x
Mobile security

A10 Brings the Thunder for DDoS Protection

A10 introduced a security appliance to protect networks against DDoS attacks, claiming faster performance, a smaller form factor, and more simplified licensing than competition from Cisco and Juniper.

The Thunder SPE appliance is designed to provide up to 40% performance improvement over A10 Networks Inc. 's high-end 6430 system. The appliance runs A10's Security and Policy Engine, along with security and processing hardware to allow the appliance to continue providing full functionality even when the network is under high-volume DDoS attacks, without diminishing system performance, A10 says. The SPE appliance can handle 155 Gpb/s throughput.

The SPE appliance can perform any policy-based networking actions in hardware and can work in cloud environments where policies change frequently, A10 says.

The appliance is available immediately, priced at $164,000, and works with all A10 product lines.

A10 is also integrating DDoS protection into its Thunder CGN (Carrier Grade Networking) products, providing IPv4 address extension and IPv6 migration capabilities.

Kishore Inampudi, director product marketing for A10, says the SPE appliance offers superior performance in a much smaller form factor than Cisco Systems Inc. (Nasdaq: CSCO)'s competitive offerings, which require 7-8 RU to achieve the same performance as A10's 1 RU box, with associated increased power consumption and cooling costs for the Cisco unit. Juniper Networks Inc. (NYSE: JNPR)'s equivalent product also has a bigger form factor.

"Both Juniper and Cisco have bigger form factors, primarily because of their business model," he says. "They are selling a router or switch to solve this problem." Cisco and Juniper use blades to add additional capabilities.

Both Cisco's and Juniper's licensing are more complex than A10's, Inampudi says. Cisco offers a multi-protocol pricing plan, while Juniper prices are based on performance levels.

A10 introduced Thunder Series Layer 4-7 network appliances designed to help operators make the transition to 100G and IPv6 in April, and it entered the DDoS protection market in January. The company's IPO sputtered in March, but it said its revenues "leaped" in May. (See A10 Helps With 100G, IPv6 Transitions, A10 Enters DDOS Protection Market, A10 IPO Sputters Off the Ground, and A10 Networks Reports Revenues Leap in Q1 .)

The SPE appliance illustrates a potential problem for network functions virtualization -- performance. NFV calls for moving network capabilities, like DDoS protection, off appliances like the SPE and on to commodity servers. A potential problem with that proposition is that specialized appliances offer performance lacking in commodity servers. Appliances may simply be more suitable for carrier networks. Broadcom is touting a hybrid approach for that reason. (See Broadcom Touts Hybrid Hardware Approach to NFV.)

— Mitch Wagner, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profileFollow me on Facebook, West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to [email protected]

jabailo 7/15/2014 | 2:18:05 PM
Re: How...? I guess a dumb DDOS attack would be -- single computer calling their server repeatedly.

Semi-smart would be multiple computers.

Super smart would be multiple computers with bots using staggered time schedules to simulate real users.

Of course, it would have to be a site that a person would call multiple times per day, or else you could just count the number of requests per IP address and shut down access at the firewall.

 
Mitch Wagner 7/15/2014 | 1:09:12 PM
Re: How...? jabailo - Good question. I presume there is some kind of pattern to the attacks which smart protection systems can discern. 

One brute-force method of protecting against attacks is to just pile on more network capacity. That does not seem to be what's happening here.
jabailo 7/15/2014 | 10:35:17 AM
How...? How exactly can you protect against DDOS attacks?   Don't they come as standard requests but from bots installed on client systems all over the Internet?  How would you distinguish say, a DDOS call to your home page from a user just browsing it?

 
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE