THUNDER TPS Next-generation DDoS Protection



Similar documents
THUNDER TPS Next-generation DDoS Protection

VALIDATING DDoS THREAT PROTECTION

Load Balancing Security Gateways WHITE PAPER

How To Power Down A Powerline I3 (Powerline) With A Power Supply (Power) And Power Supply For A Powerpack (Powerplant) (Powerboard) (Microtower) (Networking) (Wireless) (

AX ADC Application Delivery Controller

THUNDER ADC Next-generation Application Delivery Controller

THUNDER ADC Next-generation Application Delivery Controller

A10 Thunder and AX Series

Advanced Core Operating System (ACOS): Experience the Performance

White Paper A10 Thunder and AX Series Load Balancing Security Gateways

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Deliver More Applications for More Users

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Healthcare Security and HIPAA Compliance with A10

APV9650. Application Delivery Controller

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

White Paper A10 Thunder and AX Series Application Delivery Controllers and the A10 Advantage

PCI DSS and the A10 Solution

Automated Mitigation of the Largest and Smartest DDoS Attacks

Thunder ADC: 10 Reasons to Select A10 WHITE PAPER

A10 Thunder TPS Hybrid DDoS Protection Deployment with Verisign OpenHybrid

Data Sheet. DPtech Anti-DDoS Series. Overview

Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.

APV x600 Series. Application Delivery Controller APV1600, APV2600, APV4600, APV5600, APV6600, APV8600, APV9600

Huawei Traffic Cleaning Solution

THUNDER ADC Next-generation Application Delivery Controller

The On-Demand Application Delivery Controller

Radware s Attack Mitigation Solution On-line Business Protection

CloudFlare advanced DDoS protection

SSL Insight Certificate Installation Guide

CaptIO Policy-Based Security Device

World Leading Application Delivery Controllers. Peter Draper Technical Director EMEA

Business Case for a DDoS Consolidated Solution

Ixia Director TM. Powerful, All-in-One Smart Filtering with Ultra-High Port Density. Efficient Monitoring Access DATA SHEET

SecurityDAM On-demand, Cloud-based DDoS Mitigation

Thunder Series for SAP BusinessObjects (BOE)

FortiCore A-Series. SDN Security Appliances. Highlights. Securing Software Defined Networking (SDN) Architectures. Key Features & Benefits

Check Point taps the power of virtualization to simplify security for private clouds

McAfee Network Security Platform A uniquely intelligent approach to network security

FortiDDoS. DDoS Attack Mitigation Appliances. Copyright Fortinet Inc. All rights reserved.

Acquia Cloud Edge Protect Powered by CloudFlare

SecureSphere Appliances

DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity

Centralized Orchestration and Performance Monitoring

Cisco IPS 4200 Series Sensors

Security Overview and Cisco ACE Replacement

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

AAM Kerberos Relay Integration with SharePoint

Cisco ACE 4710 Application Control Engine

Simplify Data Management and Reduce Storage Costs with File Virtualization

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Avoid Microsoft Lync Deployment Pitfalls with A10 Thunder ADC

AVX SERIES VIRTUALIZED APPLIANCES

Security Information & Event Manager (SIEM)

Security Information & Event Manager (SIEM)

Bivio 7000 Series Network Appliance Platforms

Ixia xstream TM 10. Aggregation, Filtering, and Load Balancing for qgbe/10gbe Networks. Aggregation and Filtering DATA SHEET

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Datasheet. Advanced Network Routers. Models: ERPro-8, ER-8, ERPoe-5, ERLite-3. Sophisticated Routing Features

McAfee Network Security Platform A uniquely intelligent approach to network security

Automated Mitigation of the Largest and Smartest DDoS Attacks

NSFOCUS Web Application Firewall

VMware View 5.0 and Horizon View 6.0 DEPLOYMENT GUIDE

First Line of Defense

FortiDDos Size isn t everything

Delivers fast, accurate data about security threats:

