Products Home > F5 > DNS


BIG-IP i4600 DNS (32 GB Memory, Global Server Load Balancing, DNS Services, DNSSEC, Advanced Routing)
Description Specifications Platforms Services

Hyperscale and Protect Your DNS While Optimizing Global App Delivery

Scaling and securing every environment helps protect your business from site outages and improves DNS and application performance. Securing DNS infrastructures from the latest distributed denial-of-service (DDoS) attacks and protecting DNS query responses from cache-poisoning redirects will help keep your business online and viable. But to fully achieve these goals, you need efficient ways to monitor DNS infrastructure and application health and to scale on demand to meet exact requirements.

F5® BIG-IP® DNS (formerly BIG-IP® Global Traffic Manager™) distributes DNS and user application requests based on business policies, data center and cloud service conditions, user location, and application performance. The BIG-IP platform delivers F5’s high-performance DNS services with visibility, reporting, and analysis; hyperscales and secures DNS responses geographically to survive DDoS attacks; delivers a complete, real-time DNSSEC solution; and ensures high availability of global applications in all hybrid environments.

Key Benefits

Hyperscale DNS up to 100 million RPS with a fully loaded chassis
BIG-IP DNS hyperscales authoritative DNS up to 100 million query responses per second (RPS) and controls DNS traffic. It ensures that users are connected to the best site and delivers on-demand scaling for DNS and global apps.

Protect against DNS attacks and ensure availability
Ensure DNS and application availability and protection during DNS DDoS attacks or volume spikes. In addition, mitigate DNS threats by blocking access to malicious IP domains.

Improve global application performance
Send users to the site with the best application performance based on application, geolocation, business, and network conditions.

Deploy flexibly, scale as you grow, and manage your network efficiently
BIG-IP DNS delivers flexible global application management in virtual and cloud environments. The web-based UI provides easy DNS configuration with centralized menus; advanced logging, statistics, and reporting; and a single point of control for your DNS and global app delivery requirements.

F5 BIG-IP DNS Solutions

Unmatched DNS Performance

BIG‑IP DNS delivers hyperscale performance that can handle even the busiest sites. When sites have a volume spike in DNS queries due to legitimate requests or DDoS attacks, BIG-IP DNS manages requests with multicore processing and F5 DNS Express™, dramatically increasing authoritative DNS performance up to 50 million RPS to quickly respond to all queries.

This helps your organization provide the best quality of service (QoS) for your users while eliminating poor application performance. DNS Express improves standard DNS server functions by offloading DNS responses as an authoritative DNS server. BIG-IP DNS accepts zone transfers of DNS records from the primary DNS server and answers DNS queries authoritatively.

Benefits and features of multicore processing and DNS Express include:

• High-speed response and DDoS attack protection with in-memory DNS
• Authoritative DNS replication in multiple BIG-IP or DNS service deployments for faster responses
• Authoritative DNS and DNSSEC in virtual clouds for disaster recovery and fast,secure responses
• Scalable DNS performance for quality of app and service experience
• The ability to consolidate DNS servers and increase ROI

In cases of very high volumes for apps and services or a DNS DDoS attack, BIG-IP DNS hyperscales in Rapid Response Mode (RRM) up to 100 million RPS. It extends availability with unmatched performance and security—absorbing and responding to queries at up
to 200 percent of the normal limits. See page 13 for performance metrics and details.

DNS Caching and Resolving

DNS latency can be reduced by enabling a DNS cache on BIG-IP DNS and having it respond immediately to client requests. BIG-IP DNS can consolidate the cache and increase the cache hit rate. This reduces DNS latency up to 80 percent, with F5 DNS caching reducing the number of DNS queries for the same site. When used in hardware on the F5 VIPRION platform, DNS caching hyperscales for ultimate query response performance. In addition to caching, BIG-IP DNS allows the device to do its own DNS resolving without requiring the use of an upstream DNS resolver.

Caching profiles available to select for multiple caches include:

• Transparent cache
• BIG-IP DNS site between client and DNS internal/external
• Hot cache
• Caching resolver
• No cache response so that BIG-IP DNS sends out the request with the response coming back for resolving and caching
• Validating caching resolver

BIG-IP DNS supports all common DNS deployments that are either authoritative or local resolver DNS. Specific zone requests not cached are forwarded to name servers for faster DNS resolving, allowing users to receive expedient responses.

BIG-IP DNS reduces the average DNS response time and latency for mobile and desktop devices from an average of 300 milliseconds (ms) and 100 ms respectively to as little as 15 ms, depending on workloads.

Secure Applications

DNS denial-of-service attacks, cache poisoning, and DNS hijacking threaten the availability and security of your applications. BIG-IP DNS protects against DNS attacks and enables you to create polices that provide an added layer of protection for your applications and data.

DNS attack protection features include:

  • Hardened device—BIG-IP DNS is ICSA Labs Certified as a network firewall and resists common teardrop, ICMP, or daemon attacks.
  • DNS attack protection—BIG-IP DNS offers built-in protocol validation in software to automatically drop high-volume UDP, DNS query, NXDOMAIN floods, and malformed packets. You can also use BIG-IP DNS in hardware to mitigate these high-volume attacks.
  • DNS load balancing—The BIG-IP platform can be used to front-end static DNS servers. If the DNS request is for a name controlled by the BIG-IP platform, F5 DNS services will answer the request.
  • Security control—F5 iRules for DNS can help you create policies that block requests from rogue sites.
  • Packet filtering—BIG-IP DNS uses packet filtering to limit or deny websites’ access based on source, destination, or port.

DNS firewall

DNS DDoS, cache poisoning of LDNS, and other unwanted DNS attacks and volume spikes can cause DNS outage and lost productivity. These attacks and traffic spikes increase volume dramatically and can take down DNS servers.

BIG-IP DNS, with security, scale, performance, and control functionality, provides DNS firewall benefits. It shields DNS from attacks such as reflection or amplification DDoS attacks and other undesired DNS queries and responses that reduce DNS performance. In addition, you can mitigate complex DNS security threats by blocking access to malicious IP domains with Response Policy Zones. With BIG-IP DNS, you can install a third-party domain filtering service such as SURBL or Spamhaus and prevent client infection or intercept infected responses to known sources of malware and viruses. F5 DNS firewall services reduce the costs of infection resolution and increase user productivity.

Lower your risk of malware and virus communication and mitigate DNS threats by blocking access to malicious IP domains with a domain reputation service such as SURBL or Spamhaus.

F5 DNS firewall services include:

  • Protocol inspection and validation
  • DNS record type ACL*
  • High-performance authoritative DNS, which scales responses exponentially
  • Authoritative DNS hyperscaling up to 200 percent to absorb DDoS attacks
  • Reducing latency and hyperscaling DNS caching
  • DNS load balancing
  • Stateful inspection (never accepts unsolicited responses)
  • ICSA Labs certification (can be deployed in the DMZ)
  • The ability to scale across devices using IP Anycast
  • Secure responses (DNSSEC)
  • DNSSEC response rate limits
  • Complete DNS control using DNS iRules
  • DDoS threshold alerting*
  • Threat mitigation by blocking access to malicious IP domains
  • DNS logging and reporting
  • Hardened F5 DNS code (not BIND protocol)

*Requires provisioning BIG-IP Advanced Firewall Manager™ to access functionality.

BIG-IP DNS keeps apps available with firewall services protecting DNS infrastructure from highvolume attacks and malformed packets.

Complete DNSSEC signing

With BIG-IP DNSSEC support, you can digitally sign and encrypt your DNS query responses. This enables the resolver to determine the authenticity of the response, preventing DNS hijacking and cache poisoning. In addition, receive all the benefits of global server load balancing while also securing your DNS query responses. Alternatively, if a zone has already been signed, BIG-IP DNS manages static DNSSEC responses for higher performance.

Centralized DNSSEC key management

Many IT organizations have or want to standardize on FIPS-compliant devices and secure DNSSEC keys. You can use BIG-IP DNS with FIPS cards that provide 140-2 support for securing your keys. In addition, BIG-IP DNS integrates and uses hardware security modules (HSMs) from Thales for implementation, centralized management, and secure handling of DNSSEC keys, reducing OpEx and delivering consolidation and FIPS compliance.

Top-level domain support for DNSSEC

For DNS administrators who want to delegate to other secure sub-domains, BIG-IP DNS allows easy management of DNSSEC as a top-level domain, becoming a parent zone.

DNS SEC validation

In most networks, DNS resolvers offload DNSSEC record requests and crypto calculations to validate that the DNS response being received is correctly signed. DNSSEC responses coming into the network require high CPU loads on DNS resolving servers.

With BIG-IP DNSSEC validation, administrators can easily offload and validate DNSSEC on the client side using BIG-IP DNS for resolving. This results in superior DNS performance and a dramatic increase in the site response to users.

