SlideShare a Scribd company logo

A10 Networks: Delivering Data Center to Data Center communications securely

David Ayoub
David Ayoub

A10 Thunder ADC delivers critical services in the most efficient hardware- and software-based form factors. Thunder ADC product line maximizes rack space and reduces power consumption (via optimal ADC CPU and memory optimization, infrastructure optimization and overall data center cooling). The product line is built upon A10's Advanced Core Operating System (ACOS®) platform, with our Symmetric Scalable Multi-Core Processing (SSMP) software architecture that delivers high performance and a range of deployment options for dedicated, hosted or cloud data centers.

Technology
1 of 4
Download to read offline
SOLUTION BRIEF 1 Data Privacy Challenges Organizations of all sizes rely on IPsec VPNs to prevent snooping and data theft and to address compliance. IPsec provides a cost-effective and secure way to transfer data over IP networks. While IPsec is a mature and well understood technology, new networking paradigms like cloud computing, as well as escalating bandwidth requirements, are compelling large enterprises and service providers to rethink their VPN strategies. As a result, organizations need to develop VPN architectures that can: • Support unprecedented IPsec throughput levels • Leverage BGP routing for high availability and rapid scaling • Spin up new IPsec tunnels and gateways on-demand in cloud environments • Minimize power consumption and rack space requirements for data center efficiency Organizations need a solution they can trust to deliver reliable IPsec connectivity, and one that can interoperate with their existing routers and IPsec VPN gateways. High-Speed IPsec Encryption with A10 A10 Networks® Thunder® ADC line of Application Delivery Controllers includes IPsec encryption capabilities that enable enterprises and service providers to build out large-scale VPN deployments. By supporting up to 20,000 VPN tunnels per Thunder ADC platform and a broad array of encryption algorithms and data integrity methods, organizations can deploy Thunder ADC alongside their existing VPN equipment or build out new VPN networks with Thunder ADC appliances. Thunder ADC supports a comprehensive set of features in addition to IPsec VPN, including advanced server load balancing, Network Address Translation (NAT), IPv4 and IPv6 routing, and access control lists. By delivering a wide range of networking features, organizations can support complex network designs and granularly control access to remote resources without needing to deploy and manage numerous appliances. All of these features, in addition to IPsec, are provided standard with Thunder ADC as part of A10’s all-inclusive licensing. High Availability and Rapid Scaling For many organizations, VPNs serve business critical functions such as data migration, disaster recovery, remote user access, and connecting data centers to cloud networks. Regardless of the use case, organizations depend on VPNs to run their business and these VPNs must always be available. THUNDER ADC IPSEC VPN Encrypt Traffic on a Massive Scale and in the Cloud Challenge: To protect communications, organizations need to encrypt data at high speed and scale out VPN tunnel capacity on-demand. Solution: A10 Networks empowers organizations to reduce their data center footprint and ensure data privacy with integrated, high-performance IPsec VPN and load balancing. Benefits: • Consolidate IPsec VPN, server load balancing and stateful firewall functionality • Encrypt data at unparalleled speeds • Reduce rack space and power requirements • Scale capacity by launching new VPN gateways on-demand
2 Thunder ADC supports an array of clustering, high availability and dynamic routing features that maximize uptime, not just for IPsec VPN routes but also to ensure connectivity to servers and applications. High availability and scaling features include: • Route monitoring and failover – Using A10’s enhanced Virtual Router Redundancy Protocol implementation, VRRP-a, Thunder ADC can monitor route and VPN gateway failures and rapidly failover traffic to a passive Thunder ADC appliance. Supporting up to eight appliances in a cluster, VRRP-a can detect unresponsive services, servers and applications and identify infrastructure failures. With A10 Virtual Chassis System (aVCS®), multiple A10 devices can function as a single virtual chassis, with a single point of control and centralized statistics. • Intelligent routing to increase VPN capacity – Thunder ADC supports Border Gateway Protocol (BGP) routing, which not only allows BGP routers to communicate across IPsec VPN tunnels but also enables organizations to boost IPsec capacity simply by deploying more Thunder ADC appliances. Using BGP, Thunder ADC deployments can scale to support terabit bandwidth requirements without complicated network designs or forklift hardware upgrades, and they can deploy more Thunder ADC appliances to increase IPsec throughput. VRRP-a integrates with BGP to inject routes and ensure smooth route failovers. Thunder ADC also supports Bidirectional Forwarding Detection (BFD) for fast path failure detection and route convergence. • Bandwidth aggregation by load balancing traffic over multiple paths – Thunder ADC leverages Equal-Cost Multipath (ECMP) routing to increase total IPsec VPN bandwidth. ECMP, combined with BGP, allows routers to support multiple network routes simultaneously, allowing Thunder ADC to load balance traffic across multiple paths to boost overall VPN capacity. Cloud and On-demand Provisioning Organizations are moving their infrastructure to the cloud to optimize computing efficiency and lower capital and operating expenses. As they migrate to the cloud, they need their VPN infrastructure to migrate with them. However, cloud architectures introduce new requirements that do not exist in physical data center networks. To realize the benefits of cloud computing, cloud architectures must support automation, agility and on-demand scaling. And, organizations must ensure that their VPN services support this new cloud networking paradigm. VPN services should integrate seamlessly with application networking services, SDN technologies and other data center infrastructure. Organizations should be able to provision VPN instances with the same cloud orchestration systems they use to manage their cloud applications. Thunder ADC empowers organizations to implement high-capacity VPN services in the cloud. Supporting an array of form factors, including high-performance virtual appliances, physical appliances and hybrid virtual appliances, A10 provides organizations the flexibility to build a VPN architecture that meets the unique requirements of cloud networks. Thunder ADC integrates with software defined network (SDN) fabrics using Virtual Extensible LAN (VXLAN) and Network Virtualization using Generic Routing Encapsulation (NVGRE) to support automated network configuration and service chaining support. Integration with cloud orchestration platforms