. F5 and NetApp partnership for Large Language Model AI deployments - F5 and NetApp have teamed up to improve enterprise AI capabilities by using F5’s secure multicloud networking solutions with NetApp’s data management tools. Experience the power of F5 NGINX One with feature demos - Introducing F5 NGINX One, a powerful solution designed to significantly enhance business operations with its high-performance data plane and user-friendly SaaS-based console, offering robust traffic management and critical monitoring features. Content Round-Up AI/LLM F5 BIG-IP and NetApp StorageGRID - Providing Fast and Scalable S3 API for AI apps - F5 BIG-IP's advanced load balancing improves HTTPS server performance. It ensures high availability and optimal storage node utilization when used with NetApp's StorageGRID S3 compatible object storage. How to Prepare Your Network Infrastructure to Add HPC Clusters for AI to Your Data Center - HPC AI cluster integration in enterprise data centers brings challenges, such as network segmentation, security, and high costs. Learn how to overcome these challenges. F5 Distributed Cloud: How I Did it - Migrating Applications to Nutanix NC2 with F5 Distributed Cloud Secure Multicloud Networking - Enterprises struggle to scale and migrate applications while maintaining consistent security and user experience. F5 Distributed Cloud Services (XC) simplifies extending and migrating applications from on-premises environments to Nutanix NC2 clusters, backed by Nutanix's comprehensive hyper-converged infrastructure. Security Insights What is Web Cache Exploitation? - Explore insights from a recent BlackHat/DefCon 2024 presentation on Web Cache Exploitation, which reveals how discrepancies in HTTP server and proxy behaviors can lead to vulnerabilities like Web Cache Poisoning and Web Cache Deception. (HTTP) Redirection via Arbitrary Host Header - In this article, we delve into the importance of the Host header in web requests, its role in enabling multiple-domain hosting, and the potential security risks associated with improper handling. How to Identify and Manage Scrapers (Pt. 1) and How to Identify and Manage Scrapers (Pt. 2) - Here are different ways to find and manage web scraping activities. This includes: scrapers that identify themselves, identifying using IP address, more advanced techniques for finding scrapers that don't identify themselves. We will also talk about the challenges caused by pretending to be someone else and the increase in scraping done by AI. Exploring the Zero Trust Models of AWS, Microsoft, and Google - In response to distributed workforces and advanced cyber threats, the Zero Trust Model enforces strict identity verification, granular access control, and continuous monitoring for users, devices, and resources. Major cloud providers like AWS, Microsoft, and Google have their own versions. Scanning for CVE-2017-9841 Drops Precipitously - The July 2024 Sensor Intelligence Series reports a significant drop in scanning activities for vulnerabilities CVE-2017-9841 and CVE-2023-1389, despite their previous high levels. This highlights the importance of ongoing cybersecurity vigilance. Scuba Gear from CISA, ROBLOX Malware Campaign, and RUST backdoo-rs This Week in Security Leaks & breaches, memory-safe C++, cryptominers and bridging the air-gap This Week in Security GC Document AI Transitive Access Abuse, make-me-root holes in VMWare fixed and more - This Week in Security BIG-IP Next: How to secure egress with F5 Service Proxy for Kubernetes (Japanese language version: 次世代のBIG-IP SPKとK8s コンテナの外部アクセス制御) - Securing Kubernetes egress traffic can be challenging. F5's Service Proxy for Kubernetes (SPK) offers a solution. It dynamically manages egress through its Calico egress gateway. This allows for central control, consistent network policies, and source NAT translation. BIG-IP Next Installation Guides - These resources will walk you through the initial steps of getting Central Manager and instances installed on the various platforms for labs and production. F5 Distributed Cloud: How I Did it - Migrating Applications to Nutanix NC2 with F5 Distributed Cloud Secure Multicloud Networking -Enterprises face challenges with scaling and migrating applications. F5 Distributed Cloud Services (XC) helps by enabling seamless application extension and migration, as shown with Nutanix NC2 clusters. Architecture Options for Kubernetes Service Discovery in Distributed Cloud - F5 