Globally Available Applications

BIG‑IP DNS offers global application availability and sophisticated health monitoring that support a wide variety of application types, giving organizations the flexibility to adapt quickly and stay competitive.

These global availability and health monitoring features include:
Global load balancing—BIG-IP DNS provides comprehensive, high-performance application management for hybrid environments.
Dynamic ratio load balancing—BIG-IP DNS routes users to the best resource based on site and network metrics (for example, based on the number of hops between the client and the local DNS).
Wide area persistence—To ensure user connections persist across apps and data centers, BIG-IP DNS synchronizes data, propagates local DNS, and maintains
session integrity.
Geographic load balancing—BIG-IP DNS includes an IP database identifying location at the continent, country, and state/province level to connect users to the closest app or service for the best performance.
Custom topology mapping—With BIG-IP DNS, organizations can set up custom topology maps. By defining and saving custom region groupings, you can configure topology based on intranet app traffic policies that match your internal infrastructure.
Infrastructure monitoring—BIG-IP DNS checks entire infrastructure health, eliminating single points of failure and routing app traffic away from poorly performing sites.

BIG‑IP DNS ensures users are always connected to the best site.
(1) User queries local DNS to resolve domain, and local DNS queries BIG‑IP DNS.
(2) BIG‑IP DNS uses metrics collected for each site and identifies the best server.
(3) BIG‑IP DNS responds to local DNS with IP address.
(4) User is connected to site.

Application health monitoring

BIG-IP DNS improves the application experience by intelligently monitoring the availability of resources. It expands application resilience by flexibly selecting and using the best available BIG-IP solutions for health monitoring. BIG-IP DNS reduces application downtime and enables easy availability with multiple settings in application monitoring.

Today’s sophisticated applications require intelligent health checks to determine availability. Instead of relying on a single health check, BIG‑IP DNS aggregates multiple monitors so that you can check the application state at multiple levels. This results in the highest availability, improves reliability, and eliminates false positives to reduce management overhead.

BIG‑IP DNS provides pre-defined, out-of-the-box health monitoring support for more than 18 different applications, including SAP, Oracle, LDAP, and mySQL. BIG‑IP DNS performs targeted monitoring of these applications to accurately determine their health, reduce downtime, and improve the user experience.

Disaster recovery/business continuity planning

In addition to performing comprehensive site availability checks, you can define the conditions for shifting all traffic to a backup data center, failing over an entire site, or controlling only the affected applications.

Simple Management

Managing a distributed, multiple-site network from a single point is an enormous challenge. BIG-IP DNS provides tools that give you a global view of your infrastructure with the means to manage the network and add polices to ensure the highest availability for your businesscritical applications. Features include:

Reduce DNS delivery deployment time with centralized and easy-to-find configuration and management sequences.

  • Web-based user interface—Manage global infrastructure from a centralized UI using:
    • Streamlined and centralized DNS and GSLB menus for fast configuration.
    • Efficient list and object management for complete visibility of global resources.
    • Unique naming of objects to reduce administration and build business policies.
    • Enhanced management of distributed applications as part of one collective group.
    • Context-sensitive help for information on objects, commands, and configuration examples.
  • Powerful command-line interface—The TMSH command-line interface delivers integrated search, context-sensitive help, and batch-mode transactions.
  • Automated setup and synchronization—Autosync automates and secures multiple BIG-IP DNS devices, eliminating difficult hierarchical management common to DNS.
  • Improves scale and analysis with unlimited N+1 devices—In a failover situation, when BIG-IP DNS services are part of a Device Service Cluster (DSC) group, the BIG-IP solution performs at its peak capacity—across all appliances or virtual editions synced with DNS and GSLB services. BIG-IP DNS provides highly scalable apps and services, performing smart analysis on all incoming traffic to better understand patterns and anomalies.
  • Scalable and optimized GSLB configurations—Incremental Sync delivers high performance for large deployments. With more devices synced, configuration changes transpire rapidly. For large deployments with GSLB configurations and rapid user changes, you can protect changes by manually saving when most convenient.
  • Configuration retrieval—AutoDiscovery enables retrieved configurations from distributed BIG-IP instances, removing repeat configurations across devices.
  • Data center and sync groups—Create logical groups of network equipment to ensure efficient use of monitoring and metrics collection for intelligently sharing with members in the logical group.
  • Distributed application management—You can define dependencies between application services and manage them as a group, building scalable traffic distribution policies and improving efficiency with granular control of objects.
  • iRules—Use the F5 iRules scripting language to customize the distribution of global traffic. BIG-IP DNS looks deep inside DNS traffic to customize app traffic to the desired data center, pool, or virtual server. This reduces latency, increases attack protection, and improves performance.
  • Customize traffic with QoS—Design traffic decisions and easily develop custom load balancing algorithms using quality of service metrics in iRules, such as round trip time, hops, hit ratio, packet rate, topology, and more.
  • DNS iRules—Manage DNS queries, responses, and actions for a fast, customized DNS infrastructure. For instance, configure DNS iRules with filtering for protection and reporting.
  • F5 ZoneRunner—ZoneRunner is an integrated DNS zone file management tool that simplifies and reduces the risk of misconfiguration. Built on the latest version of BIND, ZoneRunner provides:
    • Auto population of commonly used protocols.
    • Validation/error checking for zone file entries.
    • Zone importation from an external server or a file.
    • Automatic reverse lookups.
    • Easy creation, editing, and searching of all records.
    • Easy management of NAPTR records for LTE and 4G requirements.