such as Microsoft System Center Virtual Machine Manager (SCVMM) and OpenStack, enables centralized provisioning of VPN services. Pay-as-you-go licensing with utility and rental billing models allows organizations to align VPN licensing with the licensing models of other cloud-based services. aCloud Services Architecture enables cloud data center operators to deliver advanced application delivery and IPsec VPN services while improving agility. The high availability, scalability and security features supported in physical networks, such as dynamic routing and redundancy, are also supported in cloud environments. This means that organizations can leverage BGP routing and VRRP-a to scale out their VPN networks and to maximize uptime. Internet BGP Cloud Thunder ADC 1 Thunder ADC 2 • IPsec VPN • Access Control Lists • BGP • BFD Data Center Multi-Site VPN Thunder ADC n Thunder ADC VPN Site 2 Thunder ADC VPN Site 1 Thunder ADC VPN Site 3 Encrypted VPN Tunnel • IPsec VPN • Access Control Lists • BGP • BFD Figure 1: Thunder ADC can connect to multiple VPN sites over a BGP cloud.
3 High-Performance Architecture Thunder ADC leverages unique software and hardware design advantages to deliver exceptional IPsec performance. The A10 Networks Advanced Core Operating System (ACOS®) powers Thunder ADC appliances. Built from the ground up to maximize the performance of multicore CPU architectures, ACOS can linearly scale compute processing as more CPU cores are added, providing unparalleled performance in a compact form factor. ACOS uses scalable symmetric multiprocessing (SSMP) to leverage supercomputing techniques for parallel processing and to maximize the performance of multicore architectures. Due to its highly scalable 64-bit operating system optimized for multicore architectures, Thunder ADC hardware and A10 Networks vThunder® ADC line of virtual appliances deliver unmatched IPsec VPN performance. Select Thunder ADC hardware models include dedicated security processors that accelerate IPsec encryption speed. Supporting up to four quad-chip security processors on a rack-mountable appliance, Thunder ADC provides fast IPsec encryption without forcing organizations to deploy cumbersome and inefficient chassis-based systems. • IPsec VPN • BGP • ECMP • IPsec VPN • BGP • ECMP Internet Thunder ADC Thunder ADC Router Users Users Firewall Thunder ADC Thunder ADC Thunder ADC Thunder ADC RouterFirewall Figure 2: Users can forward traffic destined for the remote VPN site through the Thunder ADC appliance and send all other traffic directly to the Internet. IPsec VPN Specifications Keying Methods • IKEv1, IKEv2 Authentication Methods • RSA Signature, Pre-shared Key, PKI Key Exchange Diffie-Hellman Groups • 1, 2, 5, 14, 15, 16, 18 Encryption Algorithms • DES, 3DES, AES-128, AES-192, AES-256 Data Integrity • DES, 3DES, AES-128, AES-192, AES-256 Maximum Number of IPsec Tunnels Supported • 20,000i RFCs Supported • RFC 6071, 2407, 2408, 2409, 3526, 3706, 3947, 7296, 4307, IANA- IKEv2, 4301, 4303, 4308, 3602, 3986, 4304, 4868 (partial), 2560, 5280, draft-nourse-scep IPsec VPN Features • NAT traversal • Dead peer detection • Perfect Forward Secrecy (PFS) supportii • Life bytes and time rekey • Extended Sequence Number (ESN) • L3V partition aware • Route-based VPN • OSPF, BGP and Bidirectional Forwarding Detection (BFD) over IPsec tunnel • ECMP support • Integration with server load balancing and Network Address Translation (NAT • UDP encapsulation • TCP maximum segment size (MSS) clamping • Public key infrastructure (PKI) support with Simple Certificate Enrollment Protocol (SCEP), Online Certificate Status Protocol (OCSP) and certificate revocation list (CRL) distribution points • Prioritized Internet Key Exchange (IKE) packets for hardware- accelerated Flexible Traffic Accelerator (FTA) appliance models • Software and hardware-based encryption, with dedicated security processors in select hardware models Cloud Integration • Integration with cloud orchestration systems such as Microsoft SCVMM, OpenStack and VMware vCloud Director • vThunder virtual appliance support • On-demand provisioning of data-driven and command-driven tunnels High Availability • Virtual Router Redundancy Protocol (VRRP-a) • Security Association (SA) sync and session sync • Active – Active topology support • Sub-second failover with BFD and route health check i Actual maximum number of supported VPN tunnels may vary by appliance model. ii Available in ACOS 4.0.1
4 Corporate Headquarters A10 Networks, Inc 3 West Plumeria Ave. San Jose, CA 95134 USA Tel: +1 408 325-8668 Fax: +1 408 325-8666 www.a10networks.com Part Number: A10-SB-19132-EN-01 Jan 2015 Worldwide Offices North America sales@a10networks.com Europe emea_sales@a10networks.com South America latam_sales@a10networks.com Japan jinfo@a10networks.com China china_sales@a10networks.com Taiwan taiwan@a10networks.com Korea korea@a10networks.com Hong Kong HongKong@a10networks.com South Asia SouthAsia@a10networks.com Australia/New Zealand anz_sales@a10networks.com To learn more about the A10 Thunder Application Service Gateways and how it can enhance your business, contact A10 Networks at: www.a10networks.com/contact or call to talk to an A10 sales representative. ©2015 A10 Networks, Inc. All rights reserved. The A10 logo, A10 Lightning, A10 Networks, A10 Thunder, aCloud, ACOS, ACOS Policy Engine, ACOS Synergy, Affinity, aFleX, aFlow, aGalaxy, aVCS, AX, aXAPI, IDaccess, IDsentrie, IP-to-ID, SoftAX, SSL Insight, Thunder, Thunder TPS, UASG, VirtualN, and vThunder are trademarks or registered trademarks of A10 Networks, Inc. All other trademarks are property of their respective owners. A10 Networks assumes no responsibility for any inaccuracies in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Because of Thunder ADC’s high-performance and data center optimized design, organizations can reduce the number of appliances they need to provision, lowering capital and operating expenses as well as reducing data center rack space and power costs. Summary Organizations need a solution they can trust to deliver reliable IPsec connectivity, and they also need one that can interoperate with their existing routers and IPsec VPN gateways. Thunder ADC’s IPsec VPN capability enables organizations to encrypt traffic at high speed and support BGP routing and on-demand VPN provisioning. Using Thunder ADC’s IPsec VPN technology, organizations can: • Meet growing IPsec throughput requirements by leveraging A10’s 64-bit ACOS platform and specialized security processors • Consolidate IPsec VPN, server load balancing and stateful firewall functionality on a single device • Lower hardware, operating and maintenance costs with Thunder ADC’s data center efficient design • Support public, private and hybrid cloud provisioning and BGP networking requirements About A10 Networks A10 Networks is a leader in application networking, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, California, and serves customers globally with offices worldwide. For more information, visit: www.a10networks.com