Distributed Cloud (XC) Virtual Edition Customer Edge increases service discovery in Kubernetes clusters, allowing easy connectivity in dynamic microservices environments. Cascading Configs Tool for F5 Distributed Cloud Managed Service Provider (MSP) and Delegated Access Customers - The new XC-Cascading-Configs tool simplifies configuration management for F5 Distributed Cloud customers. It allows efficient push and maintenance of shared configurations across multiple tenants. NGINX: Deploying F5 NGINX Plus Graviton-powered Containers as AWS ECS Fargate Tasks - Amazon's Graviton4 chip offers great price-performance for cloud architects. NGINX Plus works with ARM64, ECS, and ECS Fargate. It's easy to set up, use, and scale within AWS. Announcing F5 NGINX Gateway Fabric 1.4.0 with IPv6 and TLS Passthrough - NGINX Gateway Fabric 1.4.0 features IPv6 support, TLS passthrough, server zone metrics, custom pod annotations, and improved testing automation. It ensures stability and performance for Kubernetes clusters. BIG-IP: F5 BIG-IP deployment with Red Hat OpenShift - keeping client IP addresses and egress flows - OpenShift 4.14's AdminPolicyBasedExternalRoute improves control of egress traffic by utilizing F5 BIG-IP as the default gateway for certain namespaces. This feature ensures client IP preservation and integrates security functions. BIG-IP VE in Red Hat OpenShift Virtualization - Running BIG-IP VE in Red Hat OpenShift Virtualization connects virtual machines and Kubernetes. This simplifies management and operations by using OpenShift's KubeVirt and QEMU+KVM Linux virtualization layers. VMware to Red Hat OpenShift Virtualization Migration - Seamlessly migrate workloads and BIG-IP Virtual Editions from VMware to OpenShift Virtualization. Our comprehensive guide will streamline your transition and unify your application infrastructure. F5 Cloud Failover Extension (CFE), private endpoints, and custom DNS - Using the F5 Cloud Failover Extension (CFE) for API-based failover in public cloud environments can cause issues with API calls being blocked. This is due to custom DNS settings and private endpoints. To resolve this, configure DNS settings to properly resolve private IP addresses.DevCentral Visits: KubeCon NA 2023
Myself andAubreyKingF5are hitting the road together and getting our Cloud-Native on as we visit KubeCon NA 2023 in Chicago! The Cloud-Native Community is one of the most lively ones out there and we have a lot of people to visit. Keep an eye on this thread as we update with all of the things we learn about this week! Make sure to subscribe to theDevCentral Youtubechannel,followDevCentral,Aubrey King, andBuu Lamto get the latest updates. Check out the whole KubeCon NA 2023 playlist here.GITEX Global 2023 in Dubai - DevCentral Visits
@buulamis fresh from GITEX Global in Dubai! Here are some highlights from his trip and the connections he made at this massive IT conference. Make sure to subscribe to theDevCentral Youtubechannel,and followDevCentralandBuu Lamto get the latest updates. DevCentral Visits GITEX Global 2023 in Dubai! Zakeer Zubair on Navigating Changes in F5 and Dubai Over 16 Years Role Reversal! Zakeer Zubair Dives into Buu Lam's Journey Grant Taylor talks about Exclusive Networks and the Middle East region DevCentral Visits GITEX Global 2023 in Dubai! Buu arrives at GITEX Global 2023 in Dubai! This massive security conference (more than 200,000 attendees) has a lot of cool things to explore. Zakeer Zubair on Navigating Changes in F5 and Dubai Over 16 Years Zakeer Zubair, the Senior Manager for Solutions Engineering at Gulf & Levant, has seen significant changes in F5 and Dubai over 16 years. He discussed how market needs align well with F5's portfolio of application and API delivery and protection. He also highlighted the value of the university intern program. Role Reversal! Zakeer Zubair Dives into Buu Lam's Journey Role reversal! Zakeer Zubair interviewed Buu Lam about his journey to becoming a DevCentral Community Evangelist and the importance of sharing educational content. Buu also shares his impressions of Dubai as a first-time visitor! Grant Taylor talks about Exclusive Networks and the Middle East region Grant Taylor, General Manager of Exclusive Networks in the Middle East, oversees the largest distributor in the region. With professional services, specialized partner sales teams, the company is leading the digital transformation taking place in the Middle East.
Remember your first stack?
Do you remember your first stack? Maybe you got lucky and had a chance to build your first stack from the ground up, with ample time and resources. Your stack was flexible, efficient, and modern, with everything you need, and nothing you don’t. Maybe you inherited a stack that was built when your company’s business was really different…and managing security and updates takes enough time and resources that you never quite got around to upgrading the system to meet current business needs. Maybe your first stack showed just how many people had been involved in its development over the years, with idiosyncratic workarounds to allow integration of older and more modern tech. As you’ve moved from role to role, you’ve probablynoticed that every stack is different, featuring a unique combination of elements that reflect the current and historical needs of the business…and a unique set of app and API security and delivery needs to match. At F5, we’ve noticed that, too - That’s whywe’ve worked hard to build a set of security and delivery solutions that can work on any architecture. That’s also why we created the Frankenstacks—these colorful stacks are meant to bring to life the unique architectures our customers have built and to represent the creative solutions those architectures include. So, go ahead Choose a new Frankenstack avatar. (You can even pick one that reps your real-life stack.) Tell us what you remember about your first stack. And remember that whatever you’ve built, we secure that.F5 2023 State of Application Strategy Report
Hybrid IT is here to stay! So says F5’s 2023 State of Application Strategy Report. Did you know that almost 90% of our respondents are running in multiple clouds and most of them are using anywhere from 3 to 6 different cloud providers? But challenges remain. You can learn more about these and many other interesting tidbits in the F5 2023 State of Application Strategy report. Get yours at: F5.com/SOASDevCentral's Featured Member for April - Mihai Cziraki
Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and ourFeatured Seriesgives you some insight on some of our most engaged folks. DevCentral MVPMihai Czirakiis our Featured Member for April 2023! He's been helping lots of other members with some great tips so let's catch up with Mihai! DevCentral: First, please explain to the DevCentral Community a little about yourself, what you do and why it is important. Mihai: I am a Data Center Network Senior Design Engineer working for _VOIS – Vodafone Intelligent Solutions. I have been working with load-balancing/ADC for the last 8 years (with some gaps). I started my career 15 years ago as a Network Support Engineer. At some point, I started working with F5 LTM and really enjoyed it. Since then, this has been my favorite part of my job. At some point, I wish this would be all I do, ‘playing’ with these types of devices and technologies. The other part that I discovered in the last years is Automation (Ansible,Python). In my free time, I like spending time with my family(I have 2 kids), traveling, and cycling (Road and MTB) DevCentral: You’ve been an active contributor in the DevCentral community. What keeps you involved? Mihai: I really like helping people. One, because when I started working with F5 BIG-IP LTM, I found help in this forum, and Second, because I feel I need to pass on the things I've learned. It also helps me reminding things that I have not used for some time. DevCentral: Tell us a little about your technical expertise. Mihai: I started as Support Network Engineer focusing and on routing/switching, then moved to firewalls and load-balancing/ADC. I’ve worked with BIG-IP LTM (no other modules unfortunately) and then moved to Citrix Netscaler. I really like working on deploying new applications/services using these devices. Next, I was(still am) into Network Automation. I started with Bash, then Ansible, and now Python. Now I am working in DC Network Design and sometimes this involves BIG-IP LTM devices. DevCentral: You are a Senior Design Engineer at _VOIS. Can you describe your typical workday, how you manage work/life balance and the strong support of F5 solutions? How has the pandemic impacted your work? Mihai: Since the pandemic, I’ve been working only remotely and I’ve started to like it. It gives me more time by not having to travel to the office. For almost 2 years I have been working at _VOIS – Vodafone Intelligent Solutions. “_VOIS is a global, multi-functional organisation, a Centre of Excellence for Intelligent Solutions focused on adding value and delivering business outcomes for Vodafone. “ On a normal day, the first thing I