|
Thunder TPS
The A10 Networks Thunder TPS Threat Protection System product line provides high-performance, network-wide protection against DDoS (Distributed Denial of Service) attacks in the face of flooding, protocol vulnerability and other complex application attacks. Ensure service availability.
The Thunder TPS product line is based on the ACOS architecture (Advanced Core Operating System) and features the A10's SSMP (Extensible Symmetric Multi-Processor) architecture, which delivers outstanding performance and utilizes shared memory technology to efficiently Track network traffic to provide accurate DDoS attack protection for service providers, website operators and enterprises.
Comprehensive DDoS protection ensures service availability: Enterprise dependence on service availability and Internet connectivity is increasing, and downtime means lost revenue. Thunder TPS performs deep traffic analysis on all traffic, automatically detects anomalies, and is effective against various types of attacks, including extremely difficult multi-vector attacks, which can flood attacks, protocol exploits, and complex applications. Layer attacks are mixed into one, directly hitting the weakest link in the enterprise protection system.
Superior performance and energy efficiency adapt to the ever-increasing scale of attacks: The frequency, scale and complexity of DDoS attacks have grown more and more unprecedented. With a powerful ACOS architecture, Thunder TPS can handle any large, demanding network environment. Distributed multi-vector attack detection and prevention functions optimize system resources and extend performance. The normal attack is solved by dedicated hardware. For complex application layer attacks, because of the need to perform very resource-intensive deep packet inspection (DPI), the multi-core, powerful CPU core focuses on the attack. Thunder TPS hardware not only meets performance challenges, but is also extremely energy efficient. This high performance is achieved with a compact device architecture that delivers significant rack space, power and cooling savings, and lower operating costs.
Flexible customization and extensive network integration: For easy integration into a variety of network architectures, a flexible DDoS attack defense solution that works with multi-vendor devices is needed. Through RESTful APIs, aXAPI, Thunder TPS can be integrated into custom or third-party inspection solutions and supports multiple network flexible deployment modes for in-band and out-of-band operation. Information such as logs and network statistics are based on common standards and can be shared at high speed. Using TCL-based aFleX scripting technology, the program policy engine supports fully customized detection and defense, as well as regular expression (regex) and Berkeley packet filtering (BPF) modes, matching filtering mechanisms for deep packet inspection (DPI) ).
The A10 Thunder TPS effectively protects critical services with the most efficient hardware products, ensuring efficient use of customer data center resources. The combination of small form factor and outstanding performance reduces operating expenses by significantly reducing power, rack space and cooling requirements.
Features and advantages
Extended IPv4 connection
The A10 Thunder TPS Series is capable of detecting and defending against any type of attack, even when multiple attacks occur simultaneously.
• Comprehensive multi-dimensional attack defense: Ensures service availability by detecting and defending against various types of DDoS attacks, whether it is a simple flood attack, a protocol vulnerability or resource exhaustion attack, or even an application layer vulnerability attack:
- Flood attacks, such as DNS or NTP amplification attacks, whose purpose is to saturate the attacked network connection through traffic flooding, which in turn causes the service to be unavailable. Thunder TPS offers a variety of authentication technologies to defend against amplification and flood attacks, filter for spoofed traffic, and support high granularity, multi-protocol rate limiting to prevent sudden increases in illegal traffic from running out of network and server resources. Each connection can be restricted to define its bandwidth and packet speed.
- Protocol vulnerability attacks, such as SYN floods, Ping of death, and IP address anomalies, attempt to smash the attacked protocol stack so that it does not respond properly to legitimate traffic. The Thunder TPS detects and defends against more than 50 anomalous attacks in hardware, blocking these attacks before the system CPU intervenes. For example, detecting SYN requests or other features, managing out-of-order segments, TCP/UDP port scanning, etc. are available.
- Application-layer vulnerability attacks, such as Slowloris, HTTP GET flooding, and SSL-based attacks, which specifically exploit security features of application features or make them unavailable. Thunder TPS features a variety of application inspection and rate limiting controls. With the A10 programmable aFleX feature, Thunder TPS can perform deep packet inspection (DPI) on received packets and take defined actions to protect the application. For example, the system enforces restrictions on various types of DNS requests and performs security checks on most HTTP headers.
