It's an inline swiss-army-network appliance that can do a fuckton of things at the speed of packets or nearly so up to 100Gbs.

load balancing? check.

stateful load balancing? check.

ssl-termination? check.

HSM-enabled ssl-termination? check.

hardware accelerated ssl-termination? check.

firewall? check.

NG firewall? check.

compiled Lua/tcl (i forget which) scripts so you can program something insanely complicated? check.

SAML? check.

ISP sized NATs? check.

etc.

Plus, way more configuration knobs and options than you'd ever want at each network layer. Like, come up with a load balancing scheme where Tls1.2 clients using Poly1305-chacha20 get sent to a specific pool of servers while everything else goes to another pool, except for clients trying to use QUIC and who are coming from a specific range of IP. They go to another set of servers.

Maybe a better way to think of it is that it's a single device for tweaking anything L3-L7 for your server and parts of your network.

(used to work for f5, too, but i'm not sure how specific i can get with the nda).

Pretty much everything. :)

L4-L7 load balancing, distributed DNS, SSL offload, WAF, DPI, data centre firewall and other things. With a nice WebUI to configure all that.

The Tcl iRules allow you to hook into pretty much any stage of the request or the response L4-L7 at FPGA speeds to do whatever you wanted to the request / response data.

It's a very powerful product.

It is the corporate internet. The internet exists in the box, as far as your employees / security model are concerned. (as far as the security model is concerned, There Are Always Bugs - this is a feature).

If it weren't for the need for remote backups, email and such would be hosted there as well, and you could run a company on one of these with no access to the public internet at all. Accounting, finance, etc: all of it.

Were you thinking of Checkpoint (Nokia) IPSO[0]?

The earlier versions were based on FreeBSD 2.2.6.

[0] https://en.wikipedia.org/wiki/Check_Point_IPSO

Recent F5 systems are running CentOS 6.

Citrix Netscaler does use Freebsd, not sure which version off the top off my head.

Here's the ever excellent Eric Brandwine explaining what AWS does at L3 wrt VPC: https://www.youtube.com/watch?v=3qln2u1Vr2E

Here's the super versatile Colm Mac explaining what AWS does at L4: https://www.youtube.com/watch?v=8gc2DgBqo9U

---

Google has been very open about their network infrastructure, here's a nice summary from 2015: https://ai.googleblog.com/2015/08/pulling-back-curtain-on-go... and not mentioned in that blog... their NetworkLoadBalancer, Maglev: https://cloud.google.com/blog/products/gcp/google-shares-sof... (AWS equivalent of which would be HyperPlane: https://atscaleconference.com/videos/networking-scale-2018-l... allegedly based on S3's load balancer).

the short version is "magic".

The long version is, "varying degrees of horror"

This article provides some info: https://www.geekwire.com/2017/amazon-web-services-secret-wea...

That may be the case now, but ages ago it was just a fancy BSD box as far as I could tell. I used to be a reseller for their product circa 2000 and I wasn't aware of any proprietary hardware inside, just a really lean networking stack.

We were getting slammed on duty for the product and we were looking at ways of getting the appliances built locally using licensed F5 software, as the software itself wasn't as heavily taxed as the physical hardware. Everything in it seemed fairly commodity, except for the big F5 logo on the front.

It was an appliance that worked fantastically well. One deployment had an uptime of over ten years.