What is our primary use case?
Our primary use case is load balancing, from Layer 4 to Layer 7, on different partitions. And it's also our internet gateway router with our ISP. We're using the standard DDoS protection which is on the box itself.
We have about 91 virtual IP addresses we're load balancing at the moment.
How has it helped my organization?
Before A10, we didn't have any load balancing capabilities. Now we use a different partition for the DNS infrastructure with the DNS firewall. The unit uses a separate partition for the internal- and for the external-facing. Before, everything was connected together, and we couldn't split very easily between test, production, and development.
The effect of the solution on our efficiency is that before, we only had round-robin DNS load balancing capabilities, with no health-checking, for example. Or we would have to use network-based load balancing from Microsoft. All that can bring a network down quite quickly, if you configure things incorrectly. With A10, we have a very robust load balancing solution that is capable, like F5, of iRule or aFleX scripting. You can influence the complete packet instead of just a few bytes or bits of the packets, depending on whether it's http or another Layer 4 to Layer 7 traffic flow.
What is most valuable?
Compared to F5, which I used about six years ago, the A10 is much easier when routing. You don't have to use the wildcard bits to route it between the different segments. It's much less troublesome to configure.
A10 Networks also doesn't have separate licenses for some features. All licenses are already onboard, which is not the case with F5. It's called the GTM on F5 and on A10 it's GSLB. The DNS load balancing is globally based and that isn't a separate license. That's already on the box in the ADC license itself.
The solution's traffic flow management capabilities are quite easy to use and quite good, and our ability to troubleshoot traffic flow issues is good if you know how to read the packet captures. If you know your way around the command prompt, it's fine.
We've got the solution's support for expanding infrastructure to public, private, and hybrid cloud containers for our internal data center, and we're also balancing some things we've got in AWS. That's only available internally. That scales well, especially the virtualization with the A10s. You can split it up into 32 separate units.
The solution's support for our on-premise applications is good. It's very flexible. You can split it up into different Layer 3 partitions: internal- or external-facing. Or you can use it as a separate partition for testing.
What needs improvement?
There is room for improvement in the GUI. I just migrated from the 2.7 software train to the 4.1, and there are still people on 2.7. The latter is a very old GUI if you compare it to F5. It's not as easy to use and a lot of things are missing.
They've made a lot of improvements in the 4.1 step, but compared to the ease of use of F5, it's still quite difficult. For people who haven't got a lot of experience, the GUI can be quite challenging.
For how long have I used the solution?
We've been using the Thunder ADC product for nearly six years.
What do I think about the stability of the solution?
I've never had any trouble. There have been some bugs in some software-release trains, but there were no production issues as a result.
We have between 1,500 and 3,000 users connecting to the appliances daily. Administration-wise, there are two network admins but we're not required to look at it because we've got our daily monitoring alerts.
For our new applications, all load balancing is being done on the A10s. In terms of increasing our usage, there are still some new applications on our roadmap that are being developed. They will replace other applications that are not load balanced at the moment. The replacement will be load balanced so we plan to put more things behind them.
What do I think about the scalability of the solution?
It scales well. I haven't found any inconsistencies between the data sheets and the hardware specs. For our purposes, we haven't run into any degraded performance or the like.
How are customer service and technical support?
A10's technical support is very good. Most of the time we go through our support partner, but you can also send an email straight to A10 support and, most of the time, within one to two hours, you get a response.
Initially, I got support directly with the vendor and that was fine. Now, we've also got a support partner. I haven't any experience with them yet because we just engaged them with the new units. But my direct experience with A10 was quite good.
Which solution did I use previously and why did I switch?
The primary reasons that we switched to A10 were that F5 wasn't 46-bit hardware-capable yet, at the time, and because of the licensing. For what we wanted to do with our replacement parts, we would have had to migrate to a much more expensive and higher-end hardware model at that size. And support-wise, F5 is about five times more expensive than A10 is.
Overall, at the time, we were quite happy with F5. But we were looking around and came across A10 and did a proof of concept with them. Price-wise, it was very interesting and hardware-wise as well.
How was the initial setup?
The initial setup was quite straightforward, but take into account that I've been using it for a long time.
If you come from a Cisco background and you switch to F5, it's quite a big step. A10 is more like a Cisco IOS, in terms of the CLI. The F5 is more Junos OS, CLI-wise. So for me, the migration from F5 to A10 — because we use a lot of Cisco as well, internally — and the setup of A10, was quite easy. The commands are quite similar for configuring the interfaces.
For the migration five or six years ago took, the initial deployment took about two or three days to get the failover and everything else working. The migration itself for about 70 VIPs, took about a month. My recent migration from one unit to the other unit took about two weeks, taking into account the different departments and getting a service window to migrate things.
In terms of our implementation strategy, as is, from the one A10 to the other A10, everything we're load balancing was just a copy-paste and then we made some hardware improvements because we have more 10-GB interface capabilities. We can split the load better between a separate Layer 3 core and our ACI data center core.
What about the implementation team?
We did it ourselves, but we had a review of the initial configurations and migration steps from A10 Professional Services, and that took about two hours. Our experience with them was quite good.
What was our ROI?
We have seen ROI from going with A10. Part of that was the ease of configuration, but that's because most of the other network engineers also have a Cisco background, and they had never done anything with the F5 solution before. So it was quite easy for them to get used to configuring it. And in the support contract, we saved a lot of money, on the order of $15,000 to $20,000 a year.
What's my experience with pricing, setup cost, and licensing?
As for the initial investment in the hardware, F5 and A10 are quite similar now. For the current A10 solution, the initial cost was about $36,000. As for annual support, the F5 solution would be between $10,000 and $12,000, while the A10 is $2,200 a year for support.
Which other solutions did I evaluate?
In terms of A10's security features, the web application firewall handles the top 10 OWASP use cases. But the ATM on the F5 is much more enhanced or comprehensive. For pure load balancing and the normal security features, both solutions are okay. They are easy to configure for simple setups.
What other advice do I have?
The biggest lesson I have learned using the ADC solution is the ease of routing between the different segments that are behind the solution, compared to F5.
You have to look at your use cases for load balancing and how much you want to have influence from the traffic. In my opinion, there are only two solutions that are very close to each other, the F5 and the A10, in terms of the way you can influence your traffic. Then it comes down to the price. Security-wise, they each have different angles for how you set it up.
We don't use A10's FlexPool consumption-based licensing model. We have some VM test units. We would have to bring our own license if we wanted to host it in the cloud. That's another subscription model that we haven't used.
In terms of the solution's single-pane-of-glass view, you actually you need the Harmony analytics to see everything. You can see everything that is configured on, but to get the most out of the monitoring part, you have to have Harmony with it. With Nagios and Zabbix, etc., you have to do a lot of OED searching to get all the collect counters for your service groups.