A10 Thunder TPS Reviews

We use it for DDoS mitigation. First of all, we decided that outsourcing it or putting it out into the cloud was just too expensive, so we decided to build our own scrubbing center rather than outsource it to somebody else. We use it to protect against DDoS attacks.

It's on-prem.

Availability is absolutely critical to our business. We get attacked two and three times a day at times. Without it we'd be hamstrung, bandwidth-wise.

Although the attacks happen every day, they're not a big deal anymore because the mitigation takes care of it. But in the past, before we had the solution in place — there are other components to it beyond just the A10; the A10 is just the mitigation piece of our DDoS protection scheme. But before this whole solution was in place, it used to take two or three engineers half an hour to figure out how to mitigate an attack. Now, it's pretty much zero. We get an attack, we get an e-mail saying, "Hey, there's an attack underway." The systems that are in place redirect it to the A10, the A10 scrubs the traffic and it's not such a big deal anymore.

In terms of how much it has increased availability, being that we get attacked two or three times a day, with some of them we probably we wouldn't really know they were happening. But some of them would take us to our knees. We've never really measured it. We're a service provider in the Northeast region, so we've got lots and lots of bandwidth. It has helped a lot, but I couldn't put a number on it because we're always up.

In terms of small attacks we were getting but missing prior to having Thunder TPS, we're over 200 Gig in the backbone now, but we never saw a lot of those little, what I call "squirt-in-the-eye" attacks before. We had a 50-Meg customer out there that was getting DDoS'ed at a 100 Meg. We would've never seen that before. We would have never mitigated it. The customer would have called and said, "Hey, my circuit's down," and we would have looked at it and spent time trying to figure out what's up with the circuit. Then somebody would have looked at their bandwidth charge and said, "Oh, you're maxed," and the customer wouldn't understand why they were maxed. Now, the DDoS solution we put in place sees those small attacks, mitigates them, and the customer never calls.

It has absolutely made a big difference for our customers. DDoSes are happening every moment of the day. We just never know who we're protecting from a given attack or why, but it just happens automatically and we don't really worry that much about it any longer.

All it does is mitigation. It mitigates and scrubs bad traffic. We send the bad traffic to it, it determines the good traffic and allows the good traffic to come through. That's the only feature we use on it, the DDoS mitigation.

Given its 1RU form factor, the performance has been excellent for us so far. What they said was that it is about 38.5 Gig of throughput. We've not really hit that yet, we haven't tested the extremes, but so far it's doing well and we haven't had any performance issues.

The response time to an attack is instant. We've used some outsourced solutions in the past, out in the cloud, that weren't so quick. But it's all within our control now. We control how fast it mitigates.

We have 100 percent uptime.

We haven't found that it's helped us to scale defenses because we have pigeonholed it to do one thing and that's DDoS. So it hasn't helped us scale but it's helped us retain customers who otherwise probably would have been angry and left us, thinking it was our fault that they got DDoS'ed. But defense scale-wise, no. Although we're still scaling up like crazy, it's not due to this DDoS product whatsoever.

We haven't experienced any issues with performance. But again, we haven't put that much traffic on it yet. I'm sure it's coming. I'm sure, some day, we'll get a DDoS attack that's more than 40 Gig and then we'll have an answer for how it scales.

Their tech support has been excellent. Every time we've had to call them they have been very responsive and always fixed our problem within minutes. It's been excellent so far. 

I believe the last issue we had to contact them about was just a question of a false-positive. The A10 system wasn't supposed to decide what is a false-positive. So if we send it good traffic, it's supposed to just pass that good traffic through. But we opened this last ticket because the A10 did block some of the good traffic. Their support had to tweak it a little bit, but it wasn't anything that took a long time. It was pretty much just minutes. They understood what the issue was. They tweaked something and fixed it.

What we signed off on when we signed the contract with them was very specifically DDoS mitigation. We went over all the specs of what we intended the system to do. They met all the specs better than the other vendors as far as the throughput, the footprint, and cost went. So we went with them.

The main reason we switched was cost. The cloud solutions were very expensive and, as we sent more traffic, of course, the prices went up. And it was a huge variable. We couldn't budget saying, "We're going to spend X amount of dollars per month on DDoS," because it all depended upon how much traffic we sent to those mitigation servers. If we got attacked one month a couple of hundred times, our expense there could have been tens of thousands of dollars a month. We were not willing to play that game and have that much variability in our expense. By putting this system in, it's our system, so we use it as much as we need to, and we don't pay a monthly expense. We pay A10 for support and that's it.

There was also a difference in response time between A10 and the cloud solutions because now we completely control the solution. Whereas, when we were outsourcing it, we didn't control any of it. So we would send traffic and hope that their mitigation system wasn't overtaxed. Their detection system, sometimes, could also be a little overtaxed and delayed, because there was the internet. We were sending traffic, sending our stats, across the net to their detection system. Their detection system would analyze that traffic, send a response back, and then mitigate if it had to. We had to send that traffic back out onto the public internet. So there was a lot of delay and a lot of variability in the response times. Now it's completely on our network and we control everything about it. So we get much faster response time in mitigation and detection.

The initial setup was very simple. Again, we only use one feature, so the complexities of the setup were pretty much nil. They asked us how much traffic we intend to send to this thing. We spec'ed out the box. They said, "Well, this is the box you want." We did some 15 or 20 minutes configuration of the box and that was it. It was up and live. Everything was done in an afternoon.

A10 did the initial config while it was all at our site. They did it remotely. It went flawlessly. It took about an hour or two hours and it was done. We've not had to change the configuration or anything about the box itself since we installed it.

There were three people involved in the deployment. Two others and me. I didn't do any of the configuration. I was just overseeing the whole project.

ROI is a tough one on this solution because it doesn't make us money, but it potentially saves us from losing some customers. I don't know how many customers would have left us if they got DDoS'ed or if our network didn't perform. So ROI on something that doesn't create revenue is a big, black hole. We don't know what would've been. 

We don't charge for this, so there's no revenue associated with it. I'm sure it's saving us some revenue but, day one, it also saved expense. It actually cost us less to put this box in. For the expense that we were paying out to the cloud providers before, it was probably just a couple of months before it broke even with that expense that disappeared.

It was so variable, based on traffic. Some months we would spend $30,000 with that cloud provider and other months we'd spend $5,000. It was all based on the number of attacks that we would get. If we had a bad month of attacks, or even one bad day where somebody attacked us for 20 or 24 hours straight, we could be looking at spending $30,000 or $40,000 with that cloud provider. Today, it's nothing. There's no expense.

Pricing is very reasonable.

In the past, we've used other cloud-based solutions.

Don't even think twice about doing it. It's a given in this day and age; you just need to do it. You need to have some form of DDoS mitigation in place. And if you don't, God be with you. It's not a matter of if you will be attacked. A lot of ISPs think, "Oh, I'm too small," and even some enterprise customers think that way: "I'm too small. Nobody's going to attack me." These botnets don't care. They don't even know who you are. They just start sweeping IPs and, if they find some vulnerability or somebody decides that they'd like to attack even a customer of ours, it's going to happen. It's happening whether you know it or not, already.

The big thing was to get a lot more visibility into the types of DDoS attacks that we were getting, because now we had full access to the gears. One of the biggest lessons we learned — because we all assumed that non-volumetric attacks were not a problem for the provider — is that they were a problem. We just weren't seeing the problem. Some of our customers may have seen the problem, like a small DDoS attack against their DNS servers. DNS response time might've been delayed by just a fraction of a millisecond per query because of that DDoS attack, but in the grand scheme of things, with thousands of customers hitting that, it ended up being multiple milliseconds. That was something that we learned right off that was a "wow." When we looked at the response times of some of our servers that we never mitigated these attacks on before, it was big, overall.

The only automation features we use are the DDoS. We have other systems in place for the detection piece of it. That's the only feature we use. When it gets traffic, it mitigates it and that's pretty much it. We want to keep it extremely simple.

We haven't thought about where it has room for improvement because it is working so well right now. Again, we only use it for one very specific feature and that's the DDoS mitigation. It's doing what it's supposed to be doing right now. I don't have any enhancements I'd like to see on the product yet because we've not really used it for many of the features it's capable of.