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Setting Up a Kerberos Relay for the Microsoft Exchange 2013 Server DEPLOYMENT GUIDE

EdgeRouter Lite 3-Port Router. Datasheet. Model: ERLite-3. Sophisticated Routing Features. Advanced Security, Monitoring, and Management

Your First Line of Defense AGAINST DDOS ATTACKS. scalability for First Line of Defense protection against cyber threats. ROBUST SECURITY COVERAGE

A10 Networks IPv6 Overview. November 2011

Configuring and Implementing A10

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

McAfee Network Security Platform A uniquely intelligent approach to network security

DPtech ADX Application Delivery Platform Series

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

Panorama. Panorama provides network security management beyond other central management solutions.

Your First Line of Defense AGAINST DDOS ATTACKS AND CYBER THREATS. for inspection performance, security. while providing an unprecedented

Introducing FortiDDoS. Mar, 2013

Cisco IronPort Security Appliances

Complete Protection against Evolving DDoS Threats

Cisco Intrusion Detection System Services Module (IDSM-2)

20 GE + 4 GE Combo SFP G Slots L3 Managed Stackable Switch

Thunder ADC for Epic Systems

TDC s perspective on DDoS threats

AVX SERIES VIRTUALIZED APPLIANCES

Cisco IronPort Security Appliances

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

First Line of Defense

On-Premises DDoS Mitigation for the Enterprise

Analyzed compe.tors Cisco RadWare Top Layer RioRey IntruGuard. January Cristian Velciov. (+40)

Stop DDoS Attacks in Minutes

High Performance 10Gigabit Ethernet Switch

SAML 2.0 SSO Deployment with Okta

Application Traffic Management

Transcription:

DATASHEET Next-generation DDoS Protection Supported Platforms TPS physical appliance agalaxy centralized management Overview The TPS product line is a family of high-performance appliances that detect and mitigate multi-vector DDoS attacks at the network edge, functioning as a first line of defense for your network infrastructure. A10 TPS product line of Threat Protection Systems provides high-performance, network-wide protection against distributed denial of service (DDoS) attacks, and enables service availability against a variety of volumetric, protocol, resource and other sophisticated application attacks. The TPS product line is built upon our Advanced Core Operating System (ACOS) platform, with our A10 s Symmetric Scalable Multi-Core Processing (SSMP) software architecture that delivers high performance and leverages a shared memory architecture to provide efficient tracking of network flows, as well as accurate DDoS protection enforcement for service providers, Web site operators and enterprises. Multi-level DDoS protection for service availability: Organizations are increasingly dependent on the availability of their services, and on their ability to connect to the. Downtime results in immediate revenue loss. TPS protects against multiple classes of attack vectors, including volumetric, protocol, resource and advanced application-layer attacks, which are detected and mitigated to prevent a service from becoming unavailable. In addition, customized actions can be taken against advanced application-layer (L7) attacks as needed with our aflex deep packet inspection (DPI) scripting technology. Performance scalability meets growing attack scale: The networking industry as well as business analysts are seeing an increasing trend in DDoS attacks. Attacks are not only occurring more frequently, but with greater volumes and increased sophistication. With DDoS mitigation capacity ranging from 38 to 155 Gbps, (and up to 1.2 Tbps in a list synchronization cluster), TPS ensures that the largest DDoS attacks can be handled effectively. Each TPS model is equipped with high-performance Field Programmable Gate Array ()-based Flexible Traffic Acceleration (FTA) technology, to immediately detect and mitigate over 30 common attack vectors in hardware, without impact to the core system general-purpose CPUs. More complex application-layer (L7) attacks (HTTP, SSL, DNS and more) are processed by the latest CPUs, so performance scaling can be maintained by distributing multi-vector detection and mitigation functions across optimal system resources. Broad deployment flexibility enables integration: To easily integrate in various networking architectures, a vendor neutral, flexible DDoS mitigation solution is required. With flexible deployment models for in- and out-of-band operations, and routed or transparent operation modes, TPS can easily be integrated into any network architecture, of any size. And with our axapi open RESTful API, TPS enables integration to your custom or third-party detection solutions. A10 TPS devices protects critical services in the most efficient hardware form factors, which enables your data center resources are used productively. The combination of high performance in a small form factor results in lower OPEX through significantly lower power usage, reduced rack space and lowered cooling requirements. 1