Recommended

Dynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data CentersDynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data CentersA10 Networks
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
04 (IDNOG02) Cloud Infrastructure by Dondy Bappedyanto
04 (IDNOG02) Cloud Infrastructure by Dondy Bappedyanto04 (IDNOG02) Cloud Infrastructure by Dondy Bappedyanto
04 (IDNOG02) Cloud Infrastructure by Dondy BappedyantoIndonesia Network Operators Group
 
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930A10 Networks
 
Dynamic L4-7 Services for Cloud Data Centers
Dynamic L4-7 Services for Cloud Data CentersDynamic L4-7 Services for Cloud Data Centers
Dynamic L4-7 Services for Cloud Data CentersA10 Networks
 
Ccs 720 xp-datasheet
Ccs 720 xp-datasheetCcs 720 xp-datasheet
Ccs 720 xp-datasheetabenyeung1
 
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad IrzanIndonesia Network Operators Group
 
OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015Scott Sneddon
 

Recommended

Dynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data CentersDynamic L4-7 Services for OpenStack Cloud Data Centers
Dynamic L4-7 Services for OpenStack Cloud Data CentersA10 Networks
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
04 (IDNOG02) Cloud Infrastructure by Dondy Bappedyanto
04 (IDNOG02) Cloud Infrastructure by Dondy Bappedyanto04 (IDNOG02) Cloud Infrastructure by Dondy Bappedyanto
04 (IDNOG02) Cloud Infrastructure by Dondy BappedyantoIndonesia Network Operators Group
 
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930
Thunder Series Unified Application Service Gateway (UASG): 3030S, 1030S and 930A10 Networks
 
Dynamic L4-7 Services for Cloud Data Centers
Dynamic L4-7 Services for Cloud Data CentersDynamic L4-7 Services for Cloud Data Centers
Dynamic L4-7 Services for Cloud Data CentersA10 Networks
 
Ccs 720 xp-datasheet
Ccs 720 xp-datasheetCcs 720 xp-datasheet
Ccs 720 xp-datasheetabenyeung1
 
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad Irzan
09 (IDNOG02) Services SDN & NFV Delivering more with less by Mochammad IrzanIndonesia Network Operators Group
 
OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015Scott Sneddon
 
A10 Thunder Convergent Firewall (CFW)
A10 Thunder Convergent Firewall (CFW)A10 Thunder Convergent Firewall (CFW)
A10 Thunder Convergent Firewall (CFW)A10 Networks
 
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...Kiran Sirupa
 
A10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Networks
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSA10 Networks
 
The Cloudification of the Data Center Network
The Cloudification of the Data Center NetworkThe Cloudification of the Data Center Network
The Cloudification of the Data Center NetworkEnterprise Management Associates
 
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...A10 Networks
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overviewRoshan Dias
 
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesA10 Networks
 
Don't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't ScaleDon't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't ScaleReal-Time Innovations (RTI)
 
Implementing the Hybrid Data Center
Implementing the Hybrid Data CenterImplementing the Hybrid Data Center
Implementing the Hybrid Data CenterCisco Canada
 
New idc architecture
New idc architectureNew idc architecture
New idc architectureMason Mei
 
Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowMyNOG
 
Openstack 101 by Jason Kalai
Openstack 101 by Jason KalaiOpenstack 101 by Jason Kalai
Openstack 101 by Jason KalaiMyNOG
 
Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Novosco
 
Simplifying Cloud Adoption
Simplifying Cloud AdoptionSimplifying Cloud Adoption
Simplifying Cloud AdoptionCisco Canada
 
OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안
OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안
OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안NAIM Networks, Inc.
 
Scalar Technical session - Network Functions Virtualization leveraging Brocade
Scalar Technical session - Network Functions Virtualization leveraging BrocadeScalar Technical session - Network Functions Virtualization leveraging Brocade
Scalar Technical session - Network Functions Virtualization leveraging BrocadeScalar Decisions
 
The Juniper SDN Landscape
The Juniper SDN LandscapeThe Juniper SDN Landscape
The Juniper SDN LandscapeChris Jones
 
Nsx t reference design guide 3-0
Nsx t reference design guide 3-0Nsx t reference design guide 3-0
Nsx t reference design guide 3-0MohamedAzizKandil1
 
Apache Pulsar @Splunk
Apache Pulsar @SplunkApache Pulsar @Splunk
Apache Pulsar @SplunkKarthik Ramasamy
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrailnvirters
 
Enterprise Connectivity
Enterprise ConnectivityEnterprise Connectivity
Enterprise ConnectivityST Engineering iDirect
 

More Related Content

What's hot

A10 Thunder Convergent Firewall (CFW)
A10 Thunder Convergent Firewall (CFW)A10 Thunder Convergent Firewall (CFW)
A10 Thunder Convergent Firewall (CFW)A10 Networks
 
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...Kiran Sirupa
 
A10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Networks
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSA10 Networks
 
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...A10 Networks
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overviewRoshan Dias
 
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesA10 Networks
 
Don't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't ScaleDon't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't ScaleReal-Time Innovations (RTI)
 
Implementing the Hybrid Data Center
Implementing the Hybrid Data CenterImplementing the Hybrid Data Center
Implementing the Hybrid Data CenterCisco Canada
 
New idc architecture
New idc architectureNew idc architecture
New idc architectureMason Mei
 
Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowMyNOG
 
Openstack 101 by Jason Kalai
Openstack 101 by Jason KalaiOpenstack 101 by Jason Kalai
Openstack 101 by Jason KalaiMyNOG
 
Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Novosco
 
Simplifying Cloud Adoption
Simplifying Cloud AdoptionSimplifying Cloud Adoption
Simplifying Cloud AdoptionCisco Canada
 
OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안
OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안
OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안NAIM Networks, Inc.
 
Scalar Technical session - Network Functions Virtualization leveraging Brocade
Scalar Technical session - Network Functions Virtualization leveraging BrocadeScalar Technical session - Network Functions Virtualization leveraging Brocade
Scalar Technical session - Network Functions Virtualization leveraging BrocadeScalar Decisions
 
The Juniper SDN Landscape
The Juniper SDN LandscapeThe Juniper SDN Landscape
The Juniper SDN LandscapeChris Jones
 
Nsx t reference design guide 3-0
Nsx t reference design guide 3-0Nsx t reference design guide 3-0
Nsx t reference design guide 3-0MohamedAzizKandil1
 

What's hot (20)

A10 Thunder Convergent Firewall (CFW)
A10 Thunder Convergent Firewall (CFW)A10 Thunder Convergent Firewall (CFW)
A10 Thunder Convergent Firewall (CFW)
 
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
Case Study: Anuta NCX empowers Telstra Cloud Gateway to deliver Global Interc...
 
