F5 Distributed Cloud
F5 Distributed Cloud 使用案例圖,展示使用 f5-brand 圖示套件的安全性、網路及應用程式交付架構。
Web 應用程式與 API 保護
Section titled “Web 應用程式與 API 保護”WAAP 安全檢測管線
Section titled “WAAP 安全檢測管線”多層 WAAP 檢測管線,在流量抵達應用程式之前,依序通過防火牆、應用程式程式碼保護及機器人防禦。
flowchart LR
user@{ icon: 'lucide:globe', label: 'Users' }
fw@{ icon: 'f5-brand:security-firewall-shield', label: 'Firewall Shield' }
appcode@{ icon: 'f5-brand:security-shield-app-code', label: 'App Code Protection' }
botdef@{ icon: 'f5-brand:security-bot-defence', label: 'Bot Defence' }
app@{ icon: 'carbon:application', label: 'Application' }
user --> fw
fw --> appcode
appcode --> botdef
botdef --> app邊緣安全架構
Section titled “邊緣安全架構”邊緣安全架構,包含 WAF、防護盾驗證及跨雲端來源的應用程式保護群組。
architecture-beta group edge(f5-brand:security-firewall-shield)[Security Edge] group origins(carbon:cloud-services)[Cloud Origins] service waf(f5-brand:security-firewall)[WAF] in edge service shield(f5-brand:security-shield-checkmark)[Shield Verify] in edge service appshield(f5-brand:security-shield-app-code)[App Shield] in edge service aws(hashicorp-flight:aws-color)[AWS Origin] in origins service azure(hashicorp-flight:azure-color)[Azure Origin] in origins waf:R --> L:shield shield:R --> L:appshield appshield:R --> L:aws appshield:B --> T:azure
具速率限制的 API 保護
Section titled “具速率限制的 API 保護”API 請求驗證管線,在流量抵達 API 端點前,依序通過防火牆、速率限制及結構描述驗證。
flowchart LR
client@{ icon: 'lucide:globe', label: 'API Client' }
fw@{ icon: 'f5-brand:security-firewall-shield', label: 'Firewall' }
rate@{ icon: 'f5-brand:network-api-gateway', label: 'API Gateway' }
schema@{ icon: 'f5-brand:security-shield-checkmark', label: 'Schema Validation' }
api@{ icon: 'carbon:api', label: 'API Service' }
db@{ icon: 'carbon:data-base', label: 'Database' }
client --> fw
fw --> rate
rate --> schema
schema --> api
api --> db機器人偵測管線
Section titled “機器人偵測管線”多階段機器人偵測,依序通過 JavaScript 挑戰、裝置指紋識別、行為分析及決策引擎。
flowchart LR
req@{ icon: 'lucide:globe', label: 'Request' }
js@{ icon: 'f5-brand:security-bot', label: 'JS Challenge' }
fp@{ icon: 'f5-brand:security-fingerprint', label: 'Fingerprinting' }
behavior@{ icon: 'f5-brand:security-pattern-matching', label: 'Behavior Analysis' }
decision@{ icon: 'f5-brand:security-bot-defence', label: 'Decision Engine' }
allow@{ icon: 'carbon:application', label: 'Application' }
block@{ icon: 'f5-brand:security-firewall-bot', label: 'Block' }
req --> js
js --> fp
fp --> behavior
behavior --> decision
decision -->|Human| allow
decision -->|Bot| block機器人防禦層
Section titled “機器人防禦層”分層機器人防禦架構,包含憑證情報、機器人偵測及裝置狀態分析。
architecture-beta group defense(f5-brand:security-bot-defence)[Bot Defense Layers] group app(carbon:cloud-services)[Application] service botfw(f5-brand:security-firewall-bot)[Bot Firewall] in defense service botdef(f5-brand:security-bot-defence)[Bot Defence] in defense service intel(f5-brand:security-password-bot)[Credential Intel] in defense service login(carbon:application)[Login Service] in app service account(carbon:security)[Account Service] in app service db(carbon:data-base)[User Store] in app botfw:R --> L:botdef botdef:R --> L:intel intel:R --> L:login login:R --> L:account account:B --> T:db
用戶端防禦管線,包含裝置狀態驗證、筆記型電腦機器人偵測及 Magecart 保護。
flowchart TD
user@{ icon: 'lucide:user', label: 'End Users' }
attacker@{ icon: 'f5-brand:security-laptop-bot', label: 'Compromised Client' }
posture@{ icon: 'f5-brand:device-laptop-lock-arrows', label: 'Device Posture' }
botcheck@{ icon: 'f5-brand:security-bot-defence', label: 'Bot Check' }
shield@{ icon: 'f5-brand:security-shield-checkmark', label: 'Verified Clean' }
app@{ icon: 'carbon:application', label: 'Application' }
user --> posture
attacker --> posture
posture --> botcheck
botcheck --> shield
shield --> app多雲應用程式連接
Section titled “多雲應用程式連接”透過集中式應用程式交付網狀架構,實現跨 AWS、Azure 及 GCP 的多雲應用程式連接。
architecture-beta group xc(f5-brand:cloud-multi)[F5 Multi-Cloud] group aws(hashicorp-flight:aws-color)[AWS] group azure(hashicorp-flight:azure-color)[Azure] group gcp(hashicorp-flight:gcp-color)[GCP] service fabric(f5-brand:app-delivery-fabric)[App Delivery Fabric] in xc service connect(f5-brand:cloud-multi-app-container)[App Connect] in xc service eks(hashicorp-flight:kubernetes-color)[EKS] in aws service rds(carbon:data-base)[RDS] in aws service aks(hashicorp-flight:azure-aks-color)[AKS] in azure service gke(hashicorp-flight:kubernetes-color)[GKE] in gcp fabric:R --> L:connect connect:B --> T:eks eks:R --> L:rds connect:B --> T:aks connect:B --> T:gke
具站台網格的網路連接
Section titled “具站台網格的網路連接”多雲網路連接,具備站台網格拓撲及連接雲端區域的傳輸閘道。
architecture-beta group net(f5-brand:cloud-network-connect)[Network Connect] group region1(hashicorp-flight:aws-color)[AWS Region] group region2(hashicorp-flight:azure-color)[Azure Region] service mesh(f5-brand:cloud-multi-network)[Site Mesh] in net service gw(f5-brand:network-gateway)[Transit Gateway] in net service web1(carbon:virtual-machine)[Web Tier] in region1 service db1(carbon:data-base)[Database] in region1 service web2(carbon:virtual-machine)[Web Tier] in region2 service db2(carbon:data-base)[Database] in region2 mesh:R --> L:gw gw:B --> T:web1 web1:R --> L:db1 gw:B --> T:web2 web2:R --> L:db2
多雲應用程式交付
Section titled “多雲應用程式交付”端對端多雲應用程式交付,涵蓋全球負載平衡、安全性及分散式工作負載。
flowchart TD
user@{ icon: 'lucide:globe', label: 'Global Users' }
glb@{ icon: 'f5-brand:network-globe-load-balance', label: 'Global LB' }
shield@{ icon: 'f5-brand:security-firewall-shield', label: 'Security' }
fabric@{ icon: 'f5-brand:app-delivery-fabric', label: 'App Fabric' }
aws@{ icon: 'hashicorp-flight:aws-color', label: 'AWS Workloads' }
azure@{ icon: 'hashicorp-flight:azure-color', label: 'Azure Workloads' }
gcp@{ icon: 'hashicorp-flight:gcp-color', label: 'GCP Workloads' }
user --> glb
glb --> shield
shield --> fabric
fabric --> aws
fabric --> azure
fabric --> gcpDDoS 與邊緣服務
Section titled “DDoS 與邊緣服務”DDoS 清洗架構
Section titled “DDoS 清洗架構”DDoS 清洗中心,具備網路層保護、站台清洗及乾淨流量交付至來源端。
architecture-beta group scrub(f5-brand:network-ddos-protection)[Scrubbing Center] group origin(carbon:cloud-services)[Origin DC] service ddos(f5-brand:network-ddos-protection)[DDoS Protection] in scrub service sitescrub(f5-brand:security-site-scrubbing)[Site Scrubbing] in scrub service clean(f5-brand:network-globe-load-balance)[Clean Pipe] in scrub service lb(carbon:load-balancer-application)[Load Balancer] in origin service app(carbon:application)[Application] in origin service db(carbon:data-base)[Database] in origin ddos:R --> L:sitescrub sitescrub:R --> L:clean clean:R --> L:lb lb:R --> L:app app:B --> T:db
大流量攻擊緩解
Section titled “大流量攻擊緩解”攻擊流量示意圖,展示大流量 DDoS 在抵達來源端之前,於邊緣進行吸收與緩解的過程。
flowchart LR
attacker@{ icon: 'lucide:bug', label: 'Attack Traffic' }
legit@{ icon: 'lucide:user', label: 'Legitimate Users' }
edge@{ icon: 'f5-brand:network-ddos-protection', label: 'DDoS Edge' }
scrub@{ icon: 'f5-brand:security-site-scrubbing', label: 'Scrubbing' }
drop@{ icon: 'f5-brand:security-firewall', label: 'Drop Malicious' }
origin@{ icon: 'carbon:application', label: 'Origin' }