In terms of maintenance, our company has a group that just updates software. That's all they do. They look at different systems in the network, Linux boxes, Windows boxes, appliances like this. They may spend half-an-hour a month if there are any updates to it. All they do is go to the web site and see if there are any updates. If there is an update, they look at what should be applied and they check with the different groups to see if they absolutely should apply it and then they download it.

We don't have plans to use any other features, but we do have plans to implement another system that our customer-support folks are looking at, to be able to do DDoS mitigation per customer. Right now my group, the engineering group, uses this system to protect the network as a whole, but we don't look at specific customers and say, "Well, that customer's getting a very small DDoS attack on their SQL server." We won't mitigate that because it doesn't affect the inner network. We would mitigate something that was a couple of hundred meg that we saw was malicious to the entire network, and that customer might benefit from it. Now, we're looking at selling this to customers. So if a customer calls and says, "Can you mitigate this attack against my SQL server?" the new system would be sensitive enough for even a tiny, little attack. Whereas, the system that we have now wouldn't. We'll probably do that in the next six months.

I'd give A10 a ten out of ten. I have no reason to subtract any points from it at all.

Availability is very critical for us. We use it to mitigate DDoS attacks for rural North Dakota. We really don't use it to identify attacks, we use third-party software, a Kentik solution, to identify anomalies within the IP stack. Then, we turn around and send mitigation profiles to the A10 based on an API call, and the A10 initializes a BGP session to our core routers to offload that traffic and mitigate it.

We provide hosted solutions so our deployment of A10 is private cloud.

Our setup is something of a hybrid solution. We're using the third-party software, the Kentik solution, but we also have some clients that are directly connected to TPS. There is a 30-second delay in time to mitigation for clients that are not direct. By the time that third-party solution identifies something and sends it, via API, to the TPS, there's about a 30-second delay. When we have customers that are directly connected, they have just about instantaneous mitigations with TPS.

We use that inline setup as a premium service. If customers can tolerate a small spike in traffic flow until the mitigation happens then we'll just leave them on the Kentik solution. If they want it instantaneously then we'll put them inline and connect them directly to the TPS for that. Customers who opt for the premium service include financials, utilities - anything which needs that instant mitigation and understands the threat of DDoS. Some entities can tolerate it if they're down for a minute or two minutes and it's not crucial that they pay the extra dollars.

Overall, DDoS attacks affect small-town North Dakota in a fairly large fashion, meaning that they could affect infrastructure from schools to county courthouses to libraries, etc. Those places aren't directly associated with the target of the attack but the appliance itself and the solution in general allow for the protection of those services in those communities. It has been very successful.

The solution has reduced the amount of manual intervention required during an attack. We have the inline solution and when it comes to the customers that we have on it, it has saved us some troubleshooting time. If we can see that there is an active zone, we know that their traffic is being mitigated. If a customer calls and says, "Hey, I have internet problems", one of the first things we check is if there's a DDoS attack happening.

Anytime you filter, you set up thresholds, you can identify your traffic patterns a lot better.
It has helped in that aspect as well. We did miss attacks previously.

We're just using a portion of it, the mitigation aspect.

If there's one aspect of A10 that needs improvement it would be the training. All of their training is done online, at least in what we've been exposed to. I would like to have a classroom environment for training. I would like to say, "Okay, if we have three or four people who need to get trained up, we want to send them to a classroom." That way they're detached from their home office and have the lab facilities. They can have a classroom environment or experience instead of a virtual classroom. It would give them a chance to provision it. There's a better experience in a classroom than in a virtual classroom.

It's not a terrible issue, but the training was the biggest thing that we faced. We're two years into this and we haven't done all the training probably needed to fully support it, because our deployment is very limited. But when we did want to pursue training, I believe that the training was all virtual.

It's been rock solid. We haven't had any issues with power supplies or software anomalies. It's been a pretty good platform.

For our deployment, we're probably not even using ten percent of its capacity as far as throughput port space. For us, the scalability is very high. For us, it's like investing future-forward.

The usage potential increases daily, exponentially, based on the internet curve. But we're just using a small percentage of the features and a small percentage of its capacity.