A10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430SA10 Thunder 5430S, 6430 and 6430S
A10 Thunder 5430S, 6430 and 6430S
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
 
The Cloudification of the Data Center Network
The Cloudification of the Data Center NetworkThe Cloudification of the Data Center Network
The Cloudification of the Data Center Network
 
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
A10 slide deck: A10 Networks Brings Brawn to Stop Multi-Vector DDoS Disruptio...
 
Citrix adc technical overview
Citrix adc technical overviewCitrix adc technical overview
Citrix adc technical overview
 
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS ModulesACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
ACOS 2.7.1 Release with Integrated WAF, AAM and DDoS Modules
 
Don't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't ScaleDon't Architect a Real-Time System that Can't Scale
Don't Architect a Real-Time System that Can't Scale
 
Implementing the Hybrid Data Center
Implementing the Hybrid Data CenterImplementing the Hybrid Data Center
Implementing the Hybrid Data Center
 
New idc architecture
New idc architectureNew idc architecture
New idc architecture
 
Enabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid ChowEnabling SDN for Service Providers by Khay Kid Chow
Enabling SDN for Service Providers by Khay Kid Chow
 
Openstack 101 by Jason Kalai
Openstack 101 by Jason KalaiOpenstack 101 by Jason Kalai
Openstack 101 by Jason Kalai
 
Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017Software Defined Networking - Huawei, June 2017
Software Defined Networking - Huawei, June 2017
 
Simplifying Cloud Adoption
Simplifying Cloud AdoptionSimplifying Cloud Adoption
Simplifying Cloud Adoption
 
OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안
OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안
OVNC 2015-성공적인 Customer Optimized Datacenter 구축 방안
 
Scalar Technical session - Network Functions Virtualization leveraging Brocade
Scalar Technical session - Network Functions Virtualization leveraging BrocadeScalar Technical session - Network Functions Virtualization leveraging Brocade
Scalar Technical session - Network Functions Virtualization leveraging Brocade
 
The Juniper SDN Landscape
The Juniper SDN LandscapeThe Juniper SDN Landscape
The Juniper SDN Landscape
 
Nsx t reference design guide 3-0
Nsx t reference design guide 3-0Nsx t reference design guide 3-0
Nsx t reference design guide 3-0
 
Apache Pulsar @Splunk
Apache Pulsar @SplunkApache Pulsar @Splunk
Apache Pulsar @Splunk
 

Similar to A10 Networks: Delivering Data Center to Data Center communications securely

Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrailnvirters
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld
 
1cloudstar cloud connect azure
1cloudstar cloud connect azure1cloudstar cloud connect azure
1cloudstar cloud connect azure1CloudStar
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureAbou CONDE
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Switch Cisco Catalyst 9300 Datasheet (2022).pdf
Switch Cisco Catalyst 9300 Datasheet (2022).pdfSwitch Cisco Catalyst 9300 Datasheet (2022).pdf
Switch Cisco Catalyst 9300 Datasheet (2022).pdfSAM Romania
 
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...SWITCHPOINT NV/SA
 
Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...Principled Technologies
 
Enabling the Future of Work with SD-WAN
Enabling the Future of Work with SD-WANEnabling the Future of Work with SD-WAN
Enabling the Future of Work with SD-WANXylos
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
Array Networks Corporate Overview
Array Networks Corporate OverviewArray Networks Corporate Overview
Array Networks Corporate OverviewYancey Gordon
 
Who Moved My Network? Mastering Hybrid WANs with ThousandEyes and Cisco
Who Moved My Network? Mastering Hybrid WANs with ThousandEyes and CiscoWho Moved My Network? Mastering Hybrid WANs with ThousandEyes and Cisco
Who Moved My Network? Mastering Hybrid WANs with ThousandEyes and CiscoThousandEyes
 
Transforming DCI connectivity with the FSP 3000 S-Flex
Transforming DCI connectivity with the FSP 3000 S-FlexTransforming DCI connectivity with the FSP 3000 S-Flex
Transforming DCI connectivity with the FSP 3000 S-FlexAdtran
 
Inteligentní řízení WAN konektivity
Inteligentní řízení WAN konektivityInteligentní řízení WAN konektivity
Inteligentní řízení WAN konektivityMarketingArrowECS_CZ
 

Similar to A10 Networks: Delivering Data Center to Data Center communications securely (20)

Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
 
Enterprise Connectivity
Enterprise ConnectivityEnterprise Connectivity
Enterprise Connectivity
 
VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX VMworld 2013: Virtualized Network Services Model with VMware NSX
VMworld 2013: Virtualized Network Services Model with VMware NSX
 
1cloudstar cloud connect azure
1cloudstar cloud connect azure1cloudstar cloud connect azure
1cloudstar cloud connect azure
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azure
 
