DATA SHEET

THUNDER TPS
DDOS DETECTION, MITIGATION & CLOUD PROTECTION

A10 Thunder TPS® (Threat Protection System) is the world’s

highest-performance DDoS protection solution, leading the
PRODUCTS AND
industry in precision, intelligent automation, scalability, SERVICES
and performance.

THUNDER TPS
Physical Appliance

SURGICAL MULTI-VECTOR V

DDOS PROTECTION vTHUNDER TPS

Virtual Appliance

Ensuring availability of business services These capabilities provide the context,

requires organizations to rethink how to build packet level granularity and visibility needed
scalable DDoS defenses that can surgically to thwart today’s sophisticated attacks.
distinguish an attacker from a legitimate user. The One-DDoS Protection detectors work
DDOS PROTECTION
in concert with A10 Networks aGalaxy® Cloud
New threat vectors have changed the breadth,
Centralized Management System and
intensity, and complexity of options available
Thunder TPS for centralized mitigation
to attackers. Today’s attacks have evolved,
that delivers fast and cost-effective DDoS
and now include DDoS toolkits, weaponized
resilience.
IoT devices, online DDoS services, and aGALAXY
Management
more. Established solutions, which rely on When attacks grow beyond an organization’s
ineffective signature-based IPS or only traffic bandwidth capacity, traffic can be diverted
rate-limiting, are no longer adequate. to the A10 DDoS Protection Cloud service to
defend against volumetric attacks.

TALK
Thunder TPS scales to defend against the
DDoS of Things and traditional zombie A10 Networks is available when you need
botnets and detects DDoS attacks through help most. A10 support provides 24x7x365
high-resolution packets or flow record services, including the A10 DSIRT (DDoS
WITH A10
analysis from edge routers and switches. Security Incident Response Team) to help you
Unlike outdated DDoS defense products, understand and respond to DDoS incidents
WEB
A10 Networks’ defenses include detection and orchestrate cloud scrubbing. A10 [Link]/tps
capabilities across key networks elements Threat Intelligence Service leverages global
including A10 Thunder® ADC, CGN and CFW. knowledge to proactively stop bad actors. CO NTACT US
[Link]/
contact

1
BENEFITS

MAINTAIN
SERVICE AVAILABILITY

Downtime results in immediate productivity and revenue loss for any business. Thunder TPS ensures
service availability by automatically spotting anomalies across the traffic spectrum and mitigating
multi-vector DDoS attacks.

DEFEAT
GROWING ATTACKS

Thunder TPS protects the largest, most-demanding network environments. Thunder TPS offloads common
attack vectors to specialized hardware, allowing its powerful multicore CPUs to distinguish legitimate users
from attacking botnets and complex application-layer attacks that require resource-intensive deep packet
inspection (DPI).

SCALABLE
PROTECTION

Select Thunder TPS hardware models benefit from our Security and Policy Engine (SPE) hardware acceleration,
leveraging FPGA-based FTA technology and other hardware-optimized packet-processing for highly scalable
flow distribution and hardware DDoS protection capabilities.

DEPLOY
WARTIME SUPPORT

No organization has unlimited trained personnel or resources during real-time DDoS attacks. Thunder TPS
supports five levels of programmatic mitigation escalation and de-escalation per protected zone. Remove the
need for frontline personnel to make time-consuming manual changes to escalating mitigation strategies and
improve response times during attacks. Administrators have the option to manually intervene and coordinate
with A10’s DDoS Security Incident Response Team (DSIRT) at any stage of an attack.

$
REDUCE
SECURITY OPEX

Thunder TPS is extremely efficient. It delivers high performance in a small form factor to reduce OPEX with
significantly lower power usage, rack space, and cooling requirements.