attacker --> edge
legit --> edge
edge --> scrub
scrub --> drop
scrub --> originCDN + DDoS + WAF 分層保護
Section titled “CDN + DDoS + WAF 分層保護”分層邊緣保護,在統一管線中結合 CDN 快取、DDoS 緩解及 WAF 檢測。
architecture-beta group edge(f5-brand:cloud-performance-arrow)[Edge Services] group security(f5-brand:security-firewall-shield)[Security Layer] group app(carbon:cloud-services)[Application] service cdn(f5-brand:cloud-performance-arrow)[CDN] in edge service ddos(f5-brand:network-ddos-protection)[DDoS Protection] in edge service waf(f5-brand:security-firewall-shield)[WAF] in security service shield(f5-brand:security-shield-checkmark)[Shield] in security service web(carbon:application)[Web App] in app service api(carbon:api)[API Service] in app cdn:R --> L:ddos ddos:R --> L:waf waf:R --> L:shield shield:R --> L:web shield:B --> T:api
DNS 與流量管理
Section titled “DNS 與流量管理”具健康狀態監控的 DNS 全球伺服器負載平衡
Section titled “具健康狀態監控的 DNS 全球伺服器負載平衡”以 DNS 為基礎的全球伺服器負載平衡,並對多雲端點進行健康狀態監控。
flowchart TD
user@{ icon: 'lucide:globe', label: 'End Users' }
dns@{ icon: 'f5-brand:network-dns-1', label: 'DNS Management' }
health@{ icon: 'f5-brand:other-site-metrics', label: 'Health Monitor' }
aws@{ icon: 'hashicorp-flight:aws-color', label: 'AWS Origin' }
azure@{ icon: 'hashicorp-flight:azure-color', label: 'Azure Origin' }
gcp@{ icon: 'hashicorp-flight:gcp-color', label: 'GCP Origin' }
user --> dns
dns --> health
health --> aws
health --> azure
health --> gcp
dns --> aws
dns --> azure
dns --> gcpDNS 管理架構
Section titled “DNS 管理架構”DNS 管理基礎設施,具備 DNS 負載平衡及跨雲端區域的防護盾 DNS 保護。
architecture-beta group dnsinfra(f5-brand:network-dns-1)[DNS Infrastructure] group region1(hashicorp-flight:aws-color)[US East] group region2(hashicorp-flight:azure-color)[EU West] service dns(f5-brand:network-dns-load-balance)[DNS Load Balance] in dnsinfra service shielddns(f5-brand:security-shield-dns)[Shield DNS] in dnsinfra service lb1(carbon:load-balancer-application)[Regional LB] in region1 service app1(carbon:virtual-machine)[App Servers] in region1 service lb2(carbon:load-balancer-application)[Regional LB] in region2 service app2(carbon:virtual-machine)[App Servers] in region2 dns:R --> L:shielddns dns:B --> T:lb1 lb1:R --> L:app1 dns:B --> T:lb2 lb2:R --> L:app2
具容錯移轉的智慧型 DNS 負載平衡
Section titled “具容錯移轉的智慧型 DNS 負載平衡”智慧型 DNS 負載平衡,整合雲端 DNS、效能路由及自動容錯移轉。
flowchart LR
client@{ icon: 'lucide:globe', label: 'Client' }
dns@{ icon: 'f5-brand:network-dns-load-balance', label: 'DNS Load Balance' }
cloud@{ icon: 'f5-brand:cloud-dns-load-balance', label: 'Cloud DNS LB' }
primary@{ icon: 'carbon:virtual-machine', label: 'Primary' }
secondary@{ icon: 'carbon:virtual-machine', label: 'Secondary' }
health@{ icon: 'f5-brand:other-site-metrics', label: 'Health Check' }
client --> dns
dns --> cloud
cloud --> primary
cloud -->|Failover| secondary
dns --> health
health --> primary
health --> secondaryAPI 安全性與探索
Section titled “API 安全性與探索”影子 API 探索管線
Section titled “影子 API 探索管線”影子 API 探索管線,透過流量分析與目錄管理偵測未知的 API。
flowchart LR
traffic@{ icon: 'lucide:globe', label: 'API Traffic' }
gw@{ icon: 'f5-brand:network-api-gateway', label: 'API Gateway' }
shadow@{ icon: 'f5-brand:network-shadow-api', label: 'Shadow API Discovery' }
inventory@{ icon: 'f5-brand:network-api-inventory', label: 'API Inventory' }
alert@{ icon: 'f5-brand:other-visibility-eye', label: 'Visibility' }
traffic --> gw
gw --> shadow
shadow --> inventory
inventory --> alertAPI 閘道架構
Section titled “API 閘道架構”API 閘道,透過身份驗證、速率限制及安全性驗證保護後端 API 服務。