NAS-at-glance-A4
NAS-at-glance-A4NAS-at-glance-A4
NAS-at-glance-A4
 
brocade-virtual-adx-ds
brocade-virtual-adx-dsbrocade-virtual-adx-ds
brocade-virtual-adx-ds
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Switch Cisco Catalyst 9300 Datasheet (2022).pdf
Switch Cisco Catalyst 9300 Datasheet (2022).pdfSwitch Cisco Catalyst 9300 Datasheet (2022).pdf
Switch Cisco Catalyst 9300 Datasheet (2022).pdf
 
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
Silver Peak presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
 
Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...Achieve high throughput: A case study using a Pensando Distributed Services C...
Achieve high throughput: A case study using a Pensando Distributed Services C...
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
Enabling the Future of Work with SD-WAN
Enabling the Future of Work with SD-WANEnabling the Future of Work with SD-WAN
Enabling the Future of Work with SD-WAN
 
ENSA_Module_8.pptx
ENSA_Module_8.pptxENSA_Module_8.pptx
ENSA_Module_8.pptx
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
Array Networks Corporate Overview
Array Networks Corporate OverviewArray Networks Corporate Overview
Array Networks Corporate Overview
 
Evolution of internet by Ali Kashif
Evolution of internet by Ali KashifEvolution of internet by Ali Kashif
Evolution of internet by Ali Kashif
 
Who Moved My Network? Mastering Hybrid WANs with ThousandEyes and Cisco
Who Moved My Network? Mastering Hybrid WANs with ThousandEyes and CiscoWho Moved My Network? Mastering Hybrid WANs with ThousandEyes and Cisco
Who Moved My Network? Mastering Hybrid WANs with ThousandEyes and Cisco
 
Transforming DCI connectivity with the FSP 3000 S-Flex
Transforming DCI connectivity with the FSP 3000 S-FlexTransforming DCI connectivity with the FSP 3000 S-Flex
Transforming DCI connectivity with the FSP 3000 S-Flex
 
Inteligentní řízení WAN konektivity
Inteligentní řízení WAN konektivityInteligentní řízení WAN konektivity
Inteligentní řízení WAN konektivity
 

