A10 PRESENTATION 1

1. 1
Customer Driven Innovation
1
Do not distribute/edit/copy without the
written consent of A10 Networks
A10 Networks
March 2014

2. 2
Customer Driven Innovation
2
Do not distribute/edit/copy without the
written consent of A10 Networks
Who are we ?
In 60 seconds more or less…

3. 3
A10 Company Overview
Founded in Late 2004
CEO & Founder
Lee Chen
Co-founder of Foundry
Networks, Centillion Networks
Leader in Application Networking
Optimizing the performance and security of
data center applications and networks for web
giants, enterprises and service providers
Consistent Revenue Growth
Headquarters in San Jose
Offices in 23 countries;
3,000 customers worldwide
2008 2009 2010 2011 2012
THUNDER SERIES
ACOS

4. 4
A10 IPO !

5. 5
ACOS: Platform for Application Service Gateways
Advanced Core Operation System
64bit OS on SW HW Shared Memory HW ASICs Cards
CGN
ADC TPS
Product
Lines
ACOS
Platform
IT Delivery
Model

6. 6
Thunder Awards
Best of Microsoft TechEd 2013
Best Hardware
Attendees’ Pick out of all 250 Vendors
“A10 Thunder platform’s compact size, streamlined performance, and green efficiency are
unprecedented.”
Jason Bovberg, Editor-in-Chief, Windows IT Pro

7. 7
Thunder Awards
Best of Interop Japan 2013
Performance Optimization
DDoS Mitigation
“… high performance in a space-saving form factor… multi-function
solutions beyond load balancing.”
Izumi Miki, Executive Director, IT media Inc. and Interop Tokyo 2013 judge

8. 8

9. 9
High Touch Support
 Following The Sun 24X7
 Engineer first contact
 Fast resolution time
“Responsiveness to customer needs was
above and beyond what they typically
expected.
Made updates and patching simple,
which makes the products easy to
maintain and manage.”
Differentiation through focus and investment
“A10’s Tech Support delivers the best customer service
from a networking company that I’ve ever had in my
life.”

10. 10
The Choice of Leading Companies
Web Giants
Enterprises
Service Providers
3 of top 4 US
wireless carriers
3 of top 4 service providers in
Japan
7 of Top 10 US cable
providers

11. 11
Recent ADC Strategic Competitive Wins Q3-2013
Territory Customer Product Value Competition Unique Value Prop Channel Partner
NA T-Mobile TH6430,
various AX
$9.2M F5 SLB / Flash Video
Features, Support,
Performance
N/A
NA Microsoft/Azure AX5630 $9.0M Arbor, Radware, F5 SLB, Performance, features Adaptive
NA Morgan Stanley AX3400 $675K F5, Radware Opex, Technical relationship Dimension Data
NA Rogers AX3200-12 $1.2M F5, Radware Cloud TV / L3V Herjavec
NA LinkedIn AX5630 $274K F5 Performance, price Intervision
NA ViaSat AX3200-12, AX3030 $0.9M Cisco / JNPR
F5
CGN & ADC – Features
SLB Cisco-like
SigmaNet
NA Comcast AX3530 $1.6M F5 Feature, P/P,
BRCD Replace
NA
Japan Docomo AX5200-11-SSLE
AX5630-DC
AX3400
$2.8M F5 Mobilemail(SSL)
ADP For Cloud
consolidation
NEC
Japan KDDI AX5200-11 AX3400 $1.3M F5 CGN/ DNS CTC
SEA True Internet TH6430 $1M F5, Juniper Solution approach,
Performance, Reference
Above & Beyond
EMEA KSA-Mobily TH6430 $915K F5 less than 1 year old CGNAT Beta-IT
EMEA Vimplecom AX 3530, AX3030 $309K Huawei, CSCO CGNAT Ericsson

12. 12
Israeli Customers

13. 20
The Solution: A10 ACOS Platform

14. 21
A10 Unified Application Service Gateway Value
All features are included
without any additional fee.
SLB, ADC, WAF, GSLB, SSO,
DAF, DDoS, Virtualization
and much more…
Easy to configure and
maintain with unified
Services templates for
Applications (Microsoft,
IBM, Oracle, SAP..)
Built on Best-in-class Advanced
Core Operating System (ACOS)
with 64bit OS and HW ASICs for
more performance and also our
Shared Memory Architecture
Best Performance! Management!
No Licenses!