DNS health monitor

The DNS health monitor available in BIG-IP DNS and BIG-IP Local Traffic Manager (LTM) monitors DNS server health and helps configure DNS based on reporting. The DNS health monitor detects whether the servers are operating at peak performance and helps in reconfiguring for optimal responses.

High-speed logging

You can easily manage DNS and global app logging for fast network visibility and planning. High-speed logging of DNS queries and responses, syslog, and global server load balancing decision logs improve information on data to enable fast network recognition with quick, deep search and display.

Enhanced DNS detailed statistics

BIG-IP DNS delivers advanced DNS statistics for administrators, with enhanced detailed data for profiles such as query type counts (A, CNAME, NS, RRSIG, AAAA, SRV, and “other” types) with requests, responses, and percentage counts. Stats are per profile and per device global count for fast visibility and capacity planning of DNS delivery infrastructure. DNS detail stats are viewable in DNS profile or in analytics reporting.

Advanced DNS reporting and analytics

F5 Analytics provides advanced DNS reporting and analysis of applications, virtual servers, query names, query types, client IPs, top requested names, and more for business intelligence, capacity planning, ROI reporting, troubleshooting, performance metrics, and tuning, enabling maximum optimization of the DNS and global app infrastructure.

Administrators can easily manage DNS using analytics with advanced reporting and analysis of actions for fast visibility of DNS delivery and infrastructure.

F5 Enterprise Manager

Enterprise Manager can help you significantly reduce the cost and complexity of managing multiple F5 devices. You gain a single-pane view of your entire application delivery infrastructure and the tools you need to reduce deployment times, eliminate redundant tasks, and efficiently scale your infrastructure to meet your business needs.

Network Integration

BIG-IP DNS is designed to fit into your current network and into your plans for the future. Integration features include:

  • SNMP management application support—BIG-IP DNS integrates its MIBs and an SNMP agent with DNS. This enables SNMP management applications to read statistical data about BIG-IP DNS performance.
  • Third-party integration—BIG-IP DNS communicates and integrates with a broad array of network devices. This includes support for various types of remote hosts, such as SNMP agents, third-party caches, servers, routers, and load balancers to diagnose the health of network endpoints.
  • IPv6/IPv4 support—Ease the transition to IPv6 by providing DNS gateway and translation services for hybrid IPv6 and IPv4 solutions, and manage IPv6 and IPv4 DNS servers. BIGIP LTM configured with NAT64 transforms IPv6 to IPv4 for those IPv4-only environments.
  • IP Anycast integration—DNS query volumes directed to one IP address, whether legitimate or during a DoS attack, are easily managed by distributing the load among multiple geographic BIG-IP DNS devices. Network managers realize these benefits:
    - Improved user performance and reliability
    - Reduced network latency for DNS transactions
    - Ability to scale DNS infrastructure to manage DNS request load to one IP address
    - Lower rates of dropped query packets, reducing DNS timeouts/retries
    - Increased revenue by servicing more users and protecting brand equity
  • Global server load balancing in virtual and cloud environments—Easily spin up virtual instances of BIG-IP DNS. Provide flexible DNS delivery and global application availability by routing users to applications in physical, virtual, and cloud environments.

BIG-IP DNS and IP Anycast integration distributes the DNS request load by directing single IP requests to multiple local devices.

DNS Query RPS Maximum Performance

BIG-IP DNS services deliver query response per second (RPS) with high performance scalability. The table below lists many BIG-IP platforms with DNS Express enabled for authoritative DNS query response with the maximum capabilities per platform.