Recently uploaded

Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

A10 Networks: Delivering Data Center to Data Center communications securely

  • 1. SOLUTION BRIEF 1 Data Privacy Challenges Organizations of all sizes rely on IPsec VPNs to prevent snooping and data theft and to address compliance. IPsec provides a cost-effective and secure way to transfer data over IP networks. While IPsec is a mature and well understood technology, new networking paradigms like cloud computing, as well as escalating bandwidth requirements, are compelling large enterprises and service providers to rethink their VPN strategies. As a result, organizations need to develop VPN architectures that can: • Support unprecedented IPsec throughput levels • Leverage BGP routing for high availability and rapid scaling • Spin up new IPsec tunnels and gateways on-demand in cloud environments • Minimize power consumption and rack space requirements for data center efficiency Organizations need a solution they can trust to deliver reliable IPsec connectivity, and one that can interoperate with their existing routers and IPsec VPN gateways. High-Speed IPsec Encryption with A10 A10 Networks® Thunder® ADC line of Application Delivery Controllers includes IPsec encryption capabilities that enable enterprises and service providers to build out large-scale VPN deployments. By supporting up to 20,000 VPN tunnels per Thunder ADC platform and a broad array of encryption algorithms and data integrity methods, organizations can deploy Thunder ADC alongside their existing VPN equipment or build out new VPN networks with Thunder ADC appliances. Thunder ADC supports a comprehensive set of features in addition to IPsec VPN, including advanced server load balancing, Network Address Translation (NAT), IPv4 and IPv6 routing, and access control lists. By delivering a wide range of networking features, organizations can support complex network designs and granularly control access to remote resources without needing to deploy and manage numerous appliances. All of these features, in addition to IPsec, are provided standard with Thunder ADC as part of A10’s all-inclusive licensing. High Availability and Rapid Scaling For many organizations, VPNs serve business critical functions such as data migration, disaster recovery, remote user access, and connecting data centers to cloud networks. Regardless of the use case, organizations depend on VPNs to run their business and these VPNs must always be available. THUNDER ADC IPSEC VPN Encrypt Traffic on a Massive Scale and in the Cloud Challenge: To protect communications, organizations need to encrypt data at high speed and scale out VPN tunnel capacity on-demand. Solution: A10 Networks empowers organizations to reduce their data center footprint and ensure data privacy with integrated, high-performance IPsec VPN and load balancing. Benefits: • Consolidate IPsec VPN, server load balancing and stateful firewall functionality • Encrypt data at unparalleled speeds • Reduce rack space and power requirements • Scale capacity by launching new VPN gateways on-demand
  • 2. 2 Thunder ADC supports an array of clustering, high availability and dynamic routing features that maximize uptime, not just for IPsec VPN routes but also to ensure connectivity to servers and applications. High availability and scaling features include: • Route monitoring and failover – Using A10’s enhanced Virtual Router Redundancy Protocol implementation, VRRP-a, Thunder ADC can monitor route and VPN gateway failures and rapidly failover traffic to a passive Thunder ADC appliance. Supporting up to eight appliances in a cluster, VRRP-a can detect unresponsive services, servers and applications and identify infrastructure failures. With A10 Virtual Chassis System (aVCS®), multiple A10 devices can function as a single virtual chassis, with a single point of control and centralized statistics. • Intelligent routing to increase VPN capacity – Thunder ADC supports Border Gateway Protocol (BGP) routing, which not only allows BGP routers to communicate across IPsec VPN tunnels but also enables organizations to boost IPsec capacity simply by deploying more Thunder ADC appliances. Using BGP, Thunder ADC deployments can scale to support terabit bandwidth requirements without complicated network designs or forklift hardware upgrades, and they can deploy more Thunder ADC appliances to increase IPsec throughput. VRRP-a integrates with BGP to inject routes and ensure smooth route failovers. Thunder ADC also supports Bidirectional Forwarding Detection (BFD) for fast path failure detection and route convergence. • Bandwidth aggregation by load balancing traffic over multiple paths – Thunder ADC leverages Equal-Cost Multipath (ECMP) routing to increase total IPsec VPN bandwidth. ECMP, combined with BGP, allows routers to support multiple network routes simultaneously, allowing Thunder ADC to load balance traffic across multiple paths to boost overall VPN capacity. Cloud and On-demand Provisioning Organizations are moving their infrastructure to the cloud to optimize computing efficiency and lower capital and operating expenses. As they migrate to the cloud, they need their VPN infrastructure to migrate with them. However, cloud architectures introduce new requirements that do not exist in physical data center networks. To realize the benefits of cloud computing, cloud architectures must support automation, agility and on-demand scaling. And, organizations must ensure that their VPN services support this new cloud networking paradigm. VPN services should integrate seamlessly with application networking services, SDN technologies and other data center infrastructure. Organizations should be able to provision VPN instances with the same cloud orchestration systems they use to manage their cloud applications. Thunder ADC empowers organizations to implement high-capacity VPN services in the cloud. Supporting an array of form factors, including high-performance virtual appliances, physical appliances and hybrid virtual appliances, A10 provides organizations the flexibility to build a VPN architecture that meets the unique requirements of cloud networks. Thunder ADC integrates with software defined network (SDN) fabrics using Virtual Extensible LAN (VXLAN) and Network Virtualization using Generic Routing Encapsulation (NVGRE) to support automated network configuration and service chaining support. Integration with cloud orchestration platforms such as Microsoft System Center Virtual Machine Manager (SCVMM) and OpenStack, enables centralized provisioning of VPN services. Pay-as-you-go licensing with utility and rental billing models allows organizations to align VPN licensing with the licensing models of other cloud-based services. aCloud Services Architecture enables cloud data center operators to deliver advanced application delivery and IPsec VPN services while improving agility. The high availability, scalability and security features supported in physical networks, such as dynamic routing and redundancy, are also supported in cloud environments. This means that organizations can leverage BGP routing and VRRP-a to scale out their VPN networks and to maximize uptime. Internet BGP Cloud Thunder ADC 1 Thunder ADC 2 • IPsec VPN • Access Control Lists • BGP • BFD Data Center Multi-Site VPN Thunder ADC n Thunder ADC VPN Site 2 Thunder ADC VPN Site 1 Thunder ADC VPN Site 3 Encrypted VPN Tunnel • IPsec VPN • Access Control Lists • BGP • BFD Figure 1: Thunder ADC can connect to multiple VPN sites over a BGP cloud.