15. 22
ACOS Platform: High Performance Application Networking
Shared Memory Architecture
1 2 3 N
Flexible Traffic Accelerator (FPGA)
Switching and Routing
Efficient &
Accurate Memory
Architecture
64-Bit Multi-Core
Optimized
Optimized
Flow Distribution
Application
Acceleration
Application
Security
Application
Availability

16. 23
Benefits of ACOS Shared Memory
ACOS Shared Memory
Conventional IPC Architecture
L4-7
CPU 1
L4-7
CPU 2
L4-7
CPU 3
L4-7
CPU 4
L4-7
CPU 5
High-speed
Shared Memory
L4-7
CPU 1
L4-7
CPU 2
L4-7
CPU 3
L4-7
CPU 4
L4-7
CPU 5
Communication Bus

17. 24
Thunder Platform Options
vThunder 200 Mbps to 8 Gbps
Supports:
VMware, Hyper-V,
Citrix Xen, Open Source
Xen, KVM and Amazon
Web Services (AWS)
• Choice of hardware or software appliances
• Billing options for pay-as-you go/grow
aCloud
Thunder 6430/6430S
150 Gbps
5M L4 CPS
256M CEC
16x10Gb & 4x40Gb
Thunder 5430S
77 Gbps
2.5M L4 CPS
128M CEC
16x10Gb & 4x40Gb
Carrier, Service Provider,
Large Enterprise, Web Giant
Thunder 930
5 Gbps
200K L4 CPS
16M CEC
8x1Gb & 2x10Gb
Thunder 1030S
10 Gbps
450K L4 CPS
32M CEC
8x1Gb & 2x10Gb
Thunder 3030S
30 Gbps
750K L4 CPS
64M CEC
8x1Gb & 4x10Gb
SMB and Enterprise

18. 25
A10networks UASG
Unified Application Service Gateway

19. 26
Enterprise Data Center
 Application availability
 SLB, GSLB, high-availability (HA),
Health-checks, more…
 Application Templates (SAP, MS…)
 Application acceleration
 For equipment consolidation and faster
user experience
 Caching, compression, network
optimization, more…
 Application security services
 For brand and asset protection while
enhancing your existing security
 DNS-FW, WAF, AAM, SI and more…
A10 ADC
Web App DNS Other App
Security:
DDoS Mitigation
WAF
DAF
AAM
Acceleration:
SSL Offload
TCP Reuse
RAM Caching
Compression
Availability:
GSLB
High-availability
Health-checks
Backup Data Center

20. 27
Application Availability

21. 28
Application Availability
 SLB & Highly available for applications and data centers
High performance SLB &
ADP - Scaling capacity for
peak loads
High availability:
For uninterrupted
operation
Health-checks:
Complete
application fault
detection
Global server load
balancing (GSLB):
Intelligence for
global operations

22. 29
SLB & Application Delivery Partitions
ADP-1 ADP-2 ADP-3
Virtual
Interfaces
Private
space:
Layers
3-7
Shared
space:
Layers
1-2
Virtual
Interfaces
Virtual
Interfaces
Server _s1
• Port 80
• 10.0.0.10
Server _s1
• Port 80
• 20.0.0.10
Server _s1
• Port 80
• 30.0.0.10
VIPX VIPY VIPZ
VLANs, Ethernet (physical) interfaces
 Application Delivery Partitions
Up to 1024 Partitions in one
box.
 Benefits:
 Isolate Layer 3 - 7
 Allow customized resource
allocation through system-
resource-usage templates

