F5 ADSP Automation: Distributed Cloud and BIG-IP

Key Concepts

• CI/CD (Continuous Integration/Continuous Deployment): A method to frequently deliver apps to customers by introducing automation into the stages of app development.
• GitOps: An operational framework that takes DevOps best practices used for application development—such as version control, collaboration, compliance, and CI/CD—and applies them to infrastructure automation.
• Declarative Configuration: A style of building systems where you define the desired state of the infrastructure rather than the specific steps to achieve it.
• AS3 (Application Services 3 Extension): A declarative interface for BIG-IP that allows for the automation of application delivery services.
• F5 Distributed Cloud (XC): A SaaS-based platform providing global load balancing and edge security.
• BIG-IP LTM (Local Traffic Manager): A regional application traffic management solution.
• BIG-IP Advanced WAF (Web Application Firewall): A security module that protects applications from sophisticated attacks.

---

Automated CI/CD Workflow for F5 Infrastructure

The video outlines a production-aligned, automated workflow for deploying F5 application delivery and security services within Google Cloud. The architecture leverages a "composable" approach, integrating global and regional components through declarative automation.

1. Architectural Components

• Global Layer: F5 Distributed Cloud handles global load balancing and edge-based Web App and API Protection (WAAP).
• Regional Layer: BIG-IP Virtual Edition (VE) deployed in Google Cloud manages regional traffic and enforces Advanced WAF policies.
• Orchestration: The entire stack is managed via Terraform (Infrastructure as Code) and GitHub Actions (CI/CD pipeline), utilizing a branch-based GitOps workflow.

2. The Deployment Process (Step-by-Step)

The deployment is triggered by pushing code to a specific branch in a GitHub repository. The GitHub Actions pipeline executes the following sequence:

1. Infrastructure Provisioning: Terraform builds the foundational network components, including VPCs, subnets, and firewall rules.
2. Application Deployment: Virtual machines are deployed to host the application (e.g., "Juice Shop" and associated APIs).
3. BIG-IP Configuration: The BIG-IP VE is configured using AS3 declarations. Upon boot, the system retrieves these declarations to automatically provision virtual servers, load balancing pools, and security policies.
4. Distributed Cloud Integration: The final stage involves provisioning the F5 Distributed Cloud components, which register the BIG-IP instance as the origin server and apply edge-level WAF configurations.

3. Verification and Operational State

Post-deployment, the system is verified through two primary interfaces:

• F5 Distributed Cloud Console: Confirms the HTTP load balancer is provisioned, the origin is correctly mapped to the BIG-IP instance, and edge WAF policies are active.
• BIG-IP Management: Confirms the virtual server is online, the AS3 declaration has been successfully applied, and the Advanced WAF policy is actively protecting the application.

4. Key Arguments and Strategic Value

The presentation emphasizes that as workloads become increasingly distributed across diverse environments, organizations require a unified architecture. By using a declarative, GitOps-driven approach, F5 enables:

• Consistency: Reducing human error by treating infrastructure as code.
• Speed: Accelerating deployment cycles through automated CI/CD pipelines.
• Security: Integrating security (WAF) directly into the deployment lifecycle rather than treating it as an afterthought.

Conclusion

The F5 platform provides a robust framework for unifying global traffic management and advanced security. By utilizing Terraform and GitHub Actions to orchestrate BIG-IP and Distributed Cloud, organizations can achieve a fully automated, scalable, and secure production environment that supports modern, multi-environment application architectures.