BIG-IP DNS Virtual Edition is available in increments of 250,000 RPS. For 5050s and above, Rapid Response Mode (RRM—see page 2) delivers up to 200 percent of normal max query RPS when turned on. See F5 Sales or reseller for details.

F5 BIG-IP i4600 i4800 Hardware Datasheet
The mid-range BIG-IP i4000 series ADC platform offers exceptional performance that meets most small-to-medium enterprise and organization application and security service requirements. This series features the latest 4-Core Intel Xeon CPU, 32GB DDR4 RAM, a 500GB enterprise-class hard drive, eight 1GbE fiber ports, and four 10GbE SFP+ ports. The i4800 provides double the Layer 4 throughput, 2.8x the Layer 4 concurrent connections, and 2.2x the SSL TPS than previous comparable models.
Specifications i4600 i4800
Intelligent Traffic
L7 requests per second: 650K
L4 connections per second: 250K
L4 HTTP requests per second: 1M
Maximum L4 concurrent connections: 28M
Throughput: 20 Gbps L4/L7
L7 requests per second: 1.1M
L4 connections per second: 450K
L4 HTTP requests per second: 2M
Maximum L4 concurrent connections: 28M
Throughput: 20 Gbps L4/L7
Hardware Offload SSL/TLS: ECC†: 6.5K TPS (ECDSA P-256)
RSA: 10K TPS (2K Keys)
10 Gbps bulk encryption*
ECC†: 10K TPS (ECDSA P-256)
RSA: 20K TPS (2K Keys)
15 Gbps bulk encryption*
Hardware Compression: N/A 10 Gbps
Hardware DDoS Protection: N/A N/A
TurboFlex Performance Profiles N/A Tier 2
Software Compression: 6 Gbps N/A
Software Architecture: 64-bit TMOS 64-bit TMOS
On-Demand Upgradable: Yes N/A
Virtualization (Maximum Number of vCMP® Guests): N/A N/A
Processor: One 4-Core Intel Xeon processor (total 8 hyperthreaded logical processor cores) One 4-Core Intel Xeon processor (total 8 hyperthreaded logical processor cores)
Memory: 32 GB DDR4 32 GB DDR4
Hard Drive: 1x 500 GB Enterprise Class HDD 1x 500 GB Enterprise Class HDD
Gigabit Ethernet CU Ports: Optional SFP Optional SFP
Gigabit Fiber Ports (SFP): 8 SX or LX (sold separately) 8 SX or LX (sold separately)
10 Gigabit Fiber Ports (SFP+): 4 SR/LR (sold separately); optional 10G copper direct attach 4 SR/LR (sold separately); optional 10G copper direct attach
40 Gigabit Fiber Ports (QSFP+): N/A N/A
Power Supply: 1x 250W Platinum AC PSU (Additional PSU optional, 2x 650W DC PSU optional) 1x 250W Platinum AC PSU (Additional PSU optional, 2x 650W DC PSU optional)
Typical Consumption: 130W (single power supply, 110V input)** 130W (single power supply, 110V input)**
Input Voltage: 100–240 VAC +/- 10% auto switching, 50/60hz 100-240 VAC +/- 10% auto switching, 50/60hz
Typical Heat Output: 445 BTU/hour (single power supply, 110V input)** 445 BTU/hour (single power supply, 110V input)**
Dimensions: 1.72” (4.37 cm) H x 17.4” (44.2 cm) W x 30.6” (77.72 cm) D
1U industry standard rack-mount chassis
1.72″ (4.37 cm) H x 17.4″ (44.2 cm) W x 30.6″ (77.72 cm) D
1U industrial standard rack-mount chassis
Weight: 20 lbs. (11.8 kg) (dual power supply) 20 lbs. (11.8 kg) (dual power supply)
Operating Temperature: 32° to 104° F (0° to 40° C) 32° to 104° F (0° to 40° C)
Operational Relative Humidity: 5 to 85% at 40º C 5 to 85% at 40° C
Safety Agency Approval: ANSI/UL 60950-1-2014
CSA 60950-1-07, including A1:2011+A2:2014
IEC 60950-1:2005, A1:2009+A2:2013
EN 60950-1:2006+A11:2009+A1:2010+A12:2011+A2:2013
ANSI/UL 60950-1-2014
CSA 60950-1-07, including A1:2011+A2:2014
IEC 60950-1:2005, A1:2009+A2:2013
EN 60950-1:2006+A11:2009+A1:2010+A12:2011+A2:2013
Susceptibility Standards:
ETSI EN 300 386 V1.6.1 (2012)
EN 55032:2012 Class A; EN 61000-3-2:2014
EN 61000-3-3:2013; EN 55024:2010
FCC Class A (Part 15), IC Class A, VCCI Class A
ETSI EN 300 386 V1.6.1 (2012)
EN 55032:2012 Class A; EN 61000-3-2:2014
EN 61000-3-3:2013; EN 55024:2010
FCC Class A (Part 15), IC Class A, VCCI Class A