Architecture and Key Components Asymmetric mode DDoS Traffic Features and Benefits The TPS Series product line provides many features to detect and mitigate multi-vector DDoS attacks with unprecedented performance scalability and deployment flexibility. Multi-level DDoS protection for service availability: A10 s TPS Series is able to detect and mitigate any level of attack, even if multiple attacks hit the network simultaneously. Clean Traffic Edge Network Access Network Access Network Flow Information Flow Information Detection Inspection API Communication Complete multi-vector attack protection: Service availability is realized by detecting and mitigating DDoS attacks of all types, whether they are pure volumetric, protocol or resource attacks, or even application-level attacks: Volumetric attacks, such as SYN Floods and DNS amplification attacks, are aimed to flood and saturate a victim s network connection, thus rendering services unavailable. TPS implements multi-protocol rate limiting to prevent sudden surges of illegitimate traffic from overwhelming network and server resources. For on-demand, or permanent (proactive) volumetric mitigation, triggered manually or by flow analytical systems Inline mode Provides continuous, comprehensive detection and mitigation, with more application-level attack mitigation options Out-of-band mode Data Centers Target Edge Router Access Router Duplicated Traffic For detailed telemetry analysis, define threshold violations, and synchronize white/black lists master to in-band TPS units Protocol attacks, such as ping of death and IP anomalies, are aimed at exhausting a victim s protocol stack so it cannot respond to legitimate traffic. TPS detects and mitigates over 30 anomaly attacks in hardware to stop them before system CPUs have to be involved. Resource attacks, such as fragmentation attacks or HTTP Slowloris, are aimed at exhausting a victim s network or application resources. A resource attack renders a victim s services unusable, with minimal bandwidth usage. TPS recognizes many resource attacks and can deny malicious client access. Application attacks such as HTTP GET floods are specifically exploiting a weakness in an application s function or trying to make it unavailable. With A10 s aflex feature, TPS is able to perform deep packet inspection (DPI) on incoming packets and take defined actions to protect the application. Hitless redirect (aka action on ACK): When deployed in asymmetric mode, TPS can perform TCP authentication on established sessions. This means that for legitimate clients, the session will not be broken. Performance and scale to address the largest attacks: Over the last years, DDoS attacks have rapidly proliferated in terms of bandwidth (Gbps) and packets per second (PPS). TPS is equipped with high-performance hardware and the latest, most powerful CPUs to mitigate any scale of attack. Performance to address the largest attacks: Mitigation capacity ranging from 38 to 155 Gbps (or 1.2 Tbps in a list synchronization cluster) of throughput ensures that the largest DDoS attacks can be handled effectively. Each TPS model is equipped with high-performance -based FTA technology to detect and mitigate over 30 common attack vectors immediately, before the Intel CPUs are involved. More 2

complex application-layer (L7) attacks (HTTP, SSL, DNS, etc.) are processed by the latest CPUs, so that highperformance system scaling is maintained even for multi-vector attacks. The FTA technology can address over 30 attack vectors without involving the high-performance CPUs. Network connectivity is provided by 16 x 10 Gbps interfaces, and 4 x 40 Gbps interfaces. Large threat intelligence class lists: Eight individual lists, each containing up to 16 million list entries, can be defined. This allows a user to utilize data from IP reputation databases, in addition to the dynamically generated entries of black/white lists. Simultaneous protected objects: To protect entire networks with many connected users and services, the TPS Series is able to simultaneously monitor 64,000 hosts or subnets. Flexible deployment for ease of integration: For network operators, it is critical that a DDoS mitigation solution can easily be inserted into the existing network architecture, so that the network remains prepared for imminent DDoS threats. Easy network integration: With multiple performance options and flexible deployment models for inline and out-of-band operations, including both routed and transparent operation modes, TPS can be integrated into any network architecture, of any size. And, with axapi, our open RESTful API, TPS can easily be integrated into third-party detection solutions. Product Description The TPS product line is a family of high-performance appliances that detect and mitigate multi-vector DDoS attacks at the network edge, functioning as a first line of defense for a network infrastructure. Our TPS line of hardware appliances protects large networks with entry-level models starting at 38 Gbps and moving up to a 155 Gbps high-performance appliance for your most demanding requirements. All models feature dual power supplies, solid-state drives (SSDs), and have no inaccessible moving parts for high availability. All models benefit from our -based FTA technology, featuring s for hardware optimized packet processing to provide highly scalable flow distribution and DDoS protection capabilities. The -based FTA detects 30 common attack vectors in hardware without impacting the performance of the general-purpose CPUs that are used for processing more complex application-layer attacks. Switching and routing processors provide high-performance network processing. Each appliance offers the best performance per rack unit, and the highest level 80 PLUS Platinum certification for power supplies to ensure a green solution and reduce power consumption costs. High density 1/10 Gbps and 40 Gbps port options are available to meet the highest networking bandwidth demands. Each of our high-performance appliances is an efficient 1 RU form factor, and up to eight TPS models can be clustered for even higher capacity and efficient list synchronization. The unprecedented capacity of TPS allows a device to be deployed in inline mode and out-of-band mode simultaneously. In this deployment model, the TPS unit can analyze traffic from other network segments and apply this knowledge to its configuration. Appliance Summary/Specifications Table 4435 TPS 4435S TPS 5435 TPS 5435S TPS 6435 TPS 6435S TPS Throughput 38 Gbps 38 Gbps 77 Gbps 77 Gbps 155 Gbps 155 Gbps TCP SYN Auth/sec (PPS) * 35 million 35 million 40 million 40 million 65 million 65 million SYN Cookie/sec (PPS) * 50 million 50 million 100 million 100 million 200 million 200 million Network Interface 1/10 GE Fiber (SFP+) 16 16 16 16 16 16 40 GE Fiber (QSFP+) 0 0 4 4 4 4 Management Interface Yes Yes Yes Yes Yes Yes Lights Out Management Yes Yes Yes Yes Yes Yes Console Port Yes Yes Yes Yes Yes Yes Solid-state Drive (SSD) Yes Yes Yes Yes Yes Yes Processor 2 x 2 x Memory (ECC RAM) 64 GB 64 GB 64 GB 64 GB 128 GB 128 GB 3

