What’s new in BIG-IP version 16.0

BIG-IP version 16 is still far away for production environments from my point of view. Today, I usually install version 14 in new deployments and, I think, version 15 will be ready for production next year. However, I like to know new features and enhancements in new version. I wrote about What’s new in BIG-IP version 14.0 and What’s new in BIG-IP version 15 to know new features and enhancements which are used today and it will be used next year. Therefore, I’ve been reading this week about the new BIG-IP version that it will be installed probably in two years.

I’ve already written about HTTP/2 and Moving the Web from TCP to UDP. I’ve also written about Mutipath TCP and MPTCP Security, and I’ve even recorded a POC Multipath TCP. BIG-IP supports HTTP/2 but what’s amazing is BIG-IP version 16 also supports HTTP/3. I’ll write about it deeply next week but I would like to highlight HTTP/3 fixes the performance issues of HTTP/2 and it supports 0-RTT connection resumption. Therefore, BIG-IP version 16 provides a turnkey solution by converting HTTP/3 requests from clients to HTTP/1 and HTTP/2 requests to backend servers.

HTTP/2 vs HTTP/3

BIG-IP version 16 has lots of new features for BIG-IP APM. For instance, the Advanced Guide Configuration has been improved to Simplified Guided Access where we can deploy mission critical apps with Microsoft Azure AD easily. Another interesting feature is Identity Aware Proxy (IAP) Webtop which simplifies application access to end users with a single catalog of their applications. F5 Edge Client has also been improved. The F5 Edge Client supports DTLS 1.2 and it also supports SSO across remote access (SSL VPN) and web applications. There are many improvements in BIG-IP APM.

Identity Aware Proxy Webtop

The BIG-IP version 16 has also been improved a lot the BIG-IP AWAF. The new version supports Web Socket Compression traffic in real time to analyze the payload and recompress without increasing network traffic. This version of Advanced WAF enables HTTP Desync mitigation, which enables customers to protect against Desync or similar attacks. In addition, there is a new role to restrict WAF Log Access. This is an interesting feature to reduce exposure of potentially sensitive WAF log data. There are many more new features for BIG-IP WAF in this new version.

Web Guided Configuration for Micro Services

You can see there are lots of new features and enhancements in the BIG-IP version 16 for APM and WAF but there are also many new features for SSL Orchestrator (SSLO) and BIG-IP AFM. For example, Secure Web Gateway (SWG) as an SSL Orchestrator service can be configured in SSLO and Datagroup is also supported in SSLO. On the other hand, BIG-IP AFM VE with SmartNICs can improve DDoS mitigation capacity by up to 300x compared to High Performance AFM VE on its own. To sum up, BIG-IP version 16 has lots of new improvements which can be already tested but we’ll have to wait at least one year to be ready for production environments.

F5 VE SmartNIC

Thanks my friends!! Would you like to test this new version? I do!