Secure Backbone
F5® Distributed Cloud points of presence (PoPs) are interconnected using a multi-terabit, dedicated and redundant private backbone for maximum performance. These PoPs are densely peered and connected with multiple Tier1 transit providers to deliver high-quality internet access for applications and consumers. We directly connect to multiple cloud providers from these locations to provide a reliable and predictable experience across cloud providers. Using BGP and advanced traffic engineering, we are able to provide granular SLAs for any customer that wants a high performance global private network without the complexity of procurement and operations. In addition to connectivity services, the customer can selectively enable infrastructure protection features like DDoS, L3 firewall, and anomaly detection to completely offload their DMZ appliances from their cloud to our network using a private network hand-off or securely tunneled using F5 Distributed Cloud Node in their site.
You can find out more about the Secure Backbone features in the Concepts.
Introuction to Distributed Cloud Mesh Secure Backbone
Figure: Mesh Secure Backbone Features
Mesh Secure Backbone Features
-
Multi-terabit global backbone
- Operating as AS35280 with multi-terabits of backbone capacity and redundancy with colocation in over a dozen major cities. Densely peered backbone and transit providing high-performance reachability to Internet desktop & mobile consumers and applications, Public Clouds and Private cloud facilities.
-
Multi-cloud onramp and peering
- With multiple private connections to public cloud providers and in major colocation facilities we easily enable global Software-defined Cloud Interconnection (SDCI) connectivity between your private DCs to existing public cloud providers with Mesh global backbone. Mesh Direct Connect provides various options connecting onto the network.
-
Mesh Direct Connect
- Provides several On-ramping options into the Mesh Secure Backbone:
- Mesh Direct Connect (Physical connectivity using BGP/static)
- Mesh Direct Connect Tunnel (L2/L3 GRE tunnel over IPsec using or using Distributed Cloud Node)
- Mesh Direct Connect Transport (PNI across the Backbone and Cloud Providers)
- Provides several On-ramping options into the Mesh Secure Backbone:
-
DDoS Infrastructure Protection
- Defense in layers - Filtering based on flow learning with always-on or detect and mitigate options. Active detection and/or passive detection using Netflow/IPFIX. Mitigation can be triggered via F5® Distributed Cloud Console, programmatically via public APIs or automatically by our global operations team. Using distributed scrubbing centers mitigation types range from on-demand to always-on.
-
Hybrid DDoS Bursting
- Bursting of On-premise DDoS to Mesh DDoS infrastructure protection providing always-on multi-vector protection and zero-touch bursting. Use F5 Distributed Cloud's global scrubbing centers with BGP for infrastructure protection and DNS steering for HTTP/HTTPS protection. Connect using Mesh Direct Connect options.
-
High-availability and SLAs
- Using redundant backbone links and traffic engineering Mesh services provides high-availability and carrier-class SLAs for infrastructure connectivity and security services.
Concepts
For an introduction to F5 Distributed Cloud system concepts please click here.