2
REFERENCE ARCHITECTURES

PROACTIVE MODE
Clean Traffic (ASYMMETRIC OR SYMMETRIC)

Thunder TPS Firewall

Services Proactive mode provides continuous,
Edge Router
comprehensive detection and fast mitigation.
API
aGalaxy This mode is most useful for real-time
REST API,
environments where the user experience is
A10 DDoS sFlow, UI
Protection Cloud Syslogs critical, and for protection against application-
(Hybrid) layer attacks. TPS supports L2 or L3 inpath
GUI, REST API
deployments. A10 DDoS Protection Cloud
provides protection against volumetric attacks
that exceed an organization’s internet bandwidth.

REACTIVE MODE
aGalaxy
API Communication
Larger networks benefit from on-demand
mitigation, triggered manually or by flow
analytical systems. TPS fits in any network
API, sFlow, configuration with integrated BGP and other
Flow-based Detection Thunder TPS
Syslogs routing protocols. This eliminates the need for
Suspected any additional diversion and re-injection routers.
Traffic
Clean
UI A10 Networks partners with the industry’s
BGP Traffic leading visibility and DDoS detection companies
GUI, REST API to provide additional flexibility for creating best-
Flow
Information of-class solutions for each customer’s unique
business needs. The flow-detection partner
companies leverage Thunder TPS’ open RESTful
API (aXAPI® and aGAPI®), to create tightly
Edge Router Access Router Firewall Services integrated monitoring solutions that include
visibility, detection and reporting.

API, sFlow,
aGalaxy Syslog

Thunder TPS
Suspected
Traffic
UI REACTIVE DEPLOYMENT WITH
Clean Traffic THUNDER TPS DETECTOR
BGP
Flow GUI, REST API
Information
Thunder TPS Detector is available as a
standalone appliance or integrated with aGalaxy
5000. The flow-based DDoS detector supports
tightly integrated interworking with aGalaxy
Edge Router Access Router Firewall Services
management and Thunder TPS mitigation for a
complete reactive DDoS defense solution.

3
REFERENCE ARCHITECTURES

UI

GUI, REST API

Dectection Signaling

Traditional API, sFlow, Syslogs

Scrubbing Thunder CFW
Center
aGalaxy Thunder TPS
with Detection
Data Center
Distributed Detection with
Suspected Clean
One-DDoS Protection
Traffic BGP Traffic

One-DDoS Protection provides full spectrum

DDoS protection by placing detection capabilities
Thunder CGN
Edge Router Access Router with Detection Subscribers across key networks elements including A10’s
Thunder ADC, CGN and CFW. These capabilities
provides the context, packet level granularity and
APP visibility needed to thwart today’s sophisticated
Thunder ADC
targeted attacks. The distributed DDoS detectors
with Detection
Critical Services
work in concert with aGalaxy and Thunder TPS
for centralized mitigation that delivers fast and
cost effective DDoS resilience.

All Traffic

Duplicated
Edge Router Traffic Access Router Service

OUT-OF-BAND (TAP) MODE

Thunder TPS

The out-of-band mode is used when packet-based

DDoS detection and monitoring are required.

4
FEATURES
A10 Thunder TPS is the world’s highest-performance DDoS protection solution. It detects and mitigates multi-vector
DDoS attacks with surgical precision while providing unprecedented performance, scalability, and deployment flexibility.

FULL SPECTRUM DDOS PROTECTION FOR SERVICE AVAILABILITY

A10 Thunder TPS detects and mitigates broad levels of attacks, even if multiple attacks hit the network simultaneously.

COMPLETE SOLUTION
FOR FLEXIBLE DEPLOYMENTS

Thunder TPS DDoS solutions provides a complete solution for DDoS defenses in proactive always-on or on-
demand reactive modes to meet their business objectives. Thunder TPS can be deployed in L2 or L3 inpath
modes with full IPv4 and IPv6 support. On-demand reactive DDoS detection is facilitated with the collection
and analysis of exported flow data records from routers and switches. The Thunder TPS detector applies
always-on adaptive learning to build peacetime profiles for protected servers and services, based on 17
flow record traffic indicators to spot anomalous behavior. When an attack is detected, aGalaxy instructs
Thunder TPS to initiate a BGP route redirection for the suspicious traffic. Then TPS applies the appropriate
countermeasures using a progressive auto mitigation level escalation technique before delivering the clean
traffic to the intended destination.

MULTI-VECTOR ZAP
ATTACK PROTECTION ZERO-DAY AUTOMATED PROTECTION

Detect and mitigate DDoS attacks The ZAP engine utilizes heuristic and
of many types, including volumetric, machine learning automatically discover
protocol, or resource attacks; mitigation filters without advanced
application-level attacks; or IoT- configuration or manual intervention.
based attacks. Hardware acceleration ZAP speeds the response time against
offloads the CPUs and makes Thunder increasingly sophisticated multi-vector
TPS particularly adept to deal with attacks while minimizing downtime and
simultaneous multi-vector attacks. errors and lower operating costs.

HYBRID NON-STOP DNS

DDOS PROTECTION
DNS AUTHORITATIVE DNS CACHE

Thunder TPS on-premise protection A10 Thunder TPS can be configured as a

works in concert with the A10 DDoS high-performance DNS authoritative cache,
Protection Cloud service to provide enabling Thunder TPS’ Non-stop DNS
full-spectrum protection against attacks operational mode to cache common DNS
of any type. The service is backed records and respond to queries at rates of
by purpose-built, globally distributed up to 35M queries per second. Non-stop
scrubbing centers scaled to handle the DNS can also work in conjunction with
largest known DDoS volumetric attacks, Thunder TPS DDoS defenses to create a
all orchestrated by A10 DSIRT. highly resilient DNS service.

5
 ONE-DDOS A10 DDOS THREAT
PROTECTION INTELLIGENCE
LAYERED, DISTRIBUTED DETECTION
Threat intelligence data from more than
One-DDoS Protection provides the three dozen security intelligence sources,
freshest approach to full-spectrum including DShield and Shadowserver, is
DDoS defense, placing detection included with support, enabling Thunder
capabilities across key network elements TPS to instantly recognize and block traffic
closest to the targeted elements of the to and from known malicious sources. The
infrastructure. This provides the context, service includes millions of current and
packet level granularity, and visibility accurate IP addresses of DDoS weapons
needed to thwart today’s sophisticated used regularly in reflected amplification
targeted attacks. attacks and crippling IoT botnet attacks.

A10 Thunder ADC, CGN, and CFW with

integrated DDoS detectors work in concert
with Thunder TPS’ edge flow-based
detection and centralized mitigation to
enable full spectrum DDoS resilience.

HIGH PERFORMANCE AND EFFICIENCY TO MEET GROWING ATTACK SCALE

Thunder TPS provides solutions to protect organizations from attacks of all sizes, from 1 to 300 Gbps (or 2.4 Tbps in a list
synchronization cluster).

HIGH- SIMULTANEOUS
PERFORMANCE PROTECTED OBJECTS

PROTECTION To protect entire networks,

applications, and services, Thunder
Select Thunder TPS models have
TPS simultaneously mitigates up to
high-performance FPGA-based Flexible
3,000 Zones with individual protection
Traffic Acceleration (FTA) technology to
policies that include thousands of hosts,
immediately detect and mitigate up to
subnets, and services per zone. The
60 common attack vectors in hardware
scale of simultaneous mitigation helps
-- before data CPUs are involved. Thunder
organizations apply granular controls to
TPS supports protocol and packet
protected objects and create profitable
anomaly check and forwarding of up to
DDoS scrubbing services.
440 million packets per second (Mpps).
Thunder TPS enforces highly granular
traffic rates up to 100 ms intervals.