*Maximum throughput.
**Please refer to the 
Platform Guide: i4000 Series for the latest power ratings for your specific configurations (dual power supplies, highline input voltage, DC, etc.).
Notes: Performance-related numbers are based on local traffic management services only. Only optics provided by F5 are supported. SFP+ ports in i10800, i10600, i7800, i7600, i5800, and i5600
are compatible with F5 SFP modules.
† ECDHE-ECDSA-AES128-SHA256 cipher string tested.

BIG-IP Platforms:
Only F5’s next-generation, cloud-ready ADC platform provides DevOps-like agility with the scale, security depth, and investment protection needed for both established and emerging apps. The new BIG-IP iSeries appliances deliver quick and easy programmability, ecosystem-friendly orchestration, and record-breaking, software-defined hardware performance. As a result, customers can accelerate private clouds and secure critical data at scale while lowering TCO and future-proofing their application infrastructures. F5 solutions can be rapidly deployed via integrations with open source configuration management tools and orchestration systems. 

In addition to the iSeries, F5 offers VIPRION modular chassis and blade systems designed specifically for performance and for true on-demand linear scalability without business disruption. VIPRION systems leverage F5’s ScaleN clustering technology so you can add blades without reconfiguring or rebooting.

Virtual editions of BIG-IP software run on commodity servers and support the range of hypervisors and performance requirements. These virtual editions provide agility, mobility, and fast deployment of app services in software-defined data centers and cloud environments.

F5 platforms can be managed via a single pane of glass with BIG-IQ Centralized Management.

The core technology behind F5 Networks is the BIG-IP TMOS software. When people talk about the software modules like GTM, LTM, APM, ASM etc etc - they are referring to the logical software modules that run on the BIG-IP Traffic Management Operating System (TMOS) Software. To be clear, they are not individual hardware modules, ie you don't buy another card to add a module, it's all logical licensing. You can use the software on a dedicated Hardware Appliance, Virtual Machine (VM), or you can even use F5's Software as a Service cloud offering and let F5s dedicated NOC do all the heavy lifting with their Silverline DDoS & WAF Services.

BIG-IP iSeries Hardware Platforms

BIG-IP 2000 iSeries BIG-IP 4000 iSeries BIG-IP 5000 iSeries
BIG-IP 7000 iSeries BIG-IP 10000 iSeries BIG-IP 11000 iSeries

BIG-IP Standard Hardware Platforms

BIG-IP 2000 Series BIG-IP 4000 Series BIG-IP 5000 Series
BIG-IP 7000 Series BIG-IP 10000 Series BIG-IP 12000 Series

Viprion Chassis and Blades Hardware Platforms


VIPRION 4800 VIPRION 2000 Series Blades VIPRION 4000 Series Blades

Virtual Editions

F5 BIG-IP Virtual edition is a great option when flexibility is needed in a deployment, allowing customers to spin up environments on demand. Whether it's on your premise saving real estate & cooling costs, or in a cloud offering like Amazon Web Services - the F5 VE can be a great option to deploy BIG-IP. You can run every BIG-IP module on F5 Virtual Editions - which can be deployed on all the leading hypervisors.

The F5 VE is priced by throughput, and can be purchased for individual modules, or you can take advantage of the new good, better, best pricing model. Throughput Options below:

F5 Silverline Cloud-Based Application Services Platform

F5 now offers enterprises the ultimate in scalability and agility by offering pieces of the BIG-IP as a cloud based solution via F5s Silverline Services. Currently F5 is offering DDoS protection and Web Application Firewall services via Silverline. Stay tuned - more services are sure to be offered soon.

Professional Services
We offer enterprise class F5 Professional Services / Consulting & Support around the LTM, GTM / DNS, AFM, APM, & ASM F5 BIG-IP modules. From quick on demand iRule development & support with short time-lines, to very large complex load balancing implementations, our engineering team will go above and beyond to meet & exceed your expectations. Our primary vendor focus is F5 Networks, though over the years our client migrations to F5 Networks have drove us to master all the major players in in the industry.