do is getting my daughter to school. When I get back, I start working. I am involved in multiple projects, so I am checking every day what I can do for each project. Sometimes I work on only one project for days, other times I can do small bits on multiple projects. When I have time I check the DevCentral forum to see what issues have 0 answers. If I know how to help or have an idea, I test it in the lab environment I have at home. (I have an Intel NUC with Vmware ESXI installed and an Eve-ng VM where I have an LTM with 2 web servers in the backend.) I check the forum several times per day. Sometimes I find interesting problems that someone has already answered and that I don't know how to solve, but I'm learning from them. Working in Network Design, sometimes I get a network design that involves an F5 device usually, but we also have other vendors. These are my favorites. Usually, they are about the topology and what features they can use for the solution or an app. So I have more of a consultant role. I don’t do implementations or operations anymore. I miss working with irules/profiles, setting up virtual servers for challenging web applications, securing an app etc. (But I have my lab for this) After my job schedule ends, I pick up my son or my daughter from school/kindergarten and spend some time with both of them. DevCentral: Do you have any F5 Certifications? If so, why are these important to you and how have they helped with your career? Mihai: After 7 years of working with load-balancing technologies, last year I decided to give it a try and get a certification. So I got F5-CA, BIG-IP. I did it because I had time and I wanted to remind myself of some things I have forgotten by not using them. I believe that experience with a technology beats a certification. That’s why I was not keen to have one. Even now I feel that I have to take the next level certification because the current one does not reflect my experience with these technologies. DevCentral: Describe one of your biggest Customer challenges and how the Community helped in that situation. (Does not necessarily have to be DevCentral) Mihai: It is not a Customer challenge but more an internal request to upgrade to a new OS version. It was back in 2015 when I was struggling to convert HTTP classes back to irules, because HTTP classes were getting deprecated. Doing it manually would have taken me quite a lot of time. So I opened my first DevCentral request. One of the members helped me with a regex command to convert a file of HTTP classes to an irule. Here it is : https://community.f5.com/t5/technical-forum/http-class-to-irule-conversion/td-p/242504 The DevCentral MVP member is: StephanManthey Thanks again! 🙂 DevCentral: Lastly, if you weren’t doing what you’re doing – what would be your dream career? Or better, when you were a kid – what did you want to be when you grew up? Mihai: I really love what I am doing and I am happy that I have a job that I like. But if I really have to choose something else probably it would be something about cycling. Maybe a bike shop/service or a bicycle travel agency. ---Thanks Mihai! The DevCentral Community really appreciates your willingness to share with our Members. Connect and Follow on Social: Mihai on LinkedIn Mihai's Blog Mihai's Github _VIOS on the Web _VIOS on LinkedIn'How to Pass the CKA Exam' Next Time on DevCentral Connects
Kubernetes is an open source container orchestration system designed to automate software deployments, scale and management. It's also a hot topic on DevCentral Connects! Join us Tuesday, April 4th, 8:30AM Pacific, as JRahmjoins buulamto talk about his journey to become a Certified Kubernetes Administrator. He's going to go through his training, his study group, and they may even be joined by a special guest who helped coordinate it all. That's Tuesday, April 4th, 8:30AM Pacific. This Link https://youtube.com/live/Zbx1UnqDyhc sets your reminder. DevCentral Connects is live every Tuesday, 8:30AM Pacific. Subscribe.'The Ultimate Home Lab' Next Time on DevCentral Connects
Is your home lab a VM on a laptop? Maybe it's a tower dedicated for testing. Or maybe it is a fully-loaded 42U Rack in your closet with unlimited storage. If you'd like to get the most out of your home lab join DevCentral Connects Tuesday, March 28, 8:30AM Pacific as Principal Application Security Engineer James Cox joins buulamto talk about his tricked out home lab and give you some tips on how to maximize your little testing facility. This link https://youtube.com/live/BZiWaEycrvk sets your reminder...DevCentral Connects is live every Tuesday 8:30AM Pacific. Get the most out of your home lab and subscribe.
