Data Sheet

Thunder TPS
DDoS Detection, Mitigation & Cloud Protection

Platforms
A10 Thunder TPS® (Threat Protection System) is the world’s and Services
highest-performance DDoS protection solution, leading the
industry in precision, intelligent automation, scalability, Thunder TPS
Physical Appliance
and performance.
V

including A10 Thunder® ADC, CGN

Surgical Multi-Vector and CFW. These capabilities provide
Thunder TPS
Virtual Appliance

DDoS Protection the context, packet level granularity

and visibility needed to thwart today’s
Ensuring availability of business services
sophisticated attacks. The One-DDoS
requires organizations to rethink how to build
Protection detectors work in concert
scalable DDoS defenses that can surgically DSIRT
with A10 Networks aGalaxy® Centralized DDoS Specialized
distinguish an attacker from a legitimate user.
Management System and Thunder TPS for Support

New threat vectors have changed the breadth, centralized mitigation that delivers fast
intensity, and complexity of options available and cost-effective DDoS resilience. Management
to attackers. Today’s attacks have evolved,
Thunder TPS’ scale and zero-touch
and now include DDoS toolkits, weaponized
intelligent automation architecture with
IoT devices, online DDoS services, and more.
aGalaxy maximize ROI and help service aGALAXY
Established solutions, which rely on ineffective
provider enable profitable DDoS scrubbing Management
signature-based IPS or only traffic rate-
services.
limiting, are no longer adequate.
A10 Networks is available when you need
Thunder TPS scales to defend against the
help most. A10 support provides 24x7x365 Subscriber Portal
DDoS of Things and traditional zombie
services, including the A10 DSIRT (DDoS
botnets and detects DDoS attacks through
Security Incident Response Team) to
high-resolution packets or flow record
analysis from edge routers and switches.
help you understand and respond to
DDoS incidents and orchestrate cloud
Talk
Unlike outdated DDoS defense products,
scrubbing. A10 Threat Intelligence Service With A10
A10 Networks’ defenses include detection
leverages global knowledge to proactively Web
capabilities across key networks elements
stop bad actors. a10networks.com/tps

1
Benefits

Maintain
Service Availability

Downtime results in immediate productivity and revenue loss for any business. Thunder TPS ensures
service availability by automatically spotting anomalies across the traffic spectrum and mitigating
multi-vector DDoS attacks.

DEFEAT
Growing Attacks

Thunder TPS protects the largest, most-demanding network environments. Thunder TPS offloads common
attack vectors to specialized hardware, allowing its powerful multicore CPUs to distinguish legitimate users
from attacking botnets and complex application-layer attacks that require resource-intensive deep packet
inspection (DPI).

Scalable
Protection

Select Thunder TPS hardware models benefit from our Security and Policy Engine (SPE) hardware
acceleration, leveraging FPGA-based FTA technology and other hardware-optimized packet-processing for
highly scalable flow distribution and hardware DDoS protection capabilities.

Deploy
Wartime Support

No organization has unlimited trained personnel or resources during real-time DDoS attacks. Thunder TPS
supports five levels of programmatic mitigation escalation and de-escalation per protected zone. Remove the
need for frontline personnel to make time-consuming manual changes to escalating mitigation strategies
and improve response times during attacks. Administrators have the option to manually intervene and
coordinate with A10’s DDoS Security Incident Response Team (DSIRT) at any stage of an attack.

$ Reduce
Security OPEX

Thunder TPS is extremely efficient. It delivers high performance in a small form factor to reduce OPEX with
significantly lower power usage, rack space, and cooling requirements.

2
Reference Architectures

Proactive Mode
(Asymmetric or Symmetric)

Clean Traffic Proactive mode provides continuous,

comprehensive detection and fast mitigation.
Thunder TPS Services This mode is most useful for real-time
Firewall
Edge Router
environments where the user experience is
API
critical, and for protection against application-
REST API,
layer attacks. TPS supports L2 or L3 inpath
Cloud-based sFlow, UI
DDoS Scrubbing Syslogs deployments. It also eases deployment of
(Hybrid)
aGalaxy hybrid DDoS protection using cloud scrubbing
GUI, REST API
service in case volumetric attacks exceed an
organization’s internet bandwidth.

aGalaxy
Reactive Mode
API Communication
Larger networks benefit from on-demand
mitigation, triggered manually or by flow
analytical systems. TPS fits in any network
API, sFlow, configuration with integrated BGP and other
Flow-based Detection Thunder TPS Syslogs routing protocols. This eliminates the need for
Suspected any additional diversion and re-injection routers.
Traffic
Clean
UI A10 Networks partners with the industry’s
BGP Traffic leading visibility and DDoS detection companies
GUI, REST API to provide additional flexibility for creating best-
Flow
Information of-class solutions for each customer’s unique
business needs. The flow-detection partner
companies leverage Thunder TPS’ open RESTful
API (aXAPI® and aGAPI®), to create tightly
Edge Router Access Router Firewall Services integrated monitoring solutions that include
visibility, detection and reporting.

Reactive Deployment with

aGalaxy Thunder TPS Detector
API Communication
Thunder TPS Detector is available as a
standalone appliance (hardware or virtual).
The flow-based DDoS detector supports
API, sFlow, tightly integrated interworking with aGalaxy
Thunder TPS Detector Thunder TPS Syslogs
management and Thunder TPS mitigation for a
Suspected
complete reactive DDoS defense solution.
Traffic
Clean
UI
BGP Traffic
GUI, REST API
Flow
Information

Edge Router Access Router Firewall Services

3
Reference Architectures

Distributed Detection with

One-DDoS Protection
UI
One-DDoS Protection provides full spectrum
GUI, REST API DDoS protection by placing detection
Dectection Signaling capabilities across key networks elements
Traditional API, sFlow, Syslogs including A10’s Thunder ADC, CGN and CFW.
Scrubbing These capabilities provides the context, packet
Center
aGalaxy
Thunder TPS
Thunder CFW
with Detection
level granularity and visibility needed to thwart
Data Center
Suspected Clean today’s sophisticated targeted attacks. The
Traffic BGP Traffic
distributed DDoS detectors work in concert
with aGalaxy and Thunder TPS for centralized
mitigation that delivers fast and cost effective
Edge Router Access Router Thunder CGN
with Detection
Subscribers DDoS resilience.

APP

Thunder ADC
with Detection Critical Services

Out-of-Band (TAP) Mode

All Traffic The out-of-band mode is used when packet-
based DDoS detection and monitoring are
required.

Duplicated
Edge Router Traffic Access Router Service

Thunder TPS

4
Features
A10 Thunder TPS is the world’s highest-performance DDoS protection solution. It detects and mitigates multi-vector DDoS
attacks with surgical precision while providing unprecedented performance, scalability, and deployment flexibility.

Full Spectrum DDoS Protection for Service Availability

A10 Thunder TPS detects and mitigates broad levels of attacks, even if multiple attacks hit the network simultaneously.

Complete Solution
For Flexible Deployments

Thunder TPS DDoS solutions provides a complete solution for DDoS defenses in proactive always-on or
on-demand reactive modes to meet their business objectives. Thunder TPS can be deployed in L2 or L3
inpath modes with full IPv4 and IPv6 support. On-demand reactive DDoS detection is facilitated with the
collection and analysis of exported flow data records from routers and switches. The Thunder TPS detector
applies always-on adaptive learning to build peacetime profiles for protected servers and services, based
on 17 flow record traffic indicators to spot anomalous behavior. When an attack is detected, aGalaxy
instructs Thunder TPS to initiate a BGP route redirection for the suspicious traffic. Then TPS applies
the appropriate countermeasures using a progressive auto mitigation level escalation technique before
delivering the clean traffic to the intended destination.