6
 COMPLEX LARGE THREAT
ATTACK MITIGATION AT SCALE INTELLIGENCE CLASS LISTS
Thunder TPS tracks more than 27 Eight lists, each containing up to 16
traffic and behavioral indicators and can million entries, may be defined to utilize
apply escalating protocol challenges to data from intelligence sources, such
surgically differentiate attackers from valid as the A10 Threat Intelligence Service,
users for appropriate mitigation of up to in addition to dynamically generated
128 million concurrent tracked sessions. entries of actionable black/white lists.

Complex application attacks (e.g.,

HTTP, DNS, etc.) are mitigated with ZERO-DAY
advanced parallel processing across a ATTACK PROTECTION
large number of CPU cores. Embedded
DDoS attackers continue to innovate
SSL security processors offload CPU-
their multi-vector attack arsenals with
intensive tasks and mitigate SSL/
new attack strategies. Thunder TPS ZAP
TLS-based attacks to maintain high-
engine automatically recognizes DDoS
performance system scaling, even for
attack characteristics and dynamically
multi-vector attacks.
applies mitigation filters without
advanced configuration or manual
intervention.

FULL CONTROL AND SMART AUTOMATION FOR AGILE PROTECTION

For network operators, it is critical that a DDoS mitigation solution integrates easily into many network architectures.

EFFICIENT EASY
INTELLIGENT AUTOMATION NETWORK INTEGRATION

No organization has unlimited resources With multiple performance options and

or the time for manual interventions. A10 flexible deployment models, Thunder
provides the industry’s most advanced TPS may be integrated into any network
intelligent automation capabilities, architecture of any size, including MPLS.
powered by machine learning throughout And with aXAPI, A10’s 100-percent
the entire protection lifecycle. programmable RESTful API, Thunder
TPS easily integrates into third-party
Operators define the networks to
detection solutions and into agile
protect, and A10 defenses do the rest
SecOps workflows.
based on the operator’s pre-defined
policies, including individual learned Leveraging open standards like BGP
detection threshold per monitored Blackhole and Flowspec functionality,
entity, automatic traffic redirection Thunder TPS mitigation integrates
orchestration, start of mitigation and easily with any DDoS detection solution.
escalation, and extract and apply attack Open APIs and networking standards
pattern filters. When the attack subsides, enable tight integration with other
the network and defenses are returned devices, including A10 threat detection
to peacetime posture and detailed partners, SDN controllers, and other
reports are generated for future analysis. security products.

7
 EFFECTIVE
MANAGEMENT

Thunder TPS supports an industry-standard CLI, on-box GUI, and the aGalaxy management system. The
CLI allows sophisticated operators easy troubleshooting and debugging. The intuitive on-box GUI enables
ease of use and basic graphical reporting. aGalaxy offers a comprehensive dashboard with advanced
reporting, mitigation console, and policy enforcement for multiple TPS devices.

aGalaxy is available with an optional integrated Thunder TPS detector that supports tightly integrated
interworking of Thunder TPS DDoS mitigation, flow-based DDoS detection, system-wide management, and
robust reporting.

THUNDER
500 300 2.4 8x16M
14045 TPS
BY THE NUMBERS
Gbps
HW Blocking
Gbps
Throughput
Tbps
Cluster
Threat Class
Lists

100 440 60 64K

GbE Mpps Hardware Protected
Ports Mitigations Objects

8
THUNDER TPS PHYSICAL APPLIANCE

THUNDER THUNDER THUNDER THUNDER

1040 TPS 1040 TPS 3040 TPS 4435 TPS
PERFORMANCE HARDWARE BYPASS

Throughput (Software Scrubbing)*1 5 Gbps 5 Gbps 10 Gbps 38 Gbps

Packets Rate (pps) *1

2.5 Million 2.5 Million 4.5 Million 20 Million

Software-based - SYN Authentication (pps) 2.5 Million 2.5 Million 4.5 Million 20 Million