Our Certified Engineers are not only experts in F5 Networks, we deeply understand Citrix Netscalers, A10 Networks AX series, Cisco CSS / Local Directors, & cloud Load Balancing technologies like Amazon Web Service (AWS) – Elastic Load Balancing & Route 53. Though we will not sell and support other ADC technologies, you can rest assured our experts are trained to dissect their configurations for migrations to the next level ADC F5 Networks provides.


Design & Planning ● New Environments
Need an architect’s guidance on exactly how to migrate your environment to the next level in Application Delivery Technology? Let our Engineers guide you through the exciting world of Application Delivery and help you design an architecture that is in line with your applications and organizations goals.
● Existing Environments
Already have some Application Delivery Technology in place? We can help Document your current Network, and identify opportunities to improve and optimize your existing architecture.
Implementations ● New Installs
We’ll discuss and capture all your requirements and provide you with detailed documentation on exactly how we’re going to reach your goals.
● Upgrades / Downgrades
Upgrading and Downgrading hardware can be very risky if proper procedures are not followed. Let us follow our proven strategies for successful upgrades to get you to that next level of code and or new Hardware.
● Migrations
Lab Staging -We can stage your changes in our lab to overcome any hurdles prior to implementation.Back out Strategies – Full back out strategies and scripts are provided to ensure a smooth cut back if needed.
Configuration Optimization
Ensure your environment is running as efficient and as securely as possible. Studying the surrounding network and picking your configurations apart line by line we’ll provide you with a full analysis report identifying open risks and opportunities for improvements.
Application Deployment When deploying new applications significant consideration needs to be taken around the load balancing technology available. Let us interface your application team to ensure your new application is taking advantage of all the features & resiliency your Application Delivery Controllers offer.

Consulting Services
The best onsite or remote consulting services for F5 Networks Products.

Our dedicated team of professionals is available to provide you with the best security solution available. We offer (onsite or remote) hourly contract consultative assistance services.

Services Include:

  • Advanced network infrastructure analysis
  • Security policy consultation
  • On-site security appliance installation
  • Hardware & software product recommendations & sales
  • Custom application development
  • System administration


Simplified Licensing
  • Meeting your applications’ needs in a dynamic environment has never been easier. F5’s Good, Better, Best provides you with the flexibility to provision advanced modules on-demand, at the best value.
  • Decide what solutions are right for your application’s environment with F5’s reference architectures.
  • Provision the modules needed to run your applications with F5’s Good, Better, Best offerings.
  • Implement complete application flexibility with the ability to deploy your modules on a virtual or physical platform. 



Order Fulfillment and Delivery Policies

Orders placed before 4:15pm (PST) Monday through Friday will be shipped out the day they were placed. Orders placed after 4:15pm (PST) Monday through Thursday will be shipped out the next day. Orders placed after 4:15pm (PST) on Friday will be shipped out the following Monday. Orders placed on a holiday will be shipped out the following non-holiday business day.

Shipping Carriers:

Orders are shipped primarily by UPS and FedEx, but we may use DHL, USPS or other freight carrier at our discretion. In addition, we may use any available service to ship orders if delivery time is not negatively affected (example: A customer who is located near our warehouse orders an item via 2nd day shipping, but it is shipped via ground because it will take 2 days or less for the ground package to arrive.)

Shipping Rates:

We charge flat rates for domestic orders placed on our website; however, if a shipment is unusually heavy, the charge of shipping may be increased. In the event of a shipping charge increase, the customer will be contacted first and a shipping price will be negotiated. Please note that some items may be shipped out of different locations, and Ground delivery times may vary.

The above rates do not apply to international orders. Please contact us when placing an international order to obtain a shipping quote. You may provide us with your own shipping account number and designated shipping carrier .

Late Shipments:

If your shipment arrives late, you must notify us within 14 days (including non-business days) of delivery in order to be eligible for a refund. Please note that because other factors may play a part in delayed shipments, shipping refunds are approved on a case-by-case basis.

Electronic Delivery:

Certain products may be available for electronic delivery via email. These products include software activation codes and license keys. Certain restrictions may apply.

Return Policy

Return Policy Notice
By placing an order on this web site, you indicate that you have read and agree to the following return policies and conditions. 