Multi-Vector ZAP
Attack Protection Zero-Day Automated Protection

Detect and mitigate DDoS attacks The ZAP engine utilizes heuristic
of many types, including volumetric, and machine learning automatically
protocol, or resource attacks; discover mitigation filters without
application-level attacks; or IoTbased advanced configuration or manual
attacks. Hardware acceleration intervention. ZAP speeds the response
offloads the CPUs and makes Thunder time against increasingly sophisticated
TPS particularly adept to deal with multi-vector attacks while minimizing
simultaneous multi-vector attacks. downtime and errors and lower
operating costs.

Hybrid Non-Stop DNS

DDoS Protection DNS Authoritative DNS Cache

Thunder TPS on-premise protection A10 Thunder TPS can be configured as

works in concert with 3rd party a high-performance DNS authoritative
cloud-based DDoS scrubbing service cache, enabling Thunder TPS’ Non-stop
to provide full-spectrum protection DNS operational mode to cache up to
against attacks of any type. 240 million DNS records and respond
to queries at rates of up to 70 million
When attacks grow beyond an
queries per second. Non-stop DNS can
organization’s bandwidth capacity, cloud
also work in conjunction with Thunder
mitigation can be initiated automatically
TPS DDoS defenses to create a highly
by Thunder TPS using BGP based
resilient DNS service.
signaling, API, and scripting etc.

5
 One-DDoS A10 DDoS Threat
Protection Intelligence
Layered, Distributed Detection
Aggregated and correlated DDoS
One-DDoS Protection provides the weapons intelligence from over 40
freshest approach to full-spectrum reputable data sources, is included
DDoS defense, placing detection with support, enabling Thunder TPS to
capabilities across key network elements instantly recognize and block traffic to
closest to the targeted elements of the and from known malicious sources. The
infrastructure. This provides the context, service includes millions of current and
packet level granularity, and visibility accurate IP addresses of DDoS weapons
needed to thwart today’s sophisticated used regularly in reflected amplification
targeted attacks. attacks and crippling IoT botnet attacks.

A10 Thunder ADC, CGN, and CFW

with integrated DDoS detectors work
in concert with Thunder TPS’ edge
flow-based detection and centralized
mitigation to enable full spectrum
DDoS resilience.

High Performance and Efficiency to Meet Growing Attack Scale

Thunder TPS provides solutions to protect organizations from attacks of all sizes, from 1 to 380 Gbps (or 3 Tbps in a list
synchronization cluster).

High-Performance Simultaneous
Protection Protected Objects

Select Thunder TPS models have high- To protect entire networks,

performance FPGA-based Flexible applications, and services, Thunder
Traffic Acceleration (FTA) technology to TPS simultaneously mitigates up to
immediately detect and mitigate up to 3,000 Zones with individual protection
60 common attack vectors in hardware policies that include thousands of hosts,
-- before data CPUs are involved. subnets, and services per zone. The
Thunder TPS supports protocol and scale of simultaneous mitigation helps
packet anomaly check and blocking of organizations apply granular controls to
up to 500 million packets per second protected objects and create profitable
(Mpps). Thunder TPS enforces highly DDoS scrubbing services.
granular traffic rates up to 100 ms
intervals. The enhanced vThunder TPS
running on KVM hypervisor provides
100 Gbps throughput in a single virtual
appliance and can be expanded to 800
Gbps with eight-way clustering.

6
 Complex Large Threat
Attack Mitigation at Scale Intelligence Class Lists

Thunder TPS tracks more than 27 traffic Eight lists, each containing up to 16
and behavioral indicators and can million entries, may be defined to utilize
apply escalating protocol challenges to data from intelligence sources, such
surgically differentiate attackers from valid as the A10 DDoS Weapons Intelligence
users for appropriate mitigation of up to Service, in addition to dynamically
256 million concurrent tracked sessions. generated entries of actionable black/
white lists.
Complex application attacks (e.g., HTTP,
DNS, etc.) are mitigated with advanced
parallel processing across a large
Zero-day
Attack Protection
number of CPU cores to maintain high-
performance system scaling, even for DDoS attackers continue to innovate
multi-vector attacks. their multi-vector attack arsenals with
new attack strategies. Thunder TPS ZAP
engine automatically recognizes DDoS
attack characteristics and dynamically
applies mitigation filters without advanced
configuration or manual intervention.

