A10 Networks Thunder ADC Review

A reliable product that is very easy to configure and administrate while being cost-effective


What is our primary use case?

  • Load balance web traffic
  • Load balance application traffic
  • DDoS protection
  • Carrier Grade Network (CGN)

We have the ADC product, as well as the CGN.

We are using both the public and private deployment model. We are using AWS as our cloud provider.

How has it helped my organization?

It helps us operational when had our DDoS attack. We got a call at two o'clock in the morning one day from one of our service providers that there was a DDoS attack happening against one of our IPs. We looked at the way our network was configured, then we looked into the best way to mitigate it. We knew that our A10 had the capability, but we didn't have it enabled at the time. We called support and were able to get it enabled. Immediately, we stopped that DDoS attack. From an operational perspective, we had a down situation that we were able to quickly resolve and bringing it.

It also helps out a lot, from an operational perspective, when we are load balancing our servers, whether application or web. It is real easy to do a maintenance window. I can go into any of my service groups, then take the servers out of the service group and do maintenance on half of the servers while the other half are still online. I can get all those updated, back up to date, and put all of them back, then take the other half out and update them. So, it allows us to do seamless updates to our servers and application infrastructure.

What is most valuable?

We send all of our production web traffic through our A10. We have a major website, which is our school's website. On the website, there are many different applications and sites, so being able to balance that between our on-premise resources as well as our public cloud with AWS is a huge feature.

The solution's security features are excellent. It actively helped us mitigate a DDoS attack in October of 2018. You can do SSL offloading. You can use the A10 to terminate your SSL connectivity, meaning that you can install all your public certificates on the A10 box itself. It just has a wealth of security features.

Being a public entity and having a public website, which is highly visible with a lot of traffic, we are a target for DDoS. Within the last year, we have had a couple of DDoS attacks which could have affected our web traffic and taken down certain parts of our website. This did not happen because the A10 was able to mitigate the attacks using rate limiting that can be configured for DDoS mitigation on the box.

The single pane of glass traffic management is a nice feature. It allows us to be able to delegate access to different groups of people. This means that I can provide a front line support (a help desk) a certain level of access to be able to look at things, a second level support a little more access, and then engineers can have full access. It is very useful to have a simple dashboard where you can login and look into what your traffic patterns are, then look and see what times of day you're experiencing the heaviest traffic. You can quickly identify if you are possibly having a security issue or security breach. It makes it very easy to use the box.

Troubleshooting traffic flows is fairly easy on the box, as you can do packet captures or tcpdumps directly on the A10 itself. So, you can do a trace and see what the A10 is doing with certain traffic. E.g., if I have a client somewhere out in the world who is coming into my A10 box and reporting some weird behavior, or saying, "Hey, I can't get to this application on your website," or "I'm getting blocked for this reason. I can't look at the A10 and figure it out." I could then go into the traffic flows, run a tcpdump, and do a traffic capture. At this point, I can immediately identify where the traffic is coming from and why it is not getting through the box.

I have a very technical background and was a network engineer for many years before I became a manager. For me, it is a very easy to use product. The web GUI makes it very easy to configure. The CLI is not very difficult to use, along with the syntax. The command line is very easy to learn.

What needs improvement?

They need to make the user interface (GUI) a bit more usable and intuitive. Some features can be a little difficult to find at times. Sometimes, the workflow in the GUI doesn't match the workflow of an actual workflow. E.g., if I want to create a load balancer application, sometimes you've got to do things a bit out of order in the GUI in order to make it work right.

For how long have I used the solution?

I have been using the product for at least 10 years.

What do I think about the stability of the solution?

It has helped us deliver five nines of uptime. It is a very reliable box. It has never failed on us.

For deployment and maintenance, we have a primary and backup who are network engineers.

What do I think about the scalability of the solution?

I know that they are scalable, but we personally have never outgrown the boxes that we have. We've never really had to scale.

We definitely plan to increase usage. Today, A10 is used on a production website that gets hundreds of thousands of visits a week. I would expect an increase in the number of visits to the website, which is on the load balancing side. For the Carrier Grade Network, we are currently using it to net roughly 9500 users through the A10. So, we're doing CGN for 9500 people in all of our residences. That number is expected to double within the next five years.