We have about 200 customers that have access to the solution with 100,000 users on their side. We carry something like 80 Gig of internet traffic into the state. Because we're using that third-party for the majority, TPS doesn't see all that 80 Gig of traffic. It only sees the traffic that has been identified by the third-party software. The TPS isn't necessarily handling packet, packet, packet, packet; it's handling only packets that are being sent to it by the third-party. In that scope of scalability, it's almost exponential because we're only identifying the traffic flows and patterns that need to be mitigated.

We have opened a few tickets with TAC and they've been good, along with their sales engineering team. We may have a customer that will have an atypical type of deployment. In that case, we'll bring in the sales engineering team or TAC and they'll get us in contact with an expert in that field. Their tech support has been very good.

We did not have a previous solution.

The initial setup was pretty straightforward. You set up your routing tables, your interfaces. There was no magic there.

We have two and we had them both up and running within three or four days, meshed with our network. The process was to get it connected to our core internet routers and have it start talking to a third-party software and, after that, start the mitigation processes.

We mostly did it ourselves. From the A10 side, we had our sales engineer and we had a few calls with their support staff. Based on that, we developed a roadmap and then we self-installed and deployed it.

Our situation is unique because we're owned by the 14 independent broadband providers in North Dakota. So we may not directly see an ROI because the bandwidth of the DDoS traffic basically gets to us. However, we save that extra bandwidth to our owner companies from downstream services. We're saving our members money with the solution.

We did a proof of concept and had a bake-off between Arbor and A10 and Kentik. Because of the reports that we wanted and how we wanted to handle things, the third-party and the A10 solution were technically the best, and scalable.

The flexibility of solutions was important to us. We have the ability to either go inline, to connect directly to the TPS, or to bring it through the third-party. That in itself was a major selling point because we're not stuck with one solution. If we decide that we want to change third-party vendors, we're not married to it. We can shop around and if there's something better that comes out, we can still interface the TPS system with that new software. It meant we weren't just saddled to one vendor for a DDoS solution.

Do your research to understand your solution options. Then, have a PoC bake-off and task the system. Identify ad-hoc anomalies in your test-bed and look at the time to mitigation. Look at different types of situations to see, if an anomaly comes along, how long it would take you to deploy an ad-hoc solution or redirect the traffic. Research and proof of concept is our biggest thing. We never do anything without doing them thoroughly.

The biggest thing I have learned is how many attacks there are and how many different ways the attacks happen, throughout an attack. You can have a DNS attack, you can have an ICMP attack. You can have all these different flavors of attacks. That was probably the biggest eye-opener for me. When you hear the word "DDoS," everything gets put into a container. It's not until you look into the container that you see all the different types of attacks that are summed up by that word.

The solution has been rock solid for us. We haven't had any issues. We've had numerous attacks and it's worked perfectly.

I don't know that it has an increased network availability notably but it has added to it. Instead of having four-nines of availability, we've got five-nines. It's a solution and a package, so it's not our only tool in our toolbox.

We only use the TPS side of it and we're not 100 percent trained up on it, even though we've had two years of deployment on it. We don't know the whole, full-meal deal on what it can do. There's a possibility we'll go to the load balancing and some of those features. Even though we have hosted solutions, we don't have enough because we're a small company. There are other features but we'll explore those as we need.

We have just two people who have access for configuration of the solution and its operations, in our engineering operations.

I would have to rate A10 TPs as a nine out of ten. We've been very happy with the product. Of course, we don't want to give tens because then get people get cocky about it. 

We are the main distributor for A10 Networks. It is used as an appliance. It is mainly used to identify problems in the network. It helps us to stop any type of DDoS attack.

We are using its latest version.

They give us the ability to configure many features for DDoS. There are many items that we can use.

It is very difficult to implement. It should be made a bit easier to implement. There is also a lack of resources on the internet. They need to develop more resources.

We have been a distributor for more than five years.

It is mostly stable.

Their support is good, but it is not excellent.

It is very difficult to do the setup. It needs to be a little bit easier. There are not many resources on the internet for help, and there are also not many people who have knowledge of this product.