Full Control and Smart Automation for Agile Protection

For network operators, it is critical that a DDoS mitigation solution integrates easily into many network architectures.

Efficient Easy
Intelligent Automation Network Integration

No organization has unlimited resources With multiple performance options and

or the time for manual interventions. A10 flexible deployment models, Thunder
provides the industry’s most advanced TPS may be integrated into any network
intelligent automation capabilities, architecture of any size, including MPLS.
powered by machine learning throughout And with aXAPI, A10’s 100-percent
the entire protection lifecycle. programmable RESTful API, Thunder
TPS easily integrates into third-party
Operators define the networks to
detection solutions and into agile
protect, and A10 defenses do the rest
SecOps workflows.
based on the operator’s pre-defined
policies, including individual learned Leveraging open standards like BGP
detection threshold per monitored Blackhole and Flowspec functionality,
entity, automatic traffic redirection Thunder TPS mitigation integrates
orchestration, start of mitigation and easily with any DDoS detection
escalation, and extract and apply attack solution. Open APIs and networking
pattern filters. When the attack subsides, standards enable tight integration with
the network and defenses are returned other devices, including A10 threat
to peacetime posture and detailed detection partners, SDN controllers,
reports are generated for future analysis. and other security products.

7
 EFFECTIVE
Management

Thunder TPS supports an industry-standard CLI, on-box GUI, and the aGalaxy management system. The
CLI allows sophisticated operators easy troubleshooting and debugging. The intuitive on-box GUI enables
ease of use and basic graphical reporting. aGalaxy offers a comprehensive dashboard with advanced
reporting, mitigation console, and policy enforcement for multiple TPS devices.

aGalaxy is available with an optional integrated Thunder TPS detector that supports tightly integrated
interworking of Thunder TPS DDoS mitigation, flow-based DDoS detection, system-wide management, and
robust reporting.

Thunder 1.2 380 3 8x16M

7655 TPS by the Numbers
Tbps
HW Blocking
Gbps
Throughput
Tbps
Throughput in
Cluster
Threat Class
Lists

100 500 60 64K

GbE Mpps Hardware Protected
Ports Mitigations Objects

8
Thunder TPS Physical Appliance
Specifications

Thunder Thunder Thunder Thunder

Performance 1040 TPS 3040 TPS 4435 TPS 5845 TPS
Throughput (Software Scrubbing) *1
5 Gbps 10 Gbps 38 Gbps 100 Gbps

Hardware Blocking N/A N/A N/A 250 Gbps

Packets Rate (pps)*1 2.2 Million 4 Million 16 Million 25 Million

Software-based - SYN Authentication (pps) 2.2 Million 4 Million 16 Million 25 Million

Hardware-based - Anomaly Flood Blocking (pps) N/A N/A 55 Million 125 Million

Maximum Concurrent Sessions

8 Million 8 Million 32 Million 48 Million
(Asymmetric Deployment)

Average Latency 10 µs 10 μs 35 µs 50 µs

Minimum Rate Enforcement Interval 100 ms

Flow Detection Performance

Flows Per Second (fps) N/A 1 Million 3 Million 3 Million

Network Interface Hardware

Bypass Model

1 GE Copper 5 1 + 4 (Bypass) 6 0 0

1 GE Fiber (SFP) 0 0 2 0 0

1/10 GE Fiber (SFP+) 4*3 4*3 4 16 48

1/10 GE Fiber (Fixed) 2 (Optical

0 0 0 0
Bypass)*5

100 GE Fiber 0 0 0 0 4 (QSFP28)

Management Ports Ethernet Management Port, RJ-45 Console Port

Hardware Specifications
Processor Intel
Intel Xeon Intel Xeon Intel Xeon
Communications
4-core 10-core 18-core
Processor

Memory (ECC RAM) 16 GB 16 GB 64 GB 64 GB

Storage SSD SSD SSD SSD

Hardware Acceleration Software Software FTA-3, SPE 2 x FTA-4, SPE

Dimensions (Inches) 1.75 (H) x 17.5 (W) x 17.25 (D) 1.75 (H) x 17.5 (W) x 17.45 (D) 1.75 (H) x 17.5 (W) x 30 (D) 1.75 (H) x 17.5 (W) x 30 (D)