We have about 20 to 25 people administrating or helping support it: network engineers, network architects, software engineers, security engineers, support staff, and web developers.

How are customer service and technical support?

The technical support is really good. When it comes to support, there is always room for improvement. However, there has not been a time that I reached out to A10 support, including after hours, such as two o'clock in the morning during that DDoS attack, and I have not been able to get a hold of an engineer right away. I have had some situations where the person couldn't resolve my issue and they had to go do some research, then come back to me within a day or two with a solution. Overall, they have a good support model. They have a great response time. First call resolution is not always there for urgent issues. The first call resolution is something that could be improved upon.

The A10 support and training site has a significant wealth of information and documentation about how to configure the most common configurations requested. Therefore, it is very easy to use coming from a network engineer background.

If you previously used a different solution, which one did you use and why did you switch?

We previously used a Cisco solution. One of the main reasons for switching away from Cisco was the licensing model. A10 gives you global server load balancing for free, while Cisco charged a significant licensing fee for that.

How was the initial setup?

The initial setup was straightforward. The way the box is brought online, A10 has good documentation on how to set it up. The person that I had on my team in charge of bringing this box online had zero A10 experience. Within a week or so, they were able to get up to speed and bring the box online, get it licensed properly, get it updated to the latest code, and put a basic configuration on it.

You plug it up, then it is a next, next, finish type of thing to get it online and operational.

The initial deployment plan was to get the box online, then to load balance some basic traffic and see how it worked. After that, we created some health checks to see how they worked and tested those out. We then tried to create some flex codes to do some basic redirects. We tested them, and those worked. We followed that same pattern when it came to application balancing.

From the network side of things, once we knew that it worked, we then passed it over. We created partitions for each of our application groups and gave them access to the A10 box. They could then configure their own server or applications on the box.

You do need intermediate network skills in order to use the box effectively. It is an advanced technology that you are configuring. It is not like you're just setting up a basic network with a switch and a router. Load balancers can be used for many different purposes: Doing URL redirects, application load balancing, and web load balancing. It can be used a million different ways. It can also be used to do a lot of different security features, such as SSL offloading so you can inspect SSL traffic. Thus, you must have a good understanding of what the box is capable of to be able to configure it.

So far, the solution has supported all of our in-house applications, which are homegrown, as well as the applications that we have purchased from vendors. We haven't run into a situation where we have ever tried to configure our A10 to work with software that was either homegrown or purchased where we couldn't get it to work. The solution has been very successful.

What was our ROI?

We have seen ROI from a being able to delegate certain rights to certain other groups of people to administrate their own configurations on the A10. Also, from an operational overhead, as well as cost, there has definitely been a huge return on investment.

What's my experience with pricing, setup cost, and licensing?

For the hardware and license, we paid $35,000 per box, which was a one-time cost. Then, for the Gold Support on the two boxes, we pay $9400 annually.

Which other solutions did I evaluate?

We also evaluated F5 and Citrix NetScaler.

The pros of A10 versus F5 are ease of use, as well as cost. F5 is much more difficult to configure. One of the pros of F5 is that it has more granular configuration, meaning you could do a lot more with F5 than you could do with an A10. However, A10 was a better fit for our needs. One of the cons of F5 is the cost.

With NetScaler, one of the cons is the cost. One of its pros is functionality-wise, the feature sets are very rich. 

The pros of Citrix and F5 are that they are more widely deployed than A10. If I was trying to find other people, such as my peers who have worked on A10s, there will be a lot more people out there that have worked on Citrix or F5 opposed to A10. This is a con for A10. 

What other advice do I have?

It has been a good, reliable solution for us. If you want a reliable solution that is very easy to configure and administrate, the A10 is the right choice. It is a very cost-effective solution. I would always pick A10 unless there was a specific feature set that one of the other vendors offered and I absolutely needed.

We do not use the solution’s Secure Service Mesh to optimize traffic within Kubernetes and containers today, but that is something we would like to do in the future.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email