Scaling & Securing the SGi-LAN using the F5 BIG-IP® Platform and Intel® Architecture

James Hendergart

Innovation continues to accelerate at a breakneck pace. Smart cities, Connected Vehicles, Smart Sensors and Devices are driving the transformation of networks. Wi-Fi speeds over mobile networks? Yes! 5G is coming, bringing with it new networks, new services, and new applications that need to be secured and scaled intelligently.

Between the packet gateway and the Internet lies the SGi-LAN, a crucial network segment where the new services required of an Internet of Things (IoT) world and the 5G infrastructure required to support it meet. This year at Mobile World Congress (#MWC16), F5 Networks and Intel are teaming up to demonstrate a reference case for securing and scaling the SGi-LAN using a combination of F5 software-defined hardware, F5 software, and Intel hardware together with the IETF draft standard for Network Service Header (NSH).

The scenario is a simulated SGi-LAN network that withstanding a Syn Flood DDoS attack. It’s protected by a highly scalable firewall which forwards genuine subscriber traffic to a virtualized Service Router VNF running F5 BIG-IP Virtual Edition software. This Service Router is fed by the Intel FM10000 deployed in a 100GbE NIC form factor and directs traffic into multiple smaller network service function chains running multiple virtualized network functions (VNFs). All of the VNFs in this architecture (such as load balancing, Network Firewall, URL Filtering, Carrier Grade NAT, DNS, etc.) can be deployed using specific configurations of F5 BIG-IP Virtual Editions, all of which support NSH fed by Intel XL710 (40G NIC).

This design gives Mobile Network Service Providers a flexible choice of purpose-built hardware and software to scale and secure their SGi-LAN. Flexibility comes from the choice of selecting hardware or software and the freedom to choose what components of their infrastructure to virtualize and when to virtualize. Now that NSH support is built into F5 Traffic Management Operating System (TMOS), all TMOS software modules automatically “speak” NSH, which is used to increase the efficiency of packet processing. This is accomplished by categorizing and routing traffic through virtualized network service function chains so that only needed network services are applied to packets as they traverse the SGi-LAN. At the same time, this critical segment of the carrier network can be protected with an ultra-high performance and scalable DDoS firewall.

Together, Intel and F5 are showing how Intel® Architecture with F5 hardware and software promote the enhancement of network infrastructure to meet the needs of an Internet of Things (IoT) world and the 5G networks required to deliver it.

Come by and see us inside Intel’s neighborhood at MWC – Hall 3. And look for more posts from F5 as we share our experiences from the show.

Additional Resources

• Intel white paper on 01.org speaking to network service function chaining in the SG-LAN
• IETF draft standard for NSH
• F5 BIG-IP Software Modules overview
• Intel® Ethernet Controller XL710 Family overview
• Intel® Ethernet Multi-host Controller FM10000 Family overview

About the Author

James Hendergart

More blogs by James Hendergart