Rack Units (Mountable) 1U 1U 1U 1U

Unit Weight 14 lbs | 16 lbs (RPS) 20.6 lbs 34.5 lbs 34.3 lbs

Single 750W*4 Dual 600W RPS Dual 1100W RPS Dual 1500W RPS
Power Supply (DC option available)
80 Plus Platinum efficiency, 100-240 VAC, 50-60 Hz

Power Consumption (Typical/Max)*2 80W / 110W 180W / 240W 350W / 420W 585W / 921W

Heat in BTU/Hour (Typical/Max)*2 273 / 376 615 / 819 1,195 / 1,433 1,997 / 3,143

Cooling Fan Removable Fans Hot Swap Smart Fans

Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%

Regulatory Certifications FCC Class A, UL, CE, TUV,

FCC Class A, UL, CE, GS, FCC Class A, UL, CE, GS, FCC Class A, UL, CE,
CB, VCCI, CCC, MSIP,
CB, VCCI, CCC, KCC, BSMI, CB, VCCI, CCC, KCC, BSMI, GS, CB, VCCI, CCC, BSMI,
BSMI, RCM, EAC, NEBS |
RCM | RoHS RCM | RoHS RCM | RoHS
CC EAL2+, RoHS

Standard Warranty 90-Day Hardware and Software

9
Thunder TPS Physical Appliance Specifications (Cont.)

Thunder Thunder Thunder Thunder

7445 TPS 14045 TPS 14045 TPS 7655 TPS
Performance Single-Module Dual-Module

Throughput (Software Scrubbing)*1 220 Gbps 150 Gbps 300 Gbps 380 Gbps

Hardware Blocking 500 Gbps 500 Gbps 500 Gbps 1.2 Tbps

Packets Rate (pps)*1 50 Million 50 Million 100 Million 115 Milloin

Software-based - SYN Authentication (pps) 50 Million 50 Million 100 Million 115 Milloin

Hardware-based - Anomaly Flood Blocking (pps) 250 Million 220 Million 440 Million 500 Million

Maximum Concurrent Sessions

64 Million 128 Million 256 Million 256 Million
(Asymmetric Deployment)

Average Latency 60 µs 60 µs 60 µs 60 µs

Minimum Rate Enforcement Interval 100 ms

Flow Detection Performance

Flows Per Second (fps) 6 Million N/A N/A N/A

DNS Authoritative Cache Performance

DNS Queries Per Second (qps) 35 Million 35 Million N/A N/A

Network Interface
1/10 GE Fiber (SFP+) 48 0 0 0

40 GE Fiber (QSFP+) 0 4 4 0

100 GE Fiber 4 (QSFP28) 4 (CFP2 or QSFP28) 4 (CFP2 or QSFP28) 16 (QSFP28)

Management Ports Ethernet Management Port, RJ-45 Console Port +

Hardware Specifications
Processor 2 x Intel Xeon 2 x Intel Xeon 4 x Intel Xeon 2 x Intel Xeon
18-core 18-core 18-core 28-core

Memory (ECC RAM) 128 GB 256 GB 512 GB 384 GB

Storage SSD SSD SSD SSD

Hardware Acceleration 3 x FTA-4, SPE 4 x FTA-3, SPE 8 x FTA-3, SPE 2 x FTA-5, SPE

Dimensions (Inches) 1.75 (H) x 17.5 (W) x 30 (D) 5.3 (H) x 16.9 (W) x 30 (D) 5.3 (H) x 16.9 (W) x 30 (D) 2.625 (H) x 17.5 (W) x 30 (D)

Rack Units (Mountable) 1U 3U 3U 1.5U

Unit Weight 35.7 lbs 80 lb 102 lbs 44.2 lbs

Dual 1500W RPS 2+2 1100W RPS 2+2 1100W RPS Dual 1500W RPS
Power Supply (DC option available)
80 Plus Platinum efficiency, 100-240 VAC, 50-60 Hz

