A10 Networks Thunder CGN Review

Extremely reliable; freeing up a lot of our IP space


What is our primary use case?

We use it for Carrier Grade NAT. We are a university with a lot of students. We use this solution to provide Internet access to students from our wireless network.

Currently, we're using 2.8.1-P1 Build 11 on most of the devices. I think we might have a different build on a couple of them.

How has it helped my organization?

It has freed up a lot of our IP space and has been extremely reliable. We have set it up in a high availability scenario, testing it many times. It has been absolutely perfect in terms of failover.

What is most valuable?

We use the fixed NAT feature. Students sometimes download copyrighted material which they're not supposed to, or do things they're not supposed to, then we need to be able to track back who was the user. Because it's on a NAT, we need a way to be able to bind the inside and outside addresses. This is why we use it.

It is very easy to use. Both the GUI and CLI interface are consistent, which makes the ease of access throughout various constituencies possible. It's also well-documented and logical. These are the things that I look for the most in ease of use.

What needs improvement?

They don't track concurrent port usage. We have to do that in another way and it's not a very clean way. That is something that I know they could do, but they don't. I don't know if maybe they have another product or something, but they don't do it in the product we have. The number of ports per device used would have been a big help to us. We had to figure that out ourselves.

For how long have I used the solution?

We have been using it for six or seven years.

What do I think about the stability of the solution?

It is totally stable. I can't remember one time that we have had a problem with it.

There are two network engineers who administrate it in the company.

What do I think about the scalability of the solution?

I have two instances of this solution. In our main production wireless scenario, we haven't hit a level of use which has seen it be deficient in terms of system resources. Therefore, we haven't pushed it far enough to find out where it starts to fail. We have tested it numerous times in terms of its failover from one to another and the system seems to maintain itself and sessions well. That all seems to be working well. We have another setup where we have a Carrier Grade NAT box that is supporting our research that has a 40 gig link to an Internet tool. This is a research network that frequently pushes the box to its maximum. That box is on a 40 gig link with a 38 gig capacity, in terms of throughput, and it seems to live up to that perfectly. 

Once installed, it handles 20,000 to 30,000 concurrent users going through the NAT, which is a lot. The bulk of the traffic on the network goes through these devices. They are critical, e.g., if they were to fail, a lot of people would notice it. I would be on the phone immediately. Luckily, we don't have that problem.

How are customer service and technical support?

When I have used it, the tech support has been really good. They understand the problem and are able to get to the bottom of it. They wait around to ensure you have it working/functioning and are not off to the next problem. 

I have never had a problem with them, unlike some vendors. The A10 Networks technical support is excellent.

Which solution did I use previously and why did I switch?

We have used things here and there, but we didn't do anything to this scale previously. We put our toes in the water with an earlier product from A10 that worked, then we rolled it out to this bigger environment.

We have a big indoor sports facility on campus for football, basketball, etc. We might have 30,000 to 50,000 people in it with wireless networking, but we don't want to give them all the addresses. Therefore, we use an A10 to support that. Because that worked well, we rolled it out to campus and have used it for everything.

How was the initial setup?

The initial setup was fairly straightforward. However, we still have an earlier version of it that it has improved from that to this. It was very similar, so I already knew how it was going to work. 

We tested it in a specific environment, then rolled it out to two other environments from that initial environment in HA pairs. The initial deployment taught me how to do it, then I was able to recreate that at three other locations.

What about the implementation team?

They sent a systems engineer onsite to help us so it took us less than a day to get it going and deployed. We had a good experience in that regard.

What was our ROI?

We have absolutely seen ROI. It saved us hundreds of IP addresses, and that's like gold. I don't even know how you put a price on that. If you think about it, we have concurrently 30,000 devices, and that's a lot of IP addresses. Before we had A10, we'd have something like 10,000 devices, concurrently. However, because everybody has a cell phone, tablet, laptop, and/or games in their rooms, nobody wants to plug in. Instead, they want to use the wireless network. We have just been able to stay ahead of that curve. I don't know where we would be if we would have run out of IP space.

What's my experience with pricing, setup cost, and licensing?

The cost to buy it initially was a single purchase price. This was a cost for the hardware and software, but we got a year of service with it. Annually, we pay them a service fee, but it's not much money.

We do not use the FlexPool consumption-based licensing model. I just learned of it. While we're interested in it, we're not doing it currently. They had called me a week to two ago about their licensing model. It has the ability to spin up VMs as needed for NAT, as well as their ADC, which is their load balancing stuff. We are considering that, as that is a pretty attractive feature.

Which other solutions did I evaluate?

We also looked into open source and Cisco. We went with A10 Networks because:

  • It was attractively priced.
  • It had all the features that we needed. 
  • It was relatively straightforward, in terms of the use. 

We could see how to do it and there wasn't a big learning curve. The company felt, if something happened to me, they would be able to find somebody else to step in and be able to do it without a bunch of hassle.

We use F5 for load balancing instead of A10 Networks.

What other advice do I have?

It handles everything that I ask it to do. I would totally recommend this as a method to alleviate IP address exhaustion. I would give it a nine (out of 10).

The solution's security features are good. We don't use a lot of security for this solution, as it's not required. We don't give students access to the solution.

The biggest lesson learnt: Some vendors don't lie.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest