Introducing – A10 Networks
With the emergence of mobile and cloud computing traffic is increasing exponentially, overloading network and data centre infrastructures. A10 networks main product set derives around application delivery controllers, which accelerate application performance and ensure server availability for these new challenging environments. Application delivery controller and performance is a key differentiation from A10 and other application delivery companies.
In 2013, A10 launched its premium platform known as A10 Thunder product set, which consists of three major product lines. Thunder ADC is an application delivery controller, Thunder Service CGN is a Carrier Grade NAT platform and Thunder Series TPS is a Threat Protection System. All, of which run on a new Operating System called Advanced Core Operating System (ACOS). It has been a success and March this year, leading service provider C4L, who has over 300 global data centre selected A10 Networks Thunder TPS Threat Protection Systems to mitigate distributed denial of service (DDoS) attacks. The Carrier Grade NAT platform is unique in the sense that multiple VM’s are automatically spawned up to serve incoming NAT requests. Instead, of buying large expensive Carrier Grade NAT box, the entire NAT process is scaled based on current NAT requests.
The diagram below displays feature sets for Thunder ADC ( application delivery controller ).
Application availability ensures that application servers and networks are reliably accessible. Enabling your infrastructure to scale out and redirect users in the event of an outage, using advanced layer 4-7 health-checks. A10 availability services include features such as Global Server Load Balancing ( GSLB ), Carrier Grade NAT (CGN), Firewall Load Balancing ( FWLB ) and various IPv6 Transition Technologies.
In Security arena, they can decrypt, authenticate, and inspect application flows, and then detect and mitigate various Cyber Attacks. Security product set include DDoS Protection, SSL Insight, Web, and DNS Application Firewall, most of which can be found in services such as reseller hosting from UKBSS.
Secure Sockets Layer (SSL) is used to secure TCP-based application, such as Secure Hypertext Transport Protocol (HTTP, TCP port 443). SSL traffic now accounts for 25% – 30% of all Internet traffic today and attackers use encrypted traffic such as SSL to hide from detection. SSL Insight, also known as SSL forward proxy is feature set used to prevent this. SSL Insight enables security devices to inspect encrypted traffic. Once the traffic has been scrubbed, its encrypted and forwarded to its destination.
Application acceleration improves application performance with high-performance application-aware load balancing. Acceleration products include SSL Offload, aFleX Scripting, aXAPI Custom Management and Multi-tenancy/Virtualization. A10 employ many TCP optimization techniques to improve users experience. TCP optimization reduces unnecessary TCP connections by employing techniques such as-connection reuse, dynamic window sizing, or TCP multiplexing.
TCP multiplexing is the ability for TCP to maintain many simultaneous processes in a single host. For distinct application processes it uses port numbers. Together, the application process and the network address form a socket. TCP multiplexing improves performance, capacity of servers and makes consolidation easier.
TCP Connection reuse establishes persistent TCP connections with back-end servers and then reusing those connections for future TCP requests. The benefit of connection reuse is that it reduces overhead associated with setting up TCP connections.
Advanced Core Operating System (ACOS)
Legacy systems were designed for single core 32-bit system architecture. The industry-recent shift to multi core architecture has placed strain on the legacy systems, causing problems with memory sharing. Old design use Inter-Process Communication (IPC) to share memory state, which causes problems as CPU core density increases. Without a shared memory design you get a complicated mess with unnecessary replication. A10 solves these problems with ACOS. ACOS is a unique operating system, which scales linearly with increased CPU core density. Scaling linearly lets you meet increased traffic demands without adding computation or memory resources.
The performance from A10 products come from Advanced Core Operating System ( ACOS ). Designed to deliver substantially greater performance and security relative to prior generation application networking products. They built the OS from the ground up on a symmetrical core multi processor methodology. The shared memory approach takes away the problem of Inter-Process Communication ( IPC) and its process of communication.
The beauty about shared memory is that everyone can read. Adding intelligence to the equation by not having to add overhead with an IPC architecture. It all comes down to reducing the number of bits and redundant copies that have to be transferred. Shared memory technology give extra horsepower as you are not replicating in memory.
aFLeX – Advanced Scripting for Layer 4 – 7 Traffic
Customers are using load balancing for more than just TCP and UDP services. They are looking to higher layers in the protocol stack for service enhancement. aFLeX allows operators to control fully application traffic. It allows manipulation and virtual patching of the communication path for protocols such as HTTP, SIP, RADIUS, and DNS. If you don’t know what SIP is, take a look on www.sip.us to find out more about the solution and how it can help communications.
aFLeX is a scripting language that works on Tool Command Language (TCL). Event-driven architecture, which allows customers to customize the load balance traffic path to do specific task. It gives the power to the administration to script what they want i.e redirecting based on information in the browser. For example, if the end user’s browser is in Spanish they can get redirected to the Spanish version of the website without an extra click. aFLeX allows creation of policies to inspect content, including request headers and payloads, performing actions such as blocking, redirecting, and modifying specific content. Scripting engines allow you to overcome individual challenges not necessarily experienced by other customers.