What is our primary use case?
Availability is very critical for us. We use it to mitigate DDoS attacks for rural North Dakota. We really don't use it to identify attacks, we use third-party software, a Kentik solution, to identify anomalies within the IP stack. Then, we turn around and send mitigation profiles to the A10 based on an API call, and the A10 initializes a BGP session to our core routers to offload that traffic and mitigate it.
We provide hosted solutions so our deployment of A10 is private cloud.
How has it helped my organization?
Our setup is something of a hybrid solution. We're using the third-party software, the Kentik solution, but we also have some clients that are directly connected to TPS. There is a 30-second delay in time to mitigation for clients that are not direct. By the time that third-party solution identifies something and sends it, via API, to the TPS, there's about a 30-second delay. When we have customers that are directly connected, they have just about instantaneous mitigations with TPS.
We use that inline setup as a premium service. If customers can tolerate a small spike in traffic flow until the mitigation happens then we'll just leave them on the Kentik solution. If they want it instantaneously then we'll put them inline and connect them directly to the TPS for that. Customers who opt for the premium service include financials, utilities - anything which needs that instant mitigation and understands the threat of DDoS. Some entities can tolerate it if they're down for a minute or two minutes and it's not crucial that they pay the extra dollars.
Overall, DDoS attacks affect small-town North Dakota in a fairly large fashion, meaning that they could affect infrastructure from schools to county courthouses to libraries, etc. Those places aren't directly associated with the target of the attack but the appliance itself and the solution in general allow for the protection of those services in those communities. It has been very successful.
The solution has reduced the amount of manual intervention required during an attack. We have the inline solution and when it comes to the customers that we have on it, it has saved us some troubleshooting time. If we can see that there is an active zone, we know that their traffic is being mitigated. If a customer calls and says, "Hey, I have internet problems", one of the first things we check is if there's a DDoS attack happening.
Anytime you filter, you set up thresholds, you can identify your traffic patterns a lot better.
It has helped in that aspect as well. We did miss attacks previously.
What is most valuable?
We're just using a portion of it, the mitigation aspect.
What needs improvement?
If there's one aspect of A10 that needs improvement it would be the training. All of their training is done online, at least in what we've been exposed to. I would like to have a classroom environment for training. I would like to say, "Okay, if we have three or four people who need to get trained up, we want to send them to a classroom." That way they're detached from their home office and have the lab facilities. They can have a classroom environment or experience instead of a virtual classroom. It would give them a chance to provision it. There's a better experience in a classroom than in a virtual classroom.
It's not a terrible issue, but the training was the biggest thing that we faced. We're two years into this and we haven't done all the training probably needed to fully support it, because our deployment is very limited. But when we did want to pursue training, I believe that the training was all virtual.
For how long have I used the solution?
We've been using this solution for about two years.
What do I think about the stability of the solution?
It's been rock solid. We haven't had any issues with power supplies or software anomalies. It's been a pretty good platform.
What do I think about the scalability of the solution?
For our deployment, we're probably not even using ten percent of its capacity as far as throughput port space. For us, the scalability is very high. For us, it's like investing future-forward.
The usage potential increases daily, exponentially, based on the internet curve. But we're just using a small percentage of the features and a small percentage of its capacity.
We have about 200 customers that have access to the solution with 100,000 users on their side. We carry something like 80 Gig of internet traffic into the state. Because we're using that third-party for the majority, TPS doesn't see all that 80 Gig of traffic. It only sees the traffic that has been identified by the third-party software. The TPS isn't necessarily handling packet, packet, packet, packet; it's handling only packets that are being sent to it by the third-party. In that scope of scalability, it's almost exponential because we're only identifying the traffic flows and patterns that need to be mitigated.
How are customer service and technical support?
We have opened a few tickets with TAC and they've been good, along with their sales engineering team. We may have a customer that will have an atypical type of deployment. In that case, we'll bring in the sales engineering team or TAC and they'll get us in contact with an expert in that field. Their tech support has been very good.
Which solution did I use previously and why did I switch?
We did not have a previous solution.
How was the initial setup?
The initial setup was pretty straightforward. You set up your routing tables, your interfaces. There was no magic there.
We have two and we had them both up and running within three or four days, meshed with our network. The process was to get it connected to our core internet routers and have it start talking to a third-party software and, after that, start the mitigation processes.
What about the implementation team?
We mostly did it ourselves. From the A10 side, we had our sales engineer and we had a few calls with their support staff. Based on that, we developed a roadmap and then we self-installed and deployed it.
What was our ROI?
Our situation is unique because we're owned by the 14 independent broadband providers in North Dakota. So we may not directly see an ROI because the bandwidth of the DDoS traffic basically gets to us. However, we save that extra bandwidth to our owner companies from downstream services. We're saving our members money with the solution.
Which other solutions did I evaluate?
We did a proof of concept and had a bake-off between Arbor and A10 and Kentik. Because of the reports that we wanted and how we wanted to handle things, the third-party and the A10 solution were technically the best, and scalable.
The flexibility of solutions was important to us. We have the ability to either go inline, to connect directly to the TPS, or to bring it through the third-party. That in itself was a major selling point because we're not stuck with one solution. If we decide that we want to change third-party vendors, we're not married to it. We can shop around and if there's something better that comes out, we can still interface the TPS system with that new software. It meant we weren't just saddled to one vendor for a DDoS solution.
What other advice do I have?
Do your research to understand your solution options. Then, have a PoC bake-off and task the system. Identify ad-hoc anomalies in your test-bed and look at the time to mitigation. Look at different types of situations to see, if an anomaly comes along, how long it would take you to deploy an ad-hoc solution or redirect the traffic. Research and proof of concept is our biggest thing. We never do anything without doing them thoroughly.
The biggest thing I have learned is how many attacks there are and how many different ways the attacks happen, throughout an attack. You can have a DNS attack, you can have an ICMP attack. You can have all these different flavors of attacks. That was probably the biggest eye-opener for me. When you hear the word "DDoS," everything gets put into a container. It's not until you look into the container that you see all the different types of attacks that are summed up by that word.
The solution has been rock solid for us. We haven't had any issues. We've had numerous attacks and it's worked perfectly.
I don't know that it has an increased network availability notably but it has added to it. Instead of having four-nines of availability, we've got five-nines. It's a solution and a package, so it's not our only tool in our toolbox.
We only use the TPS side of it and we're not 100 percent trained up on it, even though we've had two years of deployment on it. We don't know the whole, full-meal deal on what it can do. There's a possibility we'll go to the load balancing and some of those features. Even though we have hosted solutions, we don't have enough because we're a small company. There are other features but we'll explore those as we need.
We have just two people who have access for configuration of the solution and its operations, in our engineering operations.
I would have to rate A10 TPs as a nine out of ten. We've been very happy with the product. Of course, we don't want to give tens because then get people get cocky about it.