Coming October 25: PeerSpot Awards will be announced! Learn more

A10 Networks Thunder CGN OverviewUNIXBusinessApplication

What is A10 Networks Thunder CGN?

Extend IPv4 Connectivity
Solve IPv4 address exhaustion and extend the life of an IPv4 network infrastructure with carrier-grade NAT to ensure critical applications and services are always available and reliable.

Manage IPv6 Migration
Enable a smooth transition to IPv6 by supporting translation and tunneling between IPv4 and IPv6 networks.

Reduce TCO
High performance in a compact form factor results in lower OPEX and CAPEX through efficient rack space usage, lower power consumption and reduced cooling requirements.

A10 Networks Thunder CGN Customers

Leucom Group

A10 Networks Thunder CGN Video

Archived A10 Networks Thunder CGN Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Head of Global Network Infrastructure at a tech services company with 10,001+ employees
Real User
Leaderboard
Enabled us to collapse hardware- and software-based solutions into one
Pros and Cons
  • "The most valuable features are its ease of use and deployment, and being able to collapse several solutions into a single solution, all contained within a single bit of hardware and software."
  • "There are a couple of features that they could look to implement, versus the workarounds that they have in place. Regarding IPv4 and IPv6, there are a couple of opportunities in there that they are working on, as well."

What is our primary use case?

It's strictly for outbound NAT-ing to the internet. We are taking internal IPs and masking them from a private IP to a public IP to get to the internet.

For this application, everything is hosted on-prem. We are not using a cloud instance of this solution, but we do have cloud-based third-party solutions that are not associated with the A10 product.

How has it helped my organization?

We have been able to take a software NAT solution and a third-party hardware NAT solution and collapse them into a single solution on the A10 HW.

The solution has saved us money by our not having to purchase additional IPv4 number pools. The savings are on the order of $250,000, maximum, at the moment.

What is most valuable?

The most valuable features are

  • its ease of use and deployment
  • being able to collapse a couple solutions into a single solution, all contained within a single bit of hardware and software.

What needs improvement?

There was only one feature that we found was unavailable which required a workaround that is now in place (IPv6 NATing for a specialized reason).

For how long have I used the solution?

It has been in our environment and active for three months, but we ordered the solution about six months ago. It is a hardware-based appliance that sits in our data centers.

What do I think about the stability of the solution?

So far, the stability is good.

What do I think about the scalability of the solution?

The scalability is good for us. The 5440 HW is more than capable of handling our current traffic patterns allowing us to grow and not have to do in-place upgrades in the immediate to near term.  It's meeting a small portion of our overall network needs, but provides the solution that we sought out.

From a hardware standpoint, it makes up a small fraction of our overall deployment, but the usage behind it is very different from what we utilize our production data center hardware for. As I mentioned, it is just providing outbound NAT-ing for us. As we grow our data center space we would expand its usage and footprint.

We typically see changes in traffic due to our organic growth and ramp-up of internal services.

We plan to implement the following technologies/strategies in the next three years: keeping up with PFS/ECC encryption standards as they evolve. We may or may not move more applications to public cloud. Also, it's possible we could implement cloud repatriation of applications from public cloud to private data centers.

How are customer service and support?

Overall, I would give their technical support a 9 out of 10.

Which solution did I use previously and why did I switch?

We had an in-house, software-based solution and we had a hardware-based solution from another provider. We collapsed them down into this solution.

The benefits we consider most important when finding new technology include cost savings, customer satisfaction, and operational improvements. 

How was the initial setup?

The initial setup was straightforward in terms of configuration and understanding what was needed and how it was to be implemented. Utilizing the CLI on it was straightforward for my engineers. Interacting with the A10 team was quite easy. When we had questions in regard to NAT pool exhaustion, they had no issue jumping in to help us figure out what to do to mitigate it.

Due to our own issues, the deployment took three months.

Our implementation strategy was that we placed the HW in our data centers, and then we migrated 25 percent of traffic at a time, in each region. There are two regions. We started off with the East Coast and migrated 25 percent of the traffic from that region to it, then 50 percent, 75, and 100. We let it run stable over a course of time and then we did the same thing in the West coast region.

I have a team of 25 individuals using the solution. It's being supported on the engineering side by three folks and we have about eight of our operations folks involved.

What was our ROI?

We're getting there, in terms of ROI, being that it's only been three months. We're not there yet, but from a soft dollars perspective we are seeing ROI.

What's my experience with pricing, setup cost, and licensing?

Costs in addition to the standard fees are the maintenance and support, yearly which is not atypical.

Which other solutions did I evaluate?

We evaluated Palo Alto Networks. Without going into too much detail, pricing was definitely a factor, as was feature set, in going with A10.

What other advice do I have?

Do your research and figure out needs versus offerings. Don't pay for what you don't need with any vendor solution. Also, ensure you're picking a box that will allow you to scale out, versus having short-term solutions. Don't be shortsighted.

In terms of our biggest security concerns they include malicious code, hacking/cyber defacement, DDoS attacks, insider attacks, and brand damage/loss of confidence. Specific to DDoS, I would want to make certain that, outside-in, we aren't getting attacked, but we have a solution that we utilize to mitigate DDoS attacks, so it's not specific to the A10 product. But it would ensure that we aren't getting DDoS-ed on the A10 product. We have a third-party solution that helps to prevent that.

The malicious code concern would be more along the lines of something attacking the code on the A10 box. Again, we have preventative measures in place against an external intruder trying to get to that box and execute anything maliciously. In terms of hacking or cyber defacement, there is a general trend in the industry to ensure that it doesn't occur.

Since it's new to us, I don't see many areas for improvement. It's serving the purpose that it should and hopefully it will continue to do so.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Network Engineer at a university with 1,001-5,000 employees
Real User
Leaderboard
Extremely reliable; freeing up a lot of our IP space
Pros and Cons
  • "It has freed up a lot of our IP space and has been extremely reliable. We have set it up in a high availability scenario, testing it many times. It has been absolutely perfect in terms of failover."
  • "It is very easy to use. Both the GUI and CLI interface are consistent, which makes the ease of access throughout various constituencies possible. It's also well-documented and logical."
  • "They don't track concurrent port usage. We have to do that in another way and it's not a very clean way. That is something that I know they could do, but they don't."

What is our primary use case?

We use it for Carrier Grade NAT. We are a university with a lot of students. We use this solution to provide Internet access to students from our wireless network.

Currently, we're using 2.8.1-P1 Build 11 on most of the devices. I think we might have a different build on a couple of them.

How has it helped my organization?

It has freed up a lot of our IP space and has been extremely reliable. We have set it up in a high availability scenario, testing it many times. It has been absolutely perfect in terms of failover.

What is most valuable?

We use the fixed NAT feature. Students sometimes download copyrighted material which they're not supposed to, or do things they're not supposed to, then we need to be able to track back who was the user. Because it's on a NAT, we need a way to be able to bind the inside and outside addresses. This is why we use it.

It is very easy to use. Both the GUI and CLI interface are consistent, which makes the ease of access throughout various constituencies possible. It's also well-documented and logical. These are the things that I look for the most in ease of use.

What needs improvement?

They don't track concurrent port usage. We have to do that in another way and it's not a very clean way. That is something that I know they could do, but they don't. I don't know if maybe they have another product or something, but they don't do it in the product we have. The number of ports per device used would have been a big help to us. We had to figure that out ourselves.

For how long have I used the solution?

We have been using it for six or seven years.

What do I think about the stability of the solution?

It is totally stable. I can't remember one time that we have had a problem with it.

There are two network engineers who administrate it in the company.

What do I think about the scalability of the solution?

I have two instances of this solution. In our main production wireless scenario, we haven't hit a level of use which has seen it be deficient in terms of system resources. Therefore, we haven't pushed it far enough to find out where it starts to fail. We have tested it numerous times in terms of its failover from one to another and the system seems to maintain itself and sessions well. That all seems to be working well. We have another setup where we have a Carrier Grade NAT box that is supporting our research that has a 40 gig link to an Internet tool. This is a research network that frequently pushes the box to its maximum. That box is on a 40 gig link with a 38 gig capacity, in terms of throughput, and it seems to live up to that perfectly. 

Once installed, it handles 20,000 to 30,000 concurrent users going through the NAT, which is a lot. The bulk of the traffic on the network goes through these devices. They are critical, e.g., if they were to fail, a lot of people would notice it. I would be on the phone immediately. Luckily, we don't have that problem.

How are customer service and technical support?

When I have used it, the tech support has been really good. They understand the problem and are able to get to the bottom of it. They wait around to ensure you have it working/functioning and are not off to the next problem. 

I have never had a problem with them, unlike some vendors. The A10 Networks technical support is excellent.

Which solution did I use previously and why did I switch?

We have used things here and there, but we didn't do anything to this scale previously. We put our toes in the water with an earlier product from A10 that worked, then we rolled it out to this bigger environment.

We have a big indoor sports facility on campus for football, basketball, etc. We might have 30,000 to 50,000 people in it with wireless networking, but we don't want to give them all the addresses. Therefore, we use an A10 to support that. Because that worked well, we rolled it out to campus and have used it for everything.

How was the initial setup?

The initial setup was fairly straightforward. However, we still have an earlier version of it that it has improved from that to this. It was very similar, so I already knew how it was going to work. 

We tested it in a specific environment, then rolled it out to two other environments from that initial environment in HA pairs. The initial deployment taught me how to do it, then I was able to recreate that at three other locations.

What about the implementation team?

They sent a systems engineer onsite to help us so it took us less than a day to get it going and deployed. We had a good experience in that regard.

What was our ROI?

We have absolutely seen ROI. It saved us hundreds of IP addresses, and that's like gold. I don't even know how you put a price on that. If you think about it, we have concurrently 30,000 devices, and that's a lot of IP addresses. Before we had A10, we'd have something like 10,000 devices, concurrently. However, because everybody has a cell phone, tablet, laptop, and/or games in their rooms, nobody wants to plug in. Instead, they want to use the wireless network. We have just been able to stay ahead of that curve. I don't know where we would be if we would have run out of IP space.

What's my experience with pricing, setup cost, and licensing?

The cost to buy it initially was a single purchase price. This was a cost for the hardware and software, but we got a year of service with it. Annually, we pay them a service fee, but it's not much money.

We do not use the FlexPool consumption-based licensing model. I just learned of it. While we're interested in it, we're not doing it currently. They had called me a week to two ago about their licensing model. It has the ability to spin up VMs as needed for NAT, as well as their ADC, which is their load balancing stuff. We are considering that, as that is a pretty attractive feature.

Which other solutions did I evaluate?

We also looked into open source and Cisco. We went with A10 Networks because:

  • It was attractively priced.
  • It had all the features that we needed. 
  • It was relatively straightforward, in terms of the use. 

We could see how to do it and there wasn't a big learning curve. The company felt, if something happened to me, they would be able to find somebody else to step in and be able to do it without a bunch of hassle.

We use F5 for load balancing instead of A10 Networks.

What other advice do I have?

It handles everything that I ask it to do. I would totally recommend this as a method to alleviate IP address exhaustion. I would give it a nine (out of 10).

The solution's security features are good. We don't use a lot of security for this solution, as it's not required. We don't give students access to the solution.

The biggest lesson learnt: Some vendors don't lie.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user