Appliance Summary/Specifications Table (continued) Hardware Acceleration 4435 TPS 4435S TPS 5435 TPS 5435S TPS 6435 TPS 6435S TPS 64-bit Linear Decoupled Architecture Yes Yes Yes Yes Yes Yes Flexible Traffic Acceleration 1 x FTA-3+ 1 x FTA-3+ 2 x FTA-3+ 2 x FTA-3+ 4 x FTA-3+ 4 x FTA-3+ Switching/Routing Hardware Hardware Hardware Hardware Hardware Hardware SSL Security Processor No Dual No Dual No Quad Power Consumption (Typical/Max) Heat in BTU/hr (Typical/Max) Power Supply (DC option available) Cooling Fan Dimensions 350W / 420W 400W / 480W 400W / 480W 450W / 550W 590W / 680W 680W / 780W 1,195 / 1,433 1,365 / 1,638 1,365 / 1,638 1,535 / 1,877 2,013 / 2,320 2,320 / 2,661 Dual 1100W RPS 80 Plus Platinum efficiency, 100-240 VAC, Frequency 50 60 Hz Hot Swap Smart Fans 1.75 in (H), 17.5 in (W), 30 in (D) Rack Units 1U 1U 1U 1U 1U 1U Unit Weight 34.5 lbs 34.5 lbs 35.5 lbs 35.5 lbs 39 lbs 39 lbs Operating Ranges Temperature 0-40 C Humidity 5% - 95% Regulatory Certifications Standard Warranty Certification in progress * Packets per second. Performance varies with deployment mode and configuration FCC Class A, UL, CE, TUV, CB, VCCI China CCC, BSMI, RCM (replace C-Tick), GOST-R, FAC, KCC, NEBS 90-day Hardware and Software 4435 TPS 5435 TPS 6435 TPS 4435S TPS 5435S TPS 6435S TPS Detailed Feature List High Performance, Scalable Platform ACOS Operating System Multi-core, Multi-CPU support Linear Application Scaling Linux on control plane ACOS on data plane Networking Asymmetric, Inline, Out-of-band (Transparent Mode/ Routed Mode) Routing: Static Routes, BGP4+ VLAN (802.1Q) Trunking (802.1AX), LACP Access Control Lists (ACLs) Management Dedicated management interface (Console, SSH, Telnet Industry-standard Command Line Interface (CLI) SNMP, Syslog, Email Alerts Port mirroring REST-style XML API (axapi) LDAP, TACACS+, RADIUS Support Flood Attack Protection SYN Cookies SYN Authentication TCP/UDP/ICMP Flood DNS Authentication 4

Flood Attack Protection (continued) DNS Flood HTTP Authentication HTTP Flood Protocol Attack Protection Invalid Packets Anomalous TCP Flag Combinations (No Flag, SYN/FIN, SYN Frag, LAND attack) IP Options Packet size validation (Ping of Death) HTTP Protocol Compliance HTTP Anomalies Resource Attack Protection Fragmentation Slowloris Slow GET/POST Long Form Submission SSL Renegotiation Application Attack Protection Application Layer (L7) Scripting (aflex) HTTP GET Flood Protected Objects Source/Destination IP Address Source/Destination IP Pair Source/Destination Port Subnet Protocol (HTTP,DNS,TCP,UDP,ICMP) DNS Query Type URI List Actions Drop TCP Reset Add to Black List Add to White List Log Limit Concurrent Connections Limit Connection Rate Limit Rate Telemetry sflow v5 with Host, HTTP, and Custom Counter Blocks High Speed Logging Redirection BGP Route Injection IPinIP (source and terminate) GRE Tunnel Termination Detection Manual Thresholds Protocol Anomaly Detection Inspection within IPinIP Black/White Lists IP/Port Scanning Carrier-grade Hardware Advanced hardware architecture Redundant Power Supplies (AC or DC) Smart Fans (hot swap) Solid-state drive (SSD) and Compact Flash 1/10 GE ports, 40 GE ports Tamper Detection Lights Out Management (LOM/IPMI) About A10 Networks A10 Networks is a leader in application networking, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, California, and serves customers globally with offices worldwide. For more information, visit: www.a10networks.com Corporate Headquarters A10 Networks, Inc 3 West Plumeria Ave. San Jose, CA 95134 USA Tel: +1 408 325-8668 Fax: +1 408 325-8666 www.a10networks.com Part Number: 15101-EN-03 Feb 2014 Worldwide Offices North America sales@a10networks.com Europe emea_sales@a10networks.com South America brazil@a10networks.com Japan jinfo@a10networks.com China china_sales@a10networks.com Taiwan taiwan@a10networks.com Korea korea@a10networks.com Hong Kong HongKong@a10networks.com South Asia SouthAsia@a10networks.com Australia/New Zealand anz_sales@a10networks.com To learn more about the A10 Application Service Gateways and how it can enhance your business, contact A10 Networks at: www.a10networks.com/contact or call to talk to an A10 sales representative. 2014 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, A10,, v, acloud, ACOS, and agalaxy are trademarks or registered trademarks of A10 Networks, Inc. in the United States and in other countries. All other trademarks are property of their respective owners. A10 Networks assumes no responsibility for any inaccuracies in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information