• A10 Threat Intelligence Protection Service: A10 and ThreatSTOP launch threat intelligence protection services to obtain reputation data information from more than 30 security intelligence libraries including DShield and Shadowserver. Thunder TPS can quickly identify and block known malicious sources. Traffic flow. The A10 Threat Intelligence Protection Service provides customers with the following benefits:
- Protect your network from cyber threats
- Block non-DDoS-style cyber threats such as spam and phishing scams
- Make the Thunder TPS system more efficient
Threat Intelligence Services continuously searches for potential security threats on the Internet, helps customers use global resources to block traffic from malicious sources on the Internet, and identifies known machines and other sources of attack, reducing workload for Thunder TPS . In addition, the A10 Threat Intelligence Protection Service captures non-DDoS-related security threats such as spam and phishing scams.
Outstanding performance for an ever-expanding attack
In the past few years, DDoS attacks have grown rapidly, both in terms of bandwidth (Gbps) and number of packets per second (PPS). The Thunder TPS is equipped with professional, high-performance hardware and the latest and most powerful Intel Xeon CPUs to protect against any large-scale complex attacks.
• High-performance platform high-performance platform: With DDoS defense throughput performance from 40 to 160 Gbps (up to 1.2 Tbps in cluster deployment), Thunder TPS can effectively handle the largest DDoS attacks. The Thunder TPS model, equipped with high-performance FPGA-based FTA technology, quickly detects and defends against more than 50 attacks before data CPU intervention. SYN cookies can be generated at rates up to 223 Mpps when performing client connection request verification. The hardware's Security Policy Engine (SPE) performs high-grained traffic rates at 100ms intervals, and the SSL security processor can be used to detect and defend against SSL-based attacks, including the latest POODLE threats. More sophisticated application layer (L7) attacks (HTTP, DNS, etc.) are handled by the latest Intel Xeon CPUs, ensuring high-performance system expansion even in the face of multi-dimensional attacks. In terms of network connectivity, Thunder TPS is equipped with 1Gbps, 10Gbps, 40Gbps and 100Gbps interfaces.
• Large-capacity threat intelligence classification list: 8 separate lists can be defined, each containing 16 million entries. Users can take advantage of data from the IP Reputation Database and dynamically generate blacklist/whitelist entries.
• Synchronized protection objects: Thunder TPS can simultaneously monitor 64,000 user-specified hosts or subnets to ensure the security of the entire network connecting many users and services.
Flexible customization and extensive network integration deployment
For network operators, it is important that the DDoS attack defense solution be easily embedded into the existing network infrastructure to prepare the network for the upcoming DDoS threat.
• Programmable Policy Engine: Fully programmable centralized configuration and management engine, coupled with access to system status and statistics, makes advanced application and security policy implementation easier. Using the TCL-based aFleX language, or high-speed policy-matching pattern regular expressions (regex) and Berkeley Packet Filtering (BPF), the system's detection and defense capabilities can also be fully personalized.
• Easy network integration: Thunder TPS supports multiple performance options and flexible deployment modes that support in-band and out-of-band operations, including MPLS-detected routing or transparent operation modes, and can be integrated into any network architecture of any size. In addition, with aXAPI (Open RESTful API), Thunder TPS can be easily integrated into third-party inspection solutions. Common activity forms (CEF) open log management standards to enhance cross-platform support.
product description
A10 Thunder TPS product line
The high-performance Thunder TPS product family detects and defends against multi-dimensional DDoS attacks at the edge of the network, playing the role of the network's first line of defense.
Thunder TPS Series hardware devices range from entry-level models from 10Gbps to high-performance models at 160Gbps to meet the most demanding requirements and protect large networks. All models feature dual power supplies, solid state drives (SSDs), and no detachable parts to ensure high availability. Models with Security Policy Engine (SPE) hardware acceleration, FPGA-based FTA technology between hardware levels, optimized packet processing, and highly scalable flow distribution and DDoS attack protection. FPGAs detect and defend against more than 50 common attack vectors in hardware without affecting the performance of data CPUs used to handle more complex application layer attacks.
Switching and routing processors provide high performance network processing. Each device delivers the best single-rack performance, while the “80 PLUSTM Platinum” certified power supply represents the highest level of green solutions that significantly reduce power costs. Customers can take advantage of high-density 1Gbps, 10Gbps, 40Gbps and 100Gbps port options to meet the highest network bandwidth requirements. All high-performance devices feature an efficient chassis design that allows up to eight Thunder TPS products to be deployed in a single cluster for higher capacity and efficient list synchronization.
|