  • 3. 3 High-Performance Architecture Thunder ADC leverages unique software and hardware design advantages to deliver exceptional IPsec performance. The A10 Networks Advanced Core Operating System (ACOS®) powers Thunder ADC appliances. Built from the ground up to maximize the performance of multicore CPU architectures, ACOS can linearly scale compute processing as more CPU cores are added, providing unparalleled performance in a compact form factor. ACOS uses scalable symmetric multiprocessing (SSMP) to leverage supercomputing techniques for parallel processing and to maximize the performance of multicore architectures. Due to its highly scalable 64-bit operating system optimized for multicore architectures, Thunder ADC hardware and A10 Networks vThunder® ADC line of virtual appliances deliver unmatched IPsec VPN performance. Select Thunder ADC hardware models include dedicated security processors that accelerate IPsec encryption speed. Supporting up to four quad-chip security processors on a rack-mountable appliance, Thunder ADC provides fast IPsec encryption without forcing organizations to deploy cumbersome and inefficient chassis-based systems. • IPsec VPN • BGP • ECMP • IPsec VPN • BGP • ECMP Internet Thunder ADC Thunder ADC Router Users Users Firewall Thunder ADC Thunder ADC Thunder ADC Thunder ADC RouterFirewall Figure 2: Users can forward traffic destined for the remote VPN site through the Thunder ADC appliance and send all other traffic directly to the Internet. IPsec VPN Specifications Keying Methods • IKEv1, IKEv2 Authentication Methods • RSA Signature, Pre-shared Key, PKI Key Exchange Diffie-Hellman Groups • 1, 2, 5, 14, 15, 16, 18 Encryption Algorithms • DES, 3DES, AES-128, AES-192, AES-256 Data Integrity • DES, 3DES, AES-128, AES-192, AES-256 Maximum Number of IPsec Tunnels Supported • 20,000i RFCs Supported • RFC 6071, 2407, 2408, 2409, 3526, 3706, 3947, 7296, 4307, IANA- IKEv2, 4301, 4303, 4308, 3602, 3986, 4304, 4868 (partial), 2560, 5280, draft-nourse-scep IPsec VPN Features • NAT traversal • Dead peer detection • Perfect Forward Secrecy (PFS) supportii • Life bytes and time rekey • Extended Sequence Number (ESN) • L3V partition aware • Route-based VPN • OSPF, BGP and Bidirectional Forwarding Detection (BFD) over IPsec tunnel • ECMP support • Integration with server load balancing and Network Address Translation (NAT • UDP encapsulation • TCP maximum segment size (MSS) clamping • Public key infrastructure (PKI) support with Simple Certificate Enrollment Protocol (SCEP), Online Certificate Status Protocol (OCSP) and certificate revocation list (CRL) distribution points • Prioritized Internet Key Exchange (IKE) packets for hardware- accelerated Flexible Traffic Accelerator (FTA) appliance models • Software and hardware-based encryption, with dedicated security processors in select hardware models Cloud Integration • Integration with cloud orchestration systems such as Microsoft SCVMM, OpenStack and VMware vCloud Director • vThunder virtual appliance support • On-demand provisioning of data-driven and command-driven tunnels High Availability • Virtual Router Redundancy Protocol (VRRP-a) • Security Association (SA) sync and session sync • Active – Active topology support • Sub-second failover with BFD and route health check i Actual maximum number of supported VPN tunnels may vary by appliance model. ii Available in ACOS 4.0.1
  • 4. 4 Corporate Headquarters A10 Networks, Inc 3 West Plumeria Ave. San Jose, CA 95134 USA Tel: +1 408 325-8668 Fax: +1 408 325-8666 www.a10networks.com Part Number: A10-SB-19132-EN-01 Jan 2015 Worldwide Offices North America sales@a10networks.com Europe emea_sales@a10networks.com South America latam_sales@a10networks.com Japan jinfo@a10networks.com China china_sales@a10networks.com Taiwan taiwan@a10networks.com Korea korea@a10networks.com Hong Kong HongKong@a10networks.com South Asia SouthAsia@a10networks.com Australia/New Zealand anz_sales@a10networks.com To learn more about the A10 Thunder Application Service Gateways and how it can enhance your business, contact A10 Networks at: www.a10networks.com/contact or call to talk to an A10 sales representative. ©2015 A10 Networks, Inc. All rights reserved. The A10 logo, A10 Lightning, A10 Networks, A10 Thunder, aCloud, ACOS, ACOS Policy Engine, ACOS Synergy, Affinity, aFleX, aFlow, aGalaxy, aVCS, AX, aXAPI, IDaccess, IDsentrie, IP-to-ID, SoftAX, SSL Insight, Thunder, Thunder TPS, UASG, VirtualN, and vThunder are trademarks or registered trademarks of A10 Networks, Inc. All other trademarks are property of their respective owners. A10 Networks assumes no responsibility for any inaccuracies in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Because of Thunder ADC’s high-performance and data center optimized design, organizations can reduce the number of appliances they need to provision, lowering capital and operating expenses as well as reducing data center rack space and power costs. Summary Organizations need a solution they can trust to deliver reliable IPsec connectivity, and they also need one that can interoperate with their existing routers and IPsec VPN gateways. Thunder ADC’s IPsec VPN capability enables organizations to encrypt traffic at high speed and support BGP routing and on-demand VPN provisioning. Using Thunder ADC’s IPsec VPN technology, organizations can: • Meet growing IPsec throughput requirements by leveraging A10’s 64-bit ACOS platform and specialized security processors • Consolidate IPsec VPN, server load balancing and stateful firewall functionality on a single device • Lower hardware, operating and maintenance costs with Thunder ADC’s data center efficient design • Support public, private and hybrid cloud provisioning and BGP networking requirements About A10 Networks A10 Networks is a leader in application networking, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, California, and serves customers globally with offices worldwide. For more information, visit: www.a10networks.com