As open SDN fabrics (built with open networking switches) become popular for mainstream data center deployments, there is increasing demand for broader multi-vendor solutions that provide application-wide elasticity and data center-wide protection against continuous, sophisticated cyber attacks. A10 Networks and Big Switch are extending their partnership to address both these customer needs:

  • The A10 Thunder ADC application delivery controller with its unique benefits of high-performance, comprehensive L4-L7 capabilities in combination with Big Cloud Fabric (BCF), offers workload agility and elasticity in secure multi-tenant production network environments.
  • The A10 Thunder TPS threat protection system with its high-performance, multi-level DDoS protection capabilities combined with Big Tap monitoring fabric, offers comprehensive protection from cyber attacks by enabling pervasive security.

 

Application Agility and Elasticity with A10 Thunder ADC and SDN-based Big Cloud Fabric

The Big Cloud Fabric (BCF) is deployed in a pod-based design consisting of spine and leaf switches. Within the BCF pod, the A10 Thunder ADC can be deployed in multiple form-factors, physical appliance, virtual appliance, or hybrid. The appliance can be deployed as a dedicated service or as a part of the service chain (as shown in Figure 1 below). The BCF supports a multi-tenant architecture with the ability to create logical tenants that can span multiple physical racks. As part of this logical architecture, the A10 Thunder ADC can be configured to load balance either client-server (north-south) traffic coming into the BCF or server-server (east-west) traffic within the BCF. Essentially, the Thunder ADC is deployed as an endpoint in the fabric and traffic is forwarded based on the Layer 3 Virtual IP address of the ADC. Physically, the A10 Thunder can be attached to any of the leaf switches in the fabric.

 

Figure 1: SDN-Driven application agility with A10 Thunder ADC and BCF

The efficient and scalable fabric solution enables users to easily deploy applications on cost-optimized pods, which can be inserted seamlessly into existing data centers. While the SDN-powered solution dramatically lowers CapEx by leveraging low-cost, high-speed open networking switches, it also provides tremendous OpEx savings through tenant-centric logical configuration for L2-L7 services, zero-touch fabric operations, simplified troubleshooting, and seamless upgrade. A10’s vThunder virtual appliances can also be leveraged within a multi-tenant infrastructure for dynamic, tenant-level L4-L7 service insertion and service chaining. The joint solution thus provides an on-demand and elastic (scale-in/scale-out) approach to rapidly deploying applications and application-level change management through programmatic (API-centric) interactions.

Pervasive Security with A10 Thunder TPS and SDN-based Big Tap Monitoring Fabric

Big Tap is an SDN-based next-generation network packet broker (NPB) that enables policy-driven filtering and forwarding of data center-wide network traffic (both north-south and east-west traffic) to the A10 Thunder TPS for inspection. The joint solution is shown below in Figure 2. Specifically, A10 Thunder TPS detects and mitigates multiple classes of attack vectors, including volumetric, protocol, and enables continuous availability of services. It leverages hardware-based traffic acceleration to immediately detect and mitigate over 50 common attack vectors with more complex application-layer attacks (HTTP, SSL, DNS, etc.) processed by dedicated, high-performance CPU complex.

The Big Tap Controller fully manages multi-tenant monitoring policies, provisions the fabric, programs the forwarding paths of monitored flows, and centrally controls all switches and their interconnections. This operational simplicity offered by single-pane-of-glass management along with open-switch economics makes pervasive security a reality. In addition to tapping every rack, security operators can also tunnel traffic from remote locations (such as Colo DCs, campus, and branch locations), to enable pervasive security monitoring in a highly cost-efficient and staff-efficient manner.

Figure 2: Enterprise-Wide Security Monitoring with Big Tap and A10 Thunder TPS

Both of these solutions have been validated and are shipping. To learn more, please see links to additional resources below.

Welcome to modern, 21st century networking!

– Prashant Gandhi

VP, Products & Strategy

 

Additional Resources:

  • A10 Thunder ADC and Big Cloud Fabric Joint Solution Brief: Click Here
  • A10 Thunder TPS and Big Tap Joint Solution Brief: Click Here
  • A10 Thunder ADC and Big Cloud Fabric Webinar: Click Here
  • A10 Thunder TPS and Big Tap Webinar: Click Here
  • Big Cloud Fabric – Hyperscale-style Networking is Here: Click Here
  • Big Tap 4.0: An SDN Replacement to Proprietary Network Packet Brokers (NPBs). Click Here
  • Register for a free, hands-on experience with Big Tap Monitoring Fabric: Try BSN Labs
  • Register for an upcoming Webinar to learn more about Big Switch products.