Power Consumption (Typical/Max)*2 784W / 1,078W 1,000W / 1,200W 1,700W / 2,000W 1,121W / 1,300W

Heat in BTU/Hour (Typical/Max) *2

2,676 / 3,679 3,412 / 4,095 5,801 / 6,825 3,826 / 4,436

Cooling Fan Hot Swap Smart Fans

Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%

Regulatory Certifications
FCC Class A, UL, CE, GS, FCC Class A, UL, CE, GS,
FCC Class A, UL, CE, GS, CB, VCCI, CQC, KCC,
CB, VCCI, CCC, BSMI, CB, VCCI, CCC, BSMI,
BSMI, RCM | RoHS
RCM | RoHS RCM | RoHS

Standard Warranty 90-Day Hardware and Software

The specifications and performance numbers are subject to change without notice, and vary depending on configuration and environmental conditions.
As for network interface, it’s highly recommended to use A10 Networks qualified optics/transceivers to ensure network reliability and stability.
*1 Throughput performances are traffic-forwarding capacity and measured with legitimate traffic with DDoS protection enabled.
*2 With base model | *3 10Gbps speed only | *4 Optional RPS available | *5 Fixed SFP+ optical ports with dual rate (10GBASE-SR and 1000BASE-SX)
^ Certification in process  |  + Thunder 14045 comes with a splitter cable for console to provide access to both modules

10
Thunder TPS Virtual Appliance
Specifications

vThunder TPS

Supported Hypervisors VMware ESXi 5.5 or higher

KVM QEMU 2.5 or higher (SR-IOV)
Microsoft Hyper-V on Windows Server 2008 R2 or higher

Hardware Requirements See Installation Guide

Standard Warranty 90-Day Software

vThunder TPS License and Sizing Recommendations

Throughput Lab/1/2/5 Gbps 40 Gbps*2 100 Gbps*3

vCPU 6 8 24

vRAM 16 GB 16 GB 64 GB

vDisk 60 GB 60 GB 100 GB

Licence Types Bandwidth license

FlexPool FlexPool
(per instance)

Hypervisors ESXi, KVM, Hyper-V*1 ESXi, KVM KVM

*1 5 Gbps license not recommended for Microsoft Hyper-V

*2 Tested with vThunder TPS running on KVM with Intel XL-710 NIC (SR-IOV enabled)
*3 General availability in H2 2021. Tested with vThunder TPS running on KVM with Mellanox Connect X-5 NIC (SR-IOV enabled)

vThunder TPS Detector Flow Detection Performance*

Flows per Second (fps) 150K 500K 1.5M

vCPU 2 3 5

vRAM 16 GB 32 GB 64 GB

vDisk 40 GB 40 GB 40 GB

* Using vThunder TPS Standalone Detector image.

11
Detailed Feature List
Features may vary by appliance

Detection/Analysis Resource Attack Protection • Packet size validation

(ping of death)
• In-line packet-based • Fragmentation attack
DDoS detection • POODLE attack
• Slowloris
• Out-of-band flow-based DDoS • TCP/UDP/SSL/ICMP flood
• Slow GET/POST
detection protection
• Long form submission
• Distributed detection • Per-connection traffic control
• SSL renegotiation
• Individual detection policies for
• TCP progression tracking
more than 256K servers and Challenge-based
services Authentication
• Continuous behavioral learning Application Attack • TCP SYN cookies, SYN
• Manual and learned thresholds Protection authentication

