BIG-IP Next for Kubernetes Nvidia DPU deployment walkthrough
Introduction Modern AI factories—hyperscale environments powering everything from generative AI to autonomous systems—are pushing the limits of traditional infrastructure. As these facilities process exabytes of data and demand near-real-time communication between thousands of GPUs, legacy CPUs struggle to balance application logic with infrastructure tasks like networking, encryption, and storage management. Data Processing Units (DPUs), purpose-built accelerators that offload these housekeeping tasks, freeing CPUs and GPUs to focus on what they do best. DPUs are specialized system-on-chip (SoC) devices designed to handle data-centric operations such as network virtualization, storage processing, and security enforcement. By decoupling infrastructure management from computational workloads, DPUs reduce latency, lower operational costs, and enable AI factories to scale horizontally. BIG-IP Next for Kubernetes and Nvidia DPU Looking at F5 ability to deliver and secure every app, we needed it to be deployed at multiple levels, a crucial one being edge and DPU. Installing F5 BIG-IP Next for Kubernetes on Nvidia DPU requires installing Nvidia’s DOCA framework to be installed. What’s DOCA? NVIDIA DOCA is a software development kit for NVIDIA BlueField DPUs. BlueField provides data center infrastructure-on-a-chip, optimized for high-performance enterprise and cloud computing. DOCA is the key to unlocking the potential of the NVIDIA BlueField data processing unit (DPU) to offload, accelerate, and isolate data center workloads. With DOCA, developers can program the data center infrastructure of tomorrow by creating software-defined, cloud-native, GPU-accelerated services with zero-trust protection. Now, let's explore BIG-IP Next for Kubernetes components, The BIG-IP Next for Kubernetes solution has two main parts: the Data Plane - Traffic Management Micro-kernel (TMM) and the Control Plane. The Control Plane watches over the Kubernetes cluster and updates the TMM’s configurations. The BIG-IP Next for Kubernetes Data Plane (TMM) manages the supply of network traffic both entering and leaving the Kubernetes cluster. It also proxies the traffic to applications running in the Kubernetes cluster. The Data Plane (TMM) runs on the BlueField-3 Data Processing Unit (DPU) node. It uses all the DPU resources to handle the traffic and frees up the Host (CPU) for applications. The Control Plane can work on the CPU or other nodes in the Kubernetes cluster. This makes sure that the DPU is still used for processing traffic. Use-case examples: There are some recently awesome use cases released by F5’s team based on conversation and work from the field. Let’s explore those items: Protecting MCP servers with F5 BIG-IP Next for Kubernetes deployed on NVIDIA BlueField-3 DPUs LLM routing with dynamic load balancing with F5 BIG-IP Next for Kubernetes deployed on NVIDIA BlueField-3 DPUs F5 optimizes GPUs for distributed AI inferencing with NVIDIA Dynamo and KV cache integration. Deployment walk-through In our demo, we go through the configurations from BIG-IP Next for Kubernetes Main BIG-IP Next for Kubernetes features L4 ingress flow HTTP/HTTPs ingress flow Egress flow BGP integration Logging and troubleshooting (Qkview, iHealth) You can find a quick walk-through via BIG-IP Next for Kubernetes - walk-through Related Content BIG-IP Next for Kubernetes - walk-through BIG-IP Next for Kubernetes BIG-IP Next for Kubernetes and Nvidia DPU-3 walkthrough BIG-IP Next for Kubernetes F5 BIG-IP Next for Kubernetes deployed on NVIDIA BlueField-3 DPUs
The API Security Paradox: When Automation Becomes Both Solution and Threat
Introduction APIs are the backbone of modern applications, powering everything from web and mobile experiences to microservices architectures. Their scalability and flexibility drive digital transformation. Yet, this rise brings a paradox: the automation that fuels innovation is also being exploited by attackers. Automated threats have evolved from simple scrapers to sophisticated botnets capable of mimicking human behavior with alarming accuracy. This has turned APIs into both business enablers and prime attack surfaces. To navigate this complexity, organizations need a unified, adaptive security approach combining Bot Management and API Security solutions. Evolving Access Patterns Traditional bot defenses—like browser fingerprinting or JavaScript injection—were designed for client-side interactions. Today, APIs are accessed through diverse channels, including: Web Clients: Browser-based users interacting with front-end applications. Mobile Apps: Mobile SDKs communicating directly with backend APIs. Automated Systems (Machine-to-Machine): Scripts, services, and third-party systems connecting to APIs via automation tools or command-line clients. How Attackers Exploit APIs Regardless of how an API is accessed—via a browser, mobile app, or another machine—attackers use automation to probe, exploit, and abuse vulnerable endpoints. These attacks increasingly mimic legitimate traffic, making them harder to detect using conventional methods. Common API Exploits Credential Stuffing: Automating login attempts with stolen credentials, often against login endpoints used by web and mobile apps. Token Abuse: Reusing or forging access tokens to impersonate legitimate users or services. Business Logic Attacks: Manipulating normal workflows to commit fraud - such as faking transactions or hoarding limited resources. Enumeration: Mapping out hidden or undocumented APIs by fuzzing parameters or interpreting verbose errors. Scraping: Harvesting data from public, or semi-public APIs, including pricing, inventory, or personal data. Traffic Obfuscation: Rotating headers, IPs, and user agents to evade rate limits or detection. Challenges in Securing Diverse APIs Each API access type brings distinct challenges in detecting and mitigating automated threats, especially as traffic becomes increasingly distributed, dynamic, and machine-driven. Web endpoints are vulnerable to headless browsers and human-like automation, complicating the differentiation between real users and bots. Mobile SDKs introduce complexities like device spoofing and platform diversity, which hinder consistent threat detection. Machine-to-machine APIs pose difficulties due to the lack of user behavior signals and a heavy reliance on token validation. This makes them attractive targets for attackers. Across all API types, organizations must also tackle coordinated attacks, distinguish benign from malicious bots, and manage escalating defense costs. These factors underscore the need for an adaptive, multi-layered API protection strategy. API Security and Bot Management: A Unified Approach Given these evolving threats and access-specific vulnerabilities, traditional defenses like firewalls and static rate limits are no longer sufficient. Organizations must implement a unified strategy that combines API Security and Bot Defense. API Security ensures robust authentication, authorization, and application-level threat detection. Bot Defense adds an essential layer of protection against advanced, automated attacks that closely mimic human behavior. Together, they deliver comprehensive coverage for both user-facing and backend APIs. Defending abuse, particularly from high-volume automated threats, requires deep traffic visibility, behavioral analysis, and real-time enforcement. This multi-part series will explore how integrating these capabilities can help organizations safeguard their APIs against the full spectrum of modern threats. In this video, we explore how bot management and threat modeling play a critical role in addressing the OWASP API Security Top 10. Conclusion: Defending Against the Double-Edged Nature of Automation The API economy thrives on automation, but that same automation is being exploited by attackers. Malicious bots target the APIs businesses depend on to scale and innovate, turning these critical tools into points of abuse. As APIs serve as both front doors and backdoors to vital systems, protecting them demands more than perimeter defenses. To stay secure, organizations must adopt a dual-layered defense that combines advanced bot management with proactive API security. This approach ensures that both human and automated traffic is continuously monitored, analyzed, and controlled to prevent abuse. This article highlights the evolving API threat landscape and the paradox of automation as both enabler and risk. In the next part of this series, we’ll explore the OWASP API Security Top 10 and show how organizations can build a modern, threat-aware API security strategy to defend against emerging vulnerabilities. Related content F5 Distributed Cloud Bot Defense (Overview and Demo) Configure Bot Defense Standard (Connectors) Introduction to OWASP API Security Top 10 2023 | DevCentral