23. 30
Private and Public Objects with L3V Partitions
 Public objects
 Ethernet interfaces
 Untagged Ethernet interface can be
used only from a single partition
 Tagged Ethernet interfaces can be
used from many partitions
 VLANs
 Once a VLAN is owned by one
partition, it will not be visible in
others, and it cannot be reused
 Private objects
 Resources – Throughput, CPS, SSL, CEC..
 Virtual Ethernet (VE) interfaces
 IP addresses
 ARP entries
 Routing tables
 ACLs
 Real servers
 Virtual servers
 Service groups
 Health monitors
 Certificates and keys
 aFleX policies

24. 31
High Availability: For Uninterrupted Operation
 Eliminates the ADC as a point
of failure
 Benefits:
 Sub-second failover
 Active-standby, active-active
or N+1 options
 Stateful failover to preserve
sessions
Standby
Active
VIPs
Floating VIP
SNAT VIP
VIPs
Floating VIP
SNAT VIP
Interlink
“HA port”

25. 32
Health-checks: Complete Application Fault Detection
 Ensures servers are able to handle
users as intended
 Benefits:
 Users always receive the optimal
experience
 Ensures all components needed are
functioning
 Network, application (HTTP, DNS,
more…) or database health-checks
A10 ADC
Unreachable Component down
e.g. database
Traffic directed to
active server

26. 33
GSLB: Intelligence for Global Operations
 Provides multi-data center resiliency
 Benefits:
 Enables disaster recovery on failure or
active-active data centers
 Optimizes users to the best performing
data center (e.g. response time, geo-
location, more…)
 Ensures user’s Web experience is the
fastest
A10 ADC
Data Center
Geo Site

27. 34
Application Acceleration

28. 35
Application Acceleration
 Application acceleration for a faster user experience and
optimized utilization
TCP Optimization:
Improve application
performance
RAM Caching:
Faster page loads
equal more revenue
SSL Acceleration:
Secure applications
Compression:
Optimize any
bandwidth level

29. 36
TCP Optimization: Improve Application Performance
 Reduces TCP connection
management overhead
 TCP reuse (multiplexing) to offload server
connection setup and tear down
 Benefits:
 Increases overall server capacity
 Reduction in connections
 Improved response times less required
servers
 Details:
 Server TCP stack offload
 Persistent connection to servers
A10 ADC
Data Center
Many TCP
Connections
Reduced TCP
Connections

30. 37
SSL Acceleration: Secure Applications
 Offloads compute intensive SSL traffic
 Hardware security processor assist
 Benefits:
 Eliminates high SSL CPU overhead from servers
 Servers support many more transactions per
second
 Simpler certificate management
 Details:
 4096-, 2048-, and 1024-bit keys
 2x key size = 3x to 7x drop in legacy SLBs capacity
A10 ADC
Data Center
Secured
HTTPS
Unsecured
HTTP

31. 38
RAM Caching: Faster Page Loads Equal More Revenue
 RAM Cached objects served from the
Thunder ADC
 Eliminates repetitive fetches for frequently
requested objects
 Benefits:
 Faster response to the end user
 Reduce connections and server requests
 Reduce servers due to offloaded traffic
 Details:
 Static or dynamic support
 Extensive object type support
A10 ADC
Data Center
Repeated Requests
Served From Cache

32. 39
Compression: Optimize Any Bandwidth Level
 Reduces transmission size for HTTP
 Smaller payload to transfer to the end
user
 Benefits:
 Optimize traffic for international, mobile,
legacy devices etc.
 Faster delivery to end-user
 Offloads Web server CPU cycles
 Details:
 Gzip & deflate encoding support
 Hardware or software options
A10 ADC
Data Center
Compressed
Traffic
Uncompressed
Traffic

33. 40
Application Security

34. 41
Application Security
 Enhance existing security infrastructure, and protect against the latest
threats
Web application firewall
(WAF):
Eliminate common Web
attacks
SSL intercept:
Eliminate the
outbound SSL
blind spot
Application access
management (AAM):
Add authentication
seamlessly
DNS application
firewall (DAF):
Protect critical
infrastructure
DDoS protection:
Multi-vector edge
protection

