Applications are no longer contained in a single server or even a single data center. Virtualized and increasingly broken into microservice-sized pieces, they are more distributed and transient than ever before. And many must operate effectively in multiple data centers and cloud environments.

Few IT teams have adequate visibility, however, of how their applications are performing across and within these environments. How the applications are connected—to one another, to underlying systems, and to other services—can be a significant blind spot that creates a host of problems.

If you can’t see every endpoint, how they are all connected, and how data is flowing across a network, how can you make informed decisions about IT resources and allocations? How can you identify—or resolve—a performance or security issue? How can you establish and enforce policies that follow an application from environment to environment? And how can you make changes to applications or the underlying infrastructure without fear of breaking something?

Cisco Tetration™ provides a comprehensive and real-time view of how all applications are connected and performing across a hybrid IT environment. Full visibility enables the enforcement of detailed application policies wherever the workload resides. And with an open API, Cisco Tetration can be integrated with F5 BIG-IP to extend L4–L7 application visibility and policy control.

The benefits of Cisco Tetration + F5 BIG-IP:

  • Provides automated whitelist policy through behavior-based application insight. 
  • Enables efficient and secure zero-trust deployment with automated application segmentation. 
  • Enhances L4–L7 visibility and policy enforcement across on-premises data centers and private and public clouds. 
  • Identifies application behavior changes and policy compliance deviations in near-real time. 
  • Supports comprehensive telemetry processing in a heterogeneous environment to provide actionable insights in minutes. 
  • Ensures long-term data retention for deep forensics, analysis, and troubleshooting.


More visibility, more control

Virtualization, containerization, microservices, and workload mobility have rendered applications increasingly dynamic. And with 76 percent of data center traffic now being east-west[1], the communication patterns between application components are constantly changing. 

This has increased the attack surface and security gaps in many IT environments, placing significant pressure on network and security operations teams who must ensure business continuity, application availability, and data protection. To confront these challenges, network and security teams need better insight into their applications as well as automation to help generate and enforce whitelist policies.

Cisco Tetration addresses these requirements using unsupervised machine learning, behavior analysis, and algorithmic approaches. It’s a ready-to-use solution that helps accurately identify applications running in the data center, including their dependencies and the underlying policies between different application tiers. 

In addition, the platform is designed to normalize and automate policy enforcement within the application workload itself, track policy compliance deviations, and keep the application segmentation policy up to date as the application’s behavior changes. With this approach, Cisco Tetration provides consistent application segmentation across virtualized and bare-metal workloads running in public and private clouds as well as on-premises data centers.

Extending visibility and control to the application layer

Applications cannot perform effectively without application services such as load balancing, web application firewall (WAF), DDoS protection, and SSL VPN. These services—delivered in L4–L7—must therefore be addressed to attain an end-to-end understanding of application connectivity, performance, and security.

Did you know?

According to the F5 State of Application Delivery in 2017 Report, 74 percent of respondents indicated that they rely on more than 10 application services to support their applications in the network. And the average organization plans to deploy 17 application services in the next 12 months with DDoS, DNSSEC, and WAF leading the way.

To learn more, access the F5 State of Application Delivery in 2017 report.


Through an open API, Cisco Tetration can be easily integrated with F5 BIG-IP to extend application visibility and policy enforcement to L4–L7. The F5 BIG-IP platform is a smart evolution of ADC technology, providing load balancing, WAF, DDoS, L4 Firewall, and SSL VPN services to applications. F5 BIG-IP’s full proxy gives visibility into—and the power to inspect, encrypt, decrypt, and control—all of the traffic that passes through the network.

This combination of Cisco Tetration and F5 BIG-IP provides full visibility and policy enforcement from L2–L7.

Cisco Tetration + F5 BIG-IP: Flow Stitching

F5 BIG-IP, being a full proxy ADC, act like a server to the client and client to the server. A single traffic flow is split into two flows in Tetration flow table.  Using Cisco Tetration F5 BIG-IP IPFIX Collector Appliance, in conjunction with F5 BIG-IP IPFIX feature and iRules: Cisco Tetration Flow Table can build a relationship between the two flows.  This key feature provides administrator a L4-L7 insight of all F5 BIG-IP processed flows.

The F5 BIG-IP agent is a regular Tetration agent configured to only process F5 BIG-IP IPFIX packets: it decapsulates the IPFIX protocol packets, then processes and reports the flows like a regular Tetration agent.

Figure 1: Example of Flow Stitching data flow

Using F5 iRules technology, F5 and Cisco Tetration team can customize the type of events, data and statistics being sent by F5 BIG-IP.

Figure 2: F5 IPFIX iRules screenshot

After F5 BIG-IP IPFIX Collector Appliance is deployed, in Tetration Flow Search panel, a “Related Flow” option is now available:

                                                                   Figure 3: Cisco Tetration Flow Search “Related Flow”

Cisco Tetration + F5 BIG-IP: Policy enforcement

Network administrator can define network policy in Cisco Tetration Analytics Platform.  Tetration Network Policy Enforcement Agent subscribe to the Tetration Kafka topic, which contains the network policy update.  Based on the network policy defined in Tetration, the enforcement agent can translate into L4 firewall rules and update F5 BIG-IP AFM (Advanced Firewall Manager) using REST API.


The innovation extends the policy enforcement from host level to L4-L7 ADV device, allow administrator to build a truly zero-trust data center model.

Figure 4: Example of policy enforcement workflow.


Cisco Tetration is unlike any technology in the industry. The ready-to-use platform provides full, real-time visibility of application connectivity, dependencies, and performance across a hybrid IT environment. And it enables policy enforcement for secure, zero-trust operations and application segmentation.

Through an open API, Cisco Tetration can be easily integrated with F5 BIG-IP. Doing so provides unprecedented visibility and policy control spanning L2–L7. 

To learn more, visit: