-
what is a Partition in A10 ??
Hi, I am new to A10, I would like to know if a Partition is a virtual routing concept (like VRF), or a virtual context, where data plane, control plane, and management plane are segregated thanks,
-
TPS deployment with VLANS
Hi everyone, I’m trying a new implementation for a TPS appliance The architecture is the following, there is going to be two internet connections directly to the TPS appliance then the TPS will make Vlan Tagging the traffic and send it to the Switch Core that will forward that traffic to the Firewall by the trunk…
-
WAF Deployment
Hi, Is there any deployment guide to install a basic WAF configuration ? Or some configuration exemple with some explanations. Regards
-
Monitor Application & Network using ACOS Prometheus Exporter
This article describes how to setup Prometheus and A10 Thunder running pre-ACOS 5.0 version (e.g., 3.2, 4.1.4 or 5.1) using a Prometheus Exporter to gain application network visibility and operational insights. Prometheus uses the HTTP PULL model to scrape such various data from network devices and store the received…
-
Application Network Visibility using the Prometheus and A10 Thunder
This article describes how to set up Thunder ADC and Prometheus to gain application network visibility and operational insights using a visualization tool like Grafana. A10 Thunder supports a logging system to monitor resources like system (CPU, Memory usage), interface statistics, as well as service metrics and…
-
DNS CAA record response
I am doing things like this: set rr1 [DNS::rr $name 0 IN TXT "some text here"] DNS::answer insert $rr1 Now I need to return a CAA record and can't find a way to format the entry to do this. A CAA record looks like this in a zone file. mydomain.com. IN CAA 0 issue "letsencrypt.org" mydomain.com. IN CAA 0 issuewild ";"…
-
Import_file_certificate_pfx format fail
Dear all We have a service running ssl ( client). I have import certificate .pfx format to A10 Please help me Thanks for support Hoang Hung
-
File upload using aXAPI 3.0
As documented at https://documentation.a10networks.com/ACOS/411x/411-P1/ACOS_4_1_1-P1/html/axapiv3/file.html I'm trying to upload text/plain files to use as axflex scripts or bw-lists. So far I haven't been able to POST files with any success. Each API call pushes the control CPU to 100% until the device has been rebooted.…
-
HTTP line too long (len is 31415)
Hi ! Since few days i see in the system log the line: "HTTP line too long (len is 31415)" Its is class of an attack? I can't to determine what IP try to use Long HTTP. How i can troubleshoot this issue? Thanks !!
-
Is there any workround to: VE number in partition can not be greater than 32
We have a: Model = A10 THUNDER TH5430-110 Número de série = TH54453015380057 64-bit Advanced Core OS (ACOS) version 2.7.2-P7-SP3, build 3 Dec-21-2015, 13:08 When We tried the follwing configuration: vlan 1/127 tagged ethernet 1 to 2 router-interface ve 127 We received the follwing message: "VE number in partition can not…
-
[T&C] Example of using SNI with aFleX
In an SSL/TLS handshake, the name of the server being accessed is sent using the SNI extension in the Client Hello message. For example, suppose you access the site https://intranet.a10tests.com, it will show up in the SNI extension as follows: Starting from ACOS 5.1.0, