Network Security

A10 THUNDER TPS: - Next-generation DDoS Protection

A10 Networks® Thunder TPS™ product line of Threat Protection Systems provides high performance, network-wide protection against distributed denial of service (DDoS) attacks, and enables service availability against a variety of volumetric, protocol, and more sophisticated application attacks.

The Thunder TPS product line is built upon the Advanced Core Operating System (ACOS®) platform, with A10’s Symmetric Scalable Multi-Core Processing (SSMP) software architecture which delivers high performance and leverages a shared memory architecture to provide efficient tracking of network flows, as well as accurate DDoS protection enforcement for service providers, Web site operators and enterprises.

Multi-level DDoS protection for service availability

Organizations are increasingly dependent on the availability of their services, and on their ability to connect to the Internet. Downtime results in immediate revenue loss. Thunder TPS provides deep traffic visibility to spot anomalies across the traffic spectrum, and protects against multiple classes of attack vectors, including volumetric, protocol, and sophisticated application-layer attacks, which are detected and mitigated to prevent a service from becoming unavailable. The system has access to a rich set of protocol and application checks and a wide range of authentication methods to verify if client communications are valid, or if the traffic is scripted botnet traffic. Customized actions can be taken as needed with our programmatic policy engine.

The new A10 Threat Intelligence Service augments the Thunder TPS efficacy to protect users from cyber threats. A10 has gained a high-quality intelligence feed via ThreatSTOP’s advanced threat monitoring and mitigation platform to provide customers with a dynamic, near real-time intelligence feed that prevents data theft, reduces network load and minimizes attack surface.

High performance to meet growing attack scale

The networking industry as well as business analysts are seeing an increasing trend in DDoS attacks. Attacks are not only occurring more frequently, but with greater volumes and increased sophistication. With DDoS mitigation capacity ranging from 10 to 155 Gbps, (and up to 1.2 Tbps in a list synchronization cluster), or up to 223 million packets per second (pps). Thunder TPS ensures that the largest DDoS attacks can be handled effectively.

Select Thunder TPS models are equipped with a hardware-assisted Security and Policy Engine (SPE) to enforce security policies at high speed. The Field Programmable Gate Array (FPGA) hardware is leveraged to immediately detect and mitigate over 50 common infrastructure attack vectors. SSL processors make the system even more efficient at detecting and mitigating SSL-based attacks. More complex application layer (L7) attacks (HTTP, DNS and more) are processed by the latest Intel Xeon CPUs, so performance scaling can be maintained by distributing multi-vector detection and mitigation functions across optimal system resources.

Flexibility for customization and broad network integration

To easily integrate in various networking architectures, a vendor neutral, flexible DDoS mitigation solution is required. Various network deployment models for in- and out-of-band operations are available and with our RESTful API, aXAPI, Thunder TPS enables integration to your custom or third-party detection solutions. Information such as logs and network statistics can be shared at high speeds, using common standards. The programmatic policy engine allows for fully customized detection and mitigation using TCL-based aFleX® scripting technology, or leveraging regular expressions (regex) and Berkeley Packet Filter (BPF) pattern matching filters to perform deep packet inspection (DPI).

A10 Thunder TPS devices protect critical services in the most efficient hardware form factors, which enables your data center resources are used productively. The combination of high performance in a small form factor results in lower OPEX through significant lower power usage, reduced rack space and lowered cooling requirements.

Architecture and Key Components

Asymmetric Mode

Symmetric (inline) mode

Out-of-band (TAP) mode