35. 42
WAF: Eliminate Common Web Attacks
 Benefit:
 Protect web applications
 Ensure against code vulnerabilities and
assist PCI-DSS/HIPAA compliancy
 Prevent damage to intellectual
property, data and applications
 Advantage:
 Fully integrated/designed for ACOS
 No license; single device solution
 Scalable and high performance

36. 43
WAF Key Features - Applicable OWASP Top 10
 Injection
 SQL injection attack (SQLIA)
 Allowed HTTP methods checks for allowed
keywords GET, POST etc.
 Form Consistency Check
 Cross-Site Scripting (XSS) check
 HTML XSS check
 Insecure Direct Object References
 Whitelisting URI
 URI Black List/White List check
 Sensitive Data Exposure
 Credit Card Number scrubbing
 Social Security Number scrubbing
 Missing Function Level Access Control
 aFleX
 Cross-Site Request Forgery (CSRF) check
 Referer Check
 CSRF Check
 Using Components with Known Vulnerabilities
 URI Blacklist
 Unvalidated redirects and forwards
 Whitelisting URI

37. 44
AAM: Add Authentication Seamlessly
 Benefit:
 User authentication required for
resource access
 Enhanced protection and server
efficiency
 Authentication offload
 Advantage:
 Supports popular authentication
services/stores
 No adjustment to web servers or
infrastructure
 Seamless integration
Access Request
Authentication
Challenge
Authentication
Request
Authentication
Success
Access
Granted
AAM

38. 45
AAM Features
 Authentication Methods
 Basic HTTP
 Form Based
 Web page generated from Thunder ADC (not
Web servers)
 Certificate authentication with OCSP
responder support
 Authentication Server Support
 LDAP
 Including password change
 RADIUS
 OCSP
 Authentication Relay
 Basic HTTP
 Kerberos Authentication
 Single Sign-On
 Kerberos Constrained Delegation (KCD)
 Kerberos Protocol Transition (KPT)
 Health Monitoring & SLB
 LDAP
 RADIUS
 Kerberos

39. 46
DAF: Protect Critical Infrastructure
 Benefit:
 Uninterrupted DNS services
 Protects vulnerable infrastructure
 Ensures infrastructure cannot be a
weapon against a 3rd party
 Advantage:
 Blocks non-DNS traffic (up to 70%)
 Surge protection
 Full DNS command set (aFleX and
built-in)
 Redirection for “honey pots”
Malicious and
Invalid Non-DNS
Traffic on Port 53
“Zombies”
Infected Clients
Generating Requests
Regular Clients
Perform as
Expected
Optional Malicious
and Invalid Traffic
Redirection
DNS Infrastructure
Denied
Surge Protection
Allowed
Result = Reduced and Optimized
CPU Usage

40. 47
DDoS Protection: Multi-vector Edge Protection
 Benefits:
 Large-scale DDoS protection
 Advanced protection features
 Predictable operations
 Advantage:
 Full DDoS defense covers network and
application attacks
 Hardware DDoS protection for common
attacks
 SYN flood protection to 200M per second
SYN Flood
Rate Limiting
Connection Limiting
Slow L7 Attacks
Geographic Control
Infrastructure Protection
DDoS
DDoS
More…
L7 aFleX Control

41. 48
DDoS Protection Features
 Network layer protection/protocol features
 SYN Flood protection
 Packet Anomaly Detection
 Invalid Packets
 Frag Attack
 Ping of Death
 IP Options drop
 Teardrop attack protection
 Sockstress attack protection
 TCP Flag Anomaly
 ACK Flood Prevention
 Protocol Based Rate Limiting
 SYN flood protection
 SYN Cookies
 Hardware based (select platforms)
 Dynamic SYN Cookies
 Traffic limiting
 ICMP Rate Limiting
 Smurf Attack Protection
 Fraggle Attack Protection
 Source Rate Limiting - Packets, Connection
Rate, Total Connections
 Destination Rate Limiting – Packets,
Connection Rate, Total Connections
 Port Based Filtering per Destination

42. 49
DDoS Protection Features
 DNS/HTTP
 DNS malformed packet-drop
 DNS amplification attacks
 DNS Any filtering
 DNS Any rate limiting
 aFleX DDoS protection
 Slowloris mitigation
 Request rate limiting
 Geographic filtering
 Location based policies, including country
based policies
 PBSLB
 Whitelist
 Blacklist
 Invalid HTTP or SSL payload
 Zero-length TCP window
 Out-of-sequence packet
 Combined defense
 ACL, AAM and WAF
 Other
 Syslog monitoring
 Scale out support with aVCS or SDN
 Global DDoS parameters

43. 50
Thunder Management

44. 51
Comprehensive Management Options
 Comprehensive management options for operational simplicity and
reduced management cost
 CLI and GUI: Ease of Use and Management
 aFleX: Comprehensive DPI and traffic management
 aXAPI scripting: Customizable management options for integration
 aGalaxy: Centralized and automated operations for lower TCO
 3rd party integrations: SDN and Cloud orchestration integration
 Other management options:
 Application delivery partitions and layer 3 virtualization (ADP/L3V)
 Virtual chassis system (aVCS)

45. 52
GUI and CLI: Ease of Use and Management
 GUI (Graphical User Interface)
 Fewer screens and steps for
tasks
 Intuitive and easy to use
 CLI (Command Line Interface)
 Industry standard CLI, familiar
interface
 Easy to use, comprehensive
help

46. 53
aVCS Configuration
Thunder-1 (vBlade)
VCS Priority 150
Thunder-2 (vBlade)
VCS Priority 150
Thunder-4 (vBlade)
VCS Priority 150
Thunder-3 (vMaster)
VCS Priority 200
Virtual Chassis System
Management station connects to the
aVCS floating IP address (vMaster)
 Configuration changes
 Made on the vMaster and dynamically
pushed to all of the vBlades
 Software images
 The vMaster checks a new vBlade and
upgrades the image if required
 The vMaster also checks to make sure that
the vBlade has the current configuration
 vMaster/vBlade(s)
 The vMaster sends heartbeat messages to
the vBlades on the same broadcast domain
to verify that it is active. During the
vMaster election, a vBlade is elected as a
standby that will become a vMaster if the
current vMaster becomes offline

47. 54
aFleX: Comprehensive DPI and traffic management
 Deep packet inspection and
scripting technology
 Benefits
 Adjust traffic and L7 data as
needed
 Fix or optimize applications
 Complete traffic control
Example: Automatically displays a Web page
based on the user’s language, using the language
set in the user’s browser.
English
Spanish
Japanese
Chinese

48. 55
Sample aFleX Scripts

49. 56
aXAPI: Customizable Management Options for Integration
 Integrate into 3rd Party Applications
 Reporting
 Centralized configuration management
 Provisioning
 Custom Management Solutions
 Integrated into homegrown apps versus
using the A10 CLI or GUI
 Interactive Infrastructure
 Applications can issue triggers to change
traffic management behavior based on
external events
Authentication request,
containing Thunder
admin username and
password.
If authentication is
successful, Thunder
replies with a session ID
and status 200 - ok
Configuration or
monitoring request,
containing the session ID
Next configuration or
monitoring request,
containing the session ID
Third-party application
sends session close
request or allows session
to time out.
If session ID is Valid, and
session has not timed out
or been closed, Thunder
performs the requested
action and replies with
status 200 - OK
Thunder performs
requested action, if
session ID is valid and
session has not timed out
or been closed
Third-party Application aXAPI

50. 57
aGalaxy: Centralized and Automated Operations for Lower TCO
 A central network management
system for all A10 devices
 Benefits:
 Automate repetitive tasks and
eliminate human error
 Centralized control of events and
configuration
 Faster operation for reduced OPEX

51. 91
Customer Driven Innovation
91
Do not distribute/edit/copy without the
written consent of A10 Networks
Summary

52. 92
Thunder: The Next Generation ADC
Unified Application
Service Gateway (UASG)
Best Performance
No Licensing
Management
efficiency
Application Service Convergence
CGN
ADC TPS

53. 93
93
Do not distribute/edit/copy without the written consent of A10 Networks
Thank You
www.a10networks.com
Any App Any Cloud Any Size