• Protocol anomaly detection • Application-aware filter • ACK authentication

• Inspection within IPinIP (e.g., • Regular expression filter (TCP/ • Spoof detection
networking, encapsulation) UDP/HTTP/SIP)
• DNS authentication
• Black/white lists • HTTP request rate limit (per URI)
• HTTP challenge
• Traffic indicator and top talkers • DNS request rate limit (per type,
FQDN, label count)
• Mitigation console Protected Objects
• SIP request limit (per type)
• Packet debugger tool • Protected zones for automated
• Application request malformed
• Top-k insights (source, detection and mitigation
check (DNS/HTTP/SIP)
destination) • Source/destination IP address/
• DNS domain-list
• Outbound detection subnet
• HTTP/S protocol compliance
• Source and destination IP pair
• Application (DNS/HTTP/SIP) flood
DDoS Threat Intelligence protection
• Destination port
Service • Source port
• Signature-based IPS
• Dynamically updated threat • Protocol (e.g., HTTP, DNS, SIP, TCP,
intelligence feed • QUIC version control and
UDP, ICMP and others)
malformed header check
• IP addresses of reflected • Class list/geolocation
amplification weapons • Packet watermarking (UDP) for
gaming traffic • Passive mode
• IP addresses of DDoS botnets
• Outbound mitigation symmetric
deployment
Protocol Attack Protection
Zero-Day Automated
• Invalid packets
Protection Non-Stop DNS Solution
• Anomalous TCP flag combinations
• Machine Learning powered attack • Act as Authoritative DNS cache
(no flag, SYN-FIN, SYN frag,
pattern recognition and filtering
LAND attack) • Seamless layered protection with
• Prevent zero-day attacks TPS mitigation
• SYN-ACK amplification attack
• No pre-configuration or manual protection • DNS water torture protection
intervention
• IP options • Selective and customizable
• Fast, automated response response/ forward

12
Detailed Feature List (Cont.)

Actions Networking and Deployment High-Performance,

• Capture packet • Proactive, Reactive, Asymmetric, Scalable Platform
• Run script Symmetric, Out-of-Band (TAP) • Advanced Core Operating System
• Transparent (L2), routed (L3) (ACOS)
• Drop
• Virtual wire - Linear application scaling
• TCP reset
• Routing: static routes, BGP4+, - ACOS on data plane
• Dynamic authentication
OSPF, OSPFv3, IS-IS • Linux on control plane
• Add to black list
• Bidirectional Forwarding • IPv6 feature parity
• Add to white list Detection (BFD)
• Security policy engine (SPE)
• Log • VLAN (802.1Q) enabling hardware acceleration
• Limit concurrent connections • Trunking (802.1AX), LACP for policy enforcement*
• Limit connection rate • Access control lists (ACLs) • High performance hardware
• Limit traffic rate (pps/bps) blocking*
• Network Address Translation (NAT)
• Forward to other device • MPLS traffic protection
• Remote-Triggered Black Hole Carrier-Grade Hardware*
• BGP route injection, FlowSpec
(RTBH) • Advanced hardware architecture
• IPinIP (source and terminate)
• BGP Flowspec • Hot-swap Redundant Power
• GRE tunnel interface Supplies (AC and DC)
• VXLAN • Smart Fans (hot swap)
Management
• Dedicated on-box management • Solid-state drive (SSD)
interface (GUI, CLI, SSH, Telnet) Telemetry • Tamper detection
• aGalaxy for comprehensive • Rich traffic and DDoS statistics
• 40 GbE and 100 GbE ports
management counters

• SNMP, syslog, email alerts • sFlow v5

Security and Capability
• NetFlow (e.g., v9, IPFIX)
• REST API (aXAPI) or SDK Assurance Certifications*
• LDAP, TACACS+, RADIUS support • Custom counter blocks for flow-
• Common Criteria EAL 2+
based export
• Configurable control CPUs • FIPS 140-2 Level 2 Compliance
• High-speed logging
(Thunder 14045)
• CEF logging
• FIPS 140-1 Level 1 Compliance (all)

*Features and certifications may vary by appliance.

Learn More ©2021 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, A10 Thunder, Thunder
TPS, A10 Lightning, A10 Harmony, and SSL Insight are trademarks or registered trademarks of A10 Networks, Inc. in
About A10 Networks the United States and other countries. All other trademarks are property of their respective owners. A10 Networks
assumes no responsibility for any inaccuracies in this document. A10 Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice. For the full list of trademarks, visit: www.a10networks.
Contact Us com/a10-trademarks.

a10networks.com/contact Part Number: A10-DS-15101-EN-30 FEB 2021

13