architecture-beta group gateway(f5-brand:network-api-gateway)[API Gateway] group backend(carbon:cloud-services)[Backend Services] service apigw(f5-brand:network-api-gateway)[API Gateway] in gateway service auth(f5-brand:security-key-lock)[Authentication] in gateway service rate(f5-brand:network-api)[Rate Limiter] in gateway service shield(f5-brand:security-shield-checkmark)[Schema Check] in gateway service api1(carbon:api)[Users API] in backend service api2(carbon:api)[Orders API] in backend apigw:R --> L:auth auth:R --> L:rate rate:R --> L:shield shield:R --> L:api1 shield:B --> T:api2
API 生命週期:從探索到保護
Section titled “API 生命週期:從探索到保護”API 生命週期管線,從影子 API 探索,經目錄建立,到主動保護。
flowchart TD
apps@{ icon: 'carbon:application', label: 'Applications' }
discover@{ icon: 'f5-brand:network-shadow-api', label: 'Shadow API Discovery' }
inventory@{ icon: 'f5-brand:network-api-inventory', label: 'API Inventory' }
gateway@{ icon: 'f5-brand:network-api-gateway', label: 'API Gateway' }
shield@{ icon: 'f5-brand:security-shield-app-code', label: 'API Protection' }
monitor@{ icon: 'f5-brand:other-site-metrics', label: 'API Metrics' }
apps --> discover
discover --> inventory
inventory --> gateway
gateway --> shield
shield --> monitor平台與可觀測性
Section titled “平台與可觀測性”具 NGINX One 的分散式應用程式
Section titled “具 NGINX One 的分散式應用程式”分散式應用程式平台,具備 NGINX One 管理、Kubernetes 工作負載及集中控制。
architecture-beta group platform(f5-brand:service-f5)[F5 Platform] group compute(carbon:cloud-services)[Compute] service nginx(f5-brand:service-nginx)[NGINX One] in platform service netng(f5-brand:network-nginx)[NGINX Network] in platform service f5svc(f5-brand:service-f5)[F5 Service] in platform service k8s(f5-brand:app-kubernetes)[Kubernetes] in compute service dist(f5-brand:cloud-distributed)[Distributed App] in compute service container(f5-brand:cloud-container-app)[Container App] in compute nginx:R --> L:netng netng:R --> L:f5svc nginx:B --> T:k8s netng:B --> T:dist f5svc:B --> T:container
可觀測性管線
Section titled “可觀測性管線”可觀測性管線,從應用程式收集指標,並產生深入分析、警示及儀表板。
flowchart LR
app1@{ icon: 'carbon:application', label: 'Web App' }
app2@{ icon: 'carbon:api', label: 'API Service' }
metrics@{ icon: 'f5-brand:other-site-metrics', label: 'Metrics Collection' }
eye@{ icon: 'f5-brand:other-visibility-eye', label: 'Visibility' }
llmobs@{ icon: 'f5-brand:ai-llm-observability', label: 'LLM Observability' }
alert@{ icon: 'f5-brand:other-bell', label: 'Alerts' }
app1 --> metrics
app2 --> metrics
metrics --> eye
eye --> llmobs
llmobs --> alert完整平台概覽
Section titled “完整平台概覽”全面的 F5 平台概覽,在統一服務下連接安全性、網路及應用程式交付。
architecture-beta group f5(f5-brand:service-f5)[F5 Service Platform] group security(f5-brand:security-firewall-shield)[Security] group networking(f5-brand:cloud-network-connect)[Networking] service svcf5(f5-brand:service-f5)[F5 Service] in f5 service bigip(f5-brand:service-big-ip-next)[BIG-IP Next] in f5 service obs(f5-brand:other-site-metrics)[Observability] in f5 service fw(f5-brand:security-firewall-shield)[WAF] in security service botd(f5-brand:security-bot-defence)[Bot Defence] in security service ddos(f5-brand:network-ddos-protection)[DDoS] in security service multi(f5-brand:cloud-multi-network)[Multi-Cloud Net] in networking service fabric(f5-brand:app-delivery-fabric)[App Fabric] in networking service nginx(f5-brand:service-nginx)[NGINX One] in networking svcf5:B --> T:fw svcf5:B --> T:multi bigip:B --> T:botd bigip:B --> T:fabric obs:B --> T:ddos obs:B --> T:nginx