Hardware-based - Anomaly Flood Blocking (pps) N/A N/A N/A 55 Million

Maximum Concurrent Sessions

8 Million 8 Million 8 Million 32 Million
(Asymmetric Deployment)

Average Latency 10 µs 10 µs 10 µs 35 µs

Minimum Rate Enforcement Interval 100 ms

FLOW DETECTION PERFORMANCE

Flows Per Second (fps) N/A N/A 1 Million 3 Million

NETWORK INTERFACE
1 GE Copper 5 1 + 4 (Bypass) 6 0

1 GE Fiber (SFP) 0 0 2 0

1/10 GE Fiber (SFP+) 4 4 4 16

1/10 GE Fiber (Fixed) 0 2 (Optical Bypass)*5 0 0

Management Ports 1 x Ethernet Management Port, 1 x RJ-45 Console Port

HARDWARE SPECIFICATIONS
Processor Intel Intel
Intel Xeon
Communications Communications Intel Xeon 10-core
4-core
Processor Processor

Memory (ECC RAM) 16 GB 16 GB 16 GB 64 GB

Storage SSD SSD SSD SSD

Hardware Acceleration Software Software Software FTA-3, SPE

Dimensions (Inches) 1.75 (H) x 17.5 (W) 1.75 (H) x 17.5 (W) 1.75 (H) x 17.5 (W) x
1.75 (H) x 17.5 (W) x 30 (D)
x 17.25 (D) x 17.25 (D) 17.45 (D)

Rack Units (Mountable) 1U 1U 1U 1U

Unit Weight 14 lbs 15 lbs

20.6 lbs 34.5 lbs
16 lbs (RPS) 17 lbs (RPS)

Single 750W*4 Single 750W*4 Dual 600W RPS Dual 1100W RPS
Power Supply (DC option available)
80 Plus Platinum efficiency, 100-240 VAC, 50-60 Hz

Power Consumption (Typical/Max)*2 80W / 110W 80W / 110W 180W / 240W 350W / 420W

Heat in BTU/Hour (Typical/Max)*2 273 / 376 273 / 376 615 / 819 1,195 / 1,433

Cooling Fan Removable Fans Removable Fans Hot Swap Smart Fans

Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%

Regulatory Certifications FCC Class A, UL, CE, TUV,

FCC Class A, UL, CE, TUV, FCC Class A, UL, CE, TUV, FCC Class A, UL, CE,
CB, VCCI, CCC, MSIP,
CB, VCCI, CCC^, BSMI^, CB, VCCI, CCC^, BSMI^, GS, CB, VCCI, CCC, KCC,
BSMI, RCM, EAC, NEBS |
RCM^ | RoHS RCM^ | RoHS BSMI, RCM | RoHS
CC EAL2+, RoHS

Standard Warranty 90-Day Hardware and Software

9
Thunder TPS Physical Appliance Specifications (Cont.)

THUNDER THUNDER THUNDER THUNDER

PERFORMANCE
5845 TPS 7445 TPS 14045 TPS 14045 TPS
SINGLE MODULE DUAL MODULE

Throughput (Software Scrubbing)*1 100 Gbps 220 Gbps 150 Gbps 300 Gbps

Hardware Blocking 250 Gbps 500 Gbps 500 Gbps 500 Gbps*6

Packets Rate (pps) *1

28 Million 60 Million 60 Million 120 Million

Software-based - SYN Authentication (pps) 28 Million 60 Million 60 Million 120 Million

Hardware-based - Anomaly Flood Blocking (pps) 125 Million 250 Million 220 Million 440 Million

Maximum Concurrent Sessions

48 Million 64 Million 128 Million 256 Million
(Asymmetric Deployment)

Average Latency 50 µs 50 µs 60 µs 60 µs

Minimum Rate Enforcement Interval 100 ms

FLOW DETECTION PERFORMANCE

Flows Per Second (fps) 3 Million 6 Million N/A N/A

DNS AUTHORITATIVE CACHE PERFORMANCE

DNS Queries Per Second (qps) N/A 35 Million 35 Million N/A

NETWORK INTERFACE
1/10 GE Fiber (SFP+) 48 48 0 0

40 GE Fiber (QSFP+) 0 0 4 4

100 GE Fiber 4 (QSFP28) 4 (QSFP28) 4 (CFP2 or QSFP28) 4 (CFP2 or QSFP28)

Management Ports 1 x Ethernet Management Port, 1 x RJ-45 Console Port +

HARDWARE SPECIFICATIONS
Processor
Intel Xeon 18-core 2 x Intel Xeon 18-core 2 x Intel Xeon 18-core 4 x Intel Xeon 18-core

Memory (ECC RAM) 64 GB 128 GB 256 GB 512 GB

Storage SSD SSD SSD SSD

Hardware Acceleration 2 x FTA-4, SPE 3 x FTA-4, SPE 4 x FTA-3, SPE 8 x FTA-3, SPE

Dimensions (Inches) 1.75 (H) x 17.5 (W) x 30 (D) 1.75 (H) x 17.5 (W) x 30 (D) 5.3 (H) x 16.9 (W) x 30 (D) 5.3 (H) x 16.9 (W) x 30 (D)

Rack Units (Mountable) 1U 1U 3U 3U

Unit Weight 34.3 lbs 35.7 lbs 80 lbs 102 lbs

Dual 1500W RPS Dual 1500W RPS 2+2 1100W RPS 2+2 1100W RPS
Power Supply (DC option available)
80 Plus Platinum efficiency, 100-240 VAC, 50-60 Hz

Power Consumption (Typical/Max)*2 585W / 921W 784W / 1,078W 1,000W / 1,200W 1,700W / 2,000W

Heat in BTU/Hour (Typical/Max)*2 1,997 / 3,143 2,676 / 3,679 3,412 / 4,095 5,801 / 6,825

Cooling Fan Hot Swap Smart Fans

Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%

Regulatory Certifications
FCC Class A, UL, CE, GS, FCC Class A, UL, CE, GS, FCC Class A, UL, CE, GS, FCC Class A, UL, CE, GS,
CB, VCCI, CCC^, BSMI, CB, VCCI, CCC^, BSMI, CB, VCCI,  CQC, CCC^, CB, VCCI,  CQC, CCC^,
RCM | RoHS^ RCM | RoHS^ KCC,  BSMI, RCM  | RoHS KCC,  BSMI, RCM  | RoHS

Standard Warranty 90-Day Hardware and Software

The specifications and performance numbers are subject to change without notice, and vary depending on configuration and environmental conditions.
As for network interface, it’s highly recommended to use A10 Networks qualified optics/transceivers to ensure network reliability and stability.
*1 Throughput performances are traffic-forwarding capacity and measured with legitimate traffic with DDoS protection enabled.
*2 With base model. The value may vary with SSL options. | *4 Optional RPS available  |  *5 Fixed SFP+ optical ports with dual rate (10GBASE-SR
and 1000BASE-SX)   |  *6 Available in Q4 2019 | ^ Certification in process  | + Thunder 14045 comes with a splitter cable for console to provide access to
both modules

10
vTHUNDER TPS VIRTUAL APPLIANCE

vTHUNDER TPS

Supported Hypervisors VMware ESXi 5.5 or higher

Microsoft Hyper-V on Windows Server 2008 R2 or higher

Hardware Requirements See Installation Guide

Standard Warranty 90-Day Software

Bandwidth Licenses 1 Gbps 2 Gbps 5 Gbps

VMware ESXi
*
Microsoft Hyper-V

Lab license is also available | * 5 Gbps license not recommended for Microsoft Hyper-V

DETAILED FEATURE LIST

Features may vary by appliance.

Detection/Analysis DDoS Threat Intelligence Service Application Attack Protection

• In-line packet-based • Dynamically updated threat • Application-aware filter
DDoS detection intelligence feed • Regular expression filter (TCP/
• Out-of-band flow-based DDoS • IP addresses of reflected UDP/HTTP/SIP)
detection amplification weapons • HTTP request rate limit (per URI)
• Distributed detection • IP addresses of DDoS botnets • DNS request rate limit (per type)
• Individual detection policies for
Zero-Day Automated Protection • SIP request limit (per type)
more than 256K servers and
services • Dynamically discover and apply • Application request malformed
attack pattern filters check (DNS/HTTP/SIP)
• Continuous behavioral learning
• Prevent zero-day attacks • DNS domain-list
• Manual and learned thresholds
• No pre-configuration or manual • HTTP/S protocol compliance
• Protocol anomaly detection
intervention • Application (DNS/HTTP/SIP) flood
• Inspection within IPinIP (e.g., protection
• Fast, automated response
networking, encapsulation)
• Signature-based IPS
• Black/white lists Resource Attack Protection
• Traffic indicator and top talkers • Fragmentation attack
• Mitigation console • Slowloris
• Packet debugger tool • Slow GET/POST
• Long form submission
• SSL renegotiation

11
Detailed Feature Lists (Cont.)

Protocol Attack Protection Protected Objects Management

• Invalid packets • Protected zones for automated • Dedicated on-box management
• Anomalous TCP flag combinations detection and mitigation interface (GUI, CLI, SSH, Telnet)
(no flag, SYN/FIN, SYN frag, • Source/destination IP address/ • aGalaxy for comprehensive
LAND attack) subnet management**
• IP options • Source and destination IP pair • SNMP, syslog, email alerts
• Packet size validation • Destination port • REST API (aXAPI) or SDK
(ping of death) • Source port • LDAP, TACACS+, RADIUS support
• POODLE attack • Protocol (e.g., HTTP, DNS, SIP, TCP, • Configurable control CPUs
• TCP/UDP/ICMP flood protection UDP, ICMP and others)
• Per-connection traffic control • Class list/geolocation Networking and Deployment
• Passive mode • Proactive, Reactive, Asymmetric,
Challenge-based Authentication Symmetric, Out-of-Band (TAP)

• TCP SYN cookies, SYN Actions • Transparent (L2), routed (L3)

authentication • Capture packet • Routing: static routes, BGP4+,
• ACK authentication OSPF, OSPFv3, IS-IS
• Run script
• Spoof detection • Bidirectional Forwarding
• Drop
Detection (BFD)
• SSL authentication* • TCP reset
• VLAN (802.1Q)
• DNS authentication • Dynamic authentication
• Trunking (802.1AX), LACP
• HTTP challenge • Add to black list
• Access control lists (ACLs)
• Add to white list
• Network Address Translation
Telemetry • Log (NAT)
• Rich traffic and DDoS statistics • Limit concurrent connections • MPLS traffic protection
counters
• Limit connection rate • BGP route injection, FlowSpec
• sFlow v5
• Limit traffic rate (pps/bps) • IPinIP (source and terminate)
• NetFlow (e.g., v9, IPFIX)
• Forward to other device • GRE tunnel interface
• Custom counter blocks for flow-
• Remote-Triggered Black Hole • VXLAN
based export
(RTBH)
• High-speed logging
High-Performance,
• CEF logging
Scalable Platform
• Advanced Core Operating System
(ACOS)
- Linear application scaling
* Features may vary by appliance - ACOS on data plane
** aGalaxy is an optional product
• Linux on control plane
• IPv6 feature parity

LEARN MORE ©2019 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, A10 Thunder, Thunder
TPS, A10 Lightning, A10 Harmony, and SSL Insight are trademarks or registered trademarks of A10 Networks, Inc.
in the United States and other countries. All other trademarks are property of their respective owners. A10 Networks
ABOUT A10 NETWORKS assumes no responsibility for any inaccuracies in this document. A10 Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice. For the full list of trademarks, visit: www.a10networks.
C O NTACT US com/a10-trademarks.

[Link]/contact Part Number: A10-DS-15101-EN-28 DEC 2019

12