Its implementation takes two to three weeks. Two engineers are usually enough.

Before implementing this solution, you should know and get complete information about the features that are possible and that are not possible.

I would rate it a six out of 10. It should be easier to set up. Currently, it is very difficult.

One of the largest persistent threats to service uptime is Distributed Denial of Service Attacks (DDoS). The networking industry and business analysts are seeing a trend in increasing DDoS attacks. These attacks are occurring more frequently and with greater intensity and increased sophistication. Legacy DDoS protection solutions suffer from the following fatal limitations that have made them ineffective at protecting against these attacks:

• Lack of flexibility

• Inability to scale

MULTI-VECTOR ATTACK PROTECTION

Detect and mitigate DDoS attacks of many types, including volumetric, protocol, or resource attacks; application-level attacks; or IoT-based attacks. Hardware acceleration offloads the CPUs and makes Thunder TPS particularly adept to deal with simultaneous multi-vector attacks

The A10 aGalaxy management system provides centralized management of Thunder TPS systems and policies, orchestrates detection and mitigation of DDoS attacks, and delivers a single-pane-of-glass view of the generated reports across all managed Thunder TPS appliances.

No need to license each feature to activate it, it got a perpetual licensing and everything is there, you just have to configure and enable the feature when you need it.

Select Thunder TPS hardware models to benefit from our Security and Policy Engine (SPE) hardware acceleration, leveraging FPGA-based FTA technology and other hardware-optimized packet-processing for highly scalable flow distribution and hardware DDoS protection capabilities.

Our primary use case is for our support ticketing and invoice generation. We're resellers and we provide it to our customers. 

Our other use cases are for keeping a record of all the invoices and we use it for our sales to track the accrued sales. 

We can keep track of all the customer's requirements. We can forecast our trails and we can forecast our overall financial things.

We are really trying to improve our sales module. When we need to see our exact payments and invoices we can track which payments and invoices are due so that we can make sure that all the invoices are done on time.

I would like for them to develop an advanced reporting feature. 

It is very stable. We're using a very basic model and it's the basic version. There are very few features so for those features, it is very stable. If we decide that we're going to implement more features into it, then there could be some concern about the stability of the product.

Scalability is fine. 

We have sixteen users. On the support side when we generate tickets, we are quoted fifty plus customers that are on this solution.

The initial setup was straightforward. Deployment only took a few hours. The  user training takes at least a day and then the whole site will go up in around a weeks time. It's all web-based so the back ends sometime require us to make changes but overall it's pretty simple and straightforward.

We only require one staff member for maintenance. 

I would rate it a seven out of ten. 

We use A10 Thunder TPS as an anti-DDoS tool.

The solution is easy to use and implement in terms of operations.

The solution needs improvement in terms of fail-open. We need separate fail-open kits connected to A10 Thunder TPS and the network so that network traffic will pass through normally when the tool goes down.

I have been using A10 Thunder TPS for more than two years.

A10 Thunder TPS is a very stable solution.

The solution is more suitable for medium-sized companies.

The solution provides good technical support.

The initial setup of the solution is moderate, and it is neither easy nor very hard.

Arbor is more famous than A10 Thunder TPS, and more people use it.

It was easy to integrate the solution with our current IT workflow. I would recommend the solution to other users.

Overall, I rate the solution a seven out of ten.

We use A10 Thunder TPS for load balancing, especially server load balancing.

The solution's firewall features are the most valuable feature of the solution. I think we can use all the features or capabilities that come with the product's license. Maybe today, we are just implementing an SOP or LOB.

We have had some issues with implementation. So, it is the only area that needs improvement. However, I have no issues with the product, so it is probably fine.

I have experience with A10 Thunder TPS.

The solution's support is one of the coolest things about the product. I rate the solution's technical support an eight and a half out of ten.

Positive

We are currently having some issues with the implementation. I think it is because the partner is not ready for implementation, and it's not that they don't have the experience. So, even though we have some issues right now with implementation, the product is very good.

The solution's price is one of the coolest things about the product. We may need to pay fifty percent more if we purchase other solutions. For the payments made to A10 Thunder TPS, we have received three-year support.

I rate the overall product a nine out of ten.