Intelligent DNS Services and

Global App Management

DNS

BIG-IP DNS

1 | ©2021 F5 NETWORKS
 Intelligent DNS Services
BIG-IP DNS

2 | ©2021 F5 NETWORKS
 Traditional DNS infrastructure

Load balanced traditional DNS Servers Issues with this deployment?

• Conventional thinking scales DNS by adding more
servers
• Individual servers are not high performance, so scale
with load balancing
• Firewall in front of DNS infrastructure
• Traditional DNS Servers are patched frequently
• Patches are mostly for vulnerabilities
• Under load, firewalls become a bottleneck

Legitimate Clients

Edge Load Balanced DNS Servers

Services

Local Load
Malicious Actors Traditional DNS
Balancing
Firewall

3 | ©2021 F5 NETWORKS
 DNS The F5 Way
CONVENTIONAL DNS THINKING
Array of • Performance = Add DNS boxes
External DNS Load Internal Hidden
Internet DNS Servers
Firewall Balancing Firewall Primary DNS • Weak DoS/DDoS Protection
• Firewall is THE bottleneck

F5 PARADIGM SHIFT

F5 DNS DELIVERY REIMAGINED

• Scalable performance up to 40M
DNS Firewall RPS!
Internet Primary DNS DNS DDoS Protection
Infrastructure Protocol Validation
Authoritative DNS
• Strong DoS/DDoS protection
Caching Resolver
BIG-IP Transparent Caching • Lower CapEx and OpEx
High Performance DNSSEC
DNSSEC Validation
Intelligent GSLB

4 | ©2021 F5 NETWORKS
 Scale and Security for Intelligent DNS and
Global App Management

OPTIMIZED APPLICATIONS & DATA

• Auth. DNS Scalability up to 200x
• DNS Caching and Resolving
• Intelligent Global Load Balancing DMZ DMZ
• Geolocation routing
• Automatic site-to-site failover
• IPv6/IPv4 Translation Internet
• DNS and App Health Monitoring BIG-IP BIG-IP

SECURE APPLICATIONS & DATA

• DNS DDoS Mitigation Data Data
Center Center
• DNS Firewall Services 1 2
BIG-IP DNS BIG-IP
• Domain Filtering of malicious IPs DNS
• Real-time DNSSEC signing
• DNSSEC Validation
• Transaction Assurance
App Svr. App Svr.
• DNS iRules for programmability

©5F5 Networks,
| ©2021 Inc
F5 NETWORKS 5
 Availability Services for DNS and GSLB
• Eliminating single points of failure to reduce Authoritative DNS
downtime and disruption. DNS Caching & Resolving
Secure DNS Hyperscale DNS

• Network, application and organizational availability Scale Global Apps Disaster Recovery
is critical to ensuring business continuity and Business Continuity
access to the applications. Global Server Load
DNS DDoS Balancing
Mitigation
• Availability services span data center and cloud- Hybrid Cloud Balancing
hosted applications, ensuring scale and reliability
regardless of location. Replicate DNS
Cloud Scalability

6 | ©2021 F5 NETWORKS
 Global App Management
BIG-IP DNS global server load balancing

7 | ©2021 F5 NETWORKS
 Delivering Applications Globally is Complex

Location
End user experience Disasters and attacks

Global applications DNS and app volumes

8 | ©2021 F5 NETWORKS
 Intelligent App Delivery Across Data Centers
with BIG-IP DNS

Dynamic load balancing

High-performance methods based on business logic Advanced
hardware
monitoring

Persistence

Customization
BIG-IP (iRules)
Geographical
context

Intelligent and automatic app routing based on context, conditions and

status
9 | ©2021 F5 NETWORKS
 Scale and Secure DNS and Optimize Global
Apps DMZ: DNS/App Delivery Local App Delivery

Auth. DNS Scale

DNS Caching/Resolv.
DNS Firewall Services
DNS DDoS mitigation
DNSSEC Signing/Valid. DNS IPAM,
Legitimate Queries
Global App Routing DHCP
Legitimate BIG-IP
Cache Poisoning
Visitors
DNS DDoS Attacks

LDNS Internet
Up to 40 million DNS RPS BIG-IP
Applications
Malicious
Attackers

Cloud Environment

BIG-IP
Intelligent DNS and Global App Availability BIG-IP
DNS
Local Traffic Manager

• Unmatched DNS Scale for fast app responses

• Mitigate DNS DDoS and redirect attacks
Cloud Hosted
• Direct users to optimal data centers and clouds Apps

• Continuously monitor application health

10 | ©2021 F5 NETWORKS
 Distributing Requests Across Hybrid Cloud
Cloud-balancing with DNS and Global App Delivery

SaaS/
DNS Hosting

Data Center Public

Cloud Private
Data Center Cloud

DataPrivate
Center
Cloud

Simple and Robust Cloud DNS and App Management:

• Ensure DNS responses route users efficiently to best DC or cloud
• Extend caching and app management to cloud deployments
• Increase productivity with fast DNS and app responses with cloud-balancing
• Replicate DNS and Secure DNS across hybrid environments
11 | ©2021 F5 NETWORKS
 Flexible and automatic DNS and GSLB
BIG-IP DNS Virtual Editions for Production or Lab
• Directs users to most available virtual and globally dispersed apps
• Virtually deployed DNS architecture; module or standalone
• Test in virtual labs and replicate across production
• Deploy DNS services and GSLB in physical, and hybrid cloud environments

Custom Application

BIG-IP BIG-IP

BIG-IP BIG-IP
DNS Local Traffic Manager

Public/Private Cloud
©12F5 Networks,
| ©2021 Inc
F5 NETWORKS 12
 F5 DNS and Global App Services Support
Private Clouds

13 | ©2021 F5 NETWORKS
 Unbalanced App Traffic Causes Slow Service

Data Center

Data Center

14 | ©2021 F5 NETWORKS
 Control Traffic Based on User Location
Regional control improves user experience

Data Center

Data Center

BIG-IP

BIG-IP

BIG-IP DNS with IP BIG-IP DNS with IP

geolocation database geolocation database

15 | ©2021 F5 NETWORKS
 Control Traffic Based on User Location
Regional control improves user experience

Data Center
DMZ BIG-IP DNS with IP
geolocation database Cloud

BIG-IP
BIG-IP
BIG-IP BIG-IP
DNS Local Traffic Manager

Cloud Hosted Apps

16 | ©2021 F5 NETWORKS
 Simply and Efficiently Manage Complex
Networks

Active BIG-IP App Svr.

LDNS BIG-IP
Active BIG-IP App Svr.
Users

Passive BIG-IP App Svr.

Manageable and predicable data center utilization

• Easy integration into existing infrastructure for high availability
• Serve DNS and application requests with BIG-IP DNS
• Enable flexible site options: Active/Active, Active/Passive, Active/DR Only
• Failover either whole DC or just individual apps/servers
17 | ©2021 F5 NETWORKS
18 | ©2021 F5 NETWORKS