Returns Must Meet ALL Applicable Criteria:

  • If your returned product does not match all applicable criteria listed below, it will be rejected by our Returns Warehouse and returned back to you at your cost. Consequently, your RMA will be nullified, any credit request will be denied, replacement orders will not be made, and you will be charged for all shipping to and from our Returns Warehouse that may be incurred by Virtual Graffiti, Inc. By requesting an RMA and/or shipping a return in violation of this policy you hereby agree to accept our shipment of the return back to you and to the payment of all shipping costs to and from our Returns Warehouse. Our arrangements with our suppliers and manufacturers allow us no room to make exceptions.

Basic Criteria:

All returns must include the following:

  1. Original packaging (manufacturer's box, styrofoam, plastic bags, etc.)
  2. Original intact UPC barcode. Do not cut out the UPC code (for rebates) until you have examined and tested the product to your satisfaction. Removal of the UPC code voids any possibility of return regardless of RMA or credit request status.
  3. Valid Return Merchandise Authorization (RMA).
  4. Original packing slip. Do not mail or dispose of the packing slip (for rebates) until you have examined and tested the product to your satisfaction.
  5. The return must be complete and include all accessories (transformers, antennas, remote controls, batteries, software disks, etc.)
  6. Manufacturer documentation (manuals, warranty cards, registration information, etc.)
  7. The RMA number must not be written on the original manufacturer's packaging or box. Please write the RMA number on the label used to return the item or the brown shipping box. Items received with any writing on the original manufacturer's packaging or box will be refused and returned to you at your cost and without credit approval.

Basic Return Policy:

  • Unless otherwise stated below, you have 30 days from the date your product left the warehouse (regardless of when you actually took delivery of the product) to get a valid RMA from our website and get your product to a shipper to return back to us. It does not have to be back in our warehouse within 30 days, but it does have to be in the possession of the shipper (along with the valid RMA). RMAs must be valid, unexpired, and issued for the product being returned. Only one RMA is issued per return. When it expires, you may no longer return your product.
  • If you are ineligible for an RMA, contact the manufacturer directly or check any applicable warranty you might have. See the Manufacturer Contact List at the bottom of this page.
  • Except as provided for verified defective products (See Special Returns Policy for Defective Products below), you will be responsible for all shipping charges for returns sent to our Returns Warehouse.
  • All products are subject to a 15% restocking fee (except where prohibited by law) if returned opened or in a non-factory sealed box, provided that there is no restocking fee for defective products (see Special Returns Policy for Defective Products below).
  • Upon our acceptance of the merchandise in like new condition in strict conformance with the basic criteria and basic returns policy, the purchase price will be credited to the credit card used for the original purchase.
  • Please allow up to fourteen days from shipment for your return to arrive at our Returns Warehouse, delivery times vary based on shipper selected. Your return will be processed within 5-7 business days (excluding Saturdays, Sundays, and holidays) after receipt of the item.
  • Many of the items we sell have Special Return Policies. See the appropriate policy below to see if items you purchase are affected.
  • The risk of loss for the product being returned shall be with you at all times during the shipment of such product to the returns center and with respect to any shipments from the returns center back to you, the original distributor or manufacturer, or any buyer through the liquidation process. Title to the product being returned will remain with you at all times and transfer from you to the original distributor, or a third party in the case of a liquidation of the return, only upon receipt of the products by such distributors or buyers.

Defective Products:

  • Defective products can only be returned in exchange for the exact same product, or at the sole discretion of Virtual Graffiti, Inc, the purchase price will be credited to the credit card used for the original purchase. Defective products may only be returned within 30 days of the date your product left the warehouse (regardless of when you actually took delivery of the product).
  • Once your return is processed, and is verified to meet the basic criteria above and to be defective, your replacement order will be sent to fulfillment. How quickly your replacement product ships after that depends on product availability.
  • For products that we verify to be defective, we will reimburse you for your original shipping expenses, provided that your defective return must be shipped via ground shipment only. If you return your product via a faster, more expensive shipper, you incur the expenses yourself and any request for reimbursement will be denied. 
    Virtual Graffiti, Inc in its sole and absolute discretion shall be the sole determiner of whether a product is in fact defective.

Manufacturer Only Returns (Direct Returns):

  • Due to manufacturer's policies, certain items sold on our website may only be returned directly to the manufacturer.
  • Contact the manufacturer directly to arrange the return. Be prepared to provide the manufacturer with the following information: Date of purchase, Serial number, manufacturer part number.

Opened Software, Registered Licensing:

  • Software and License downloads are not returnable. All sales are final when software has been registered, activated or used. Exceptions must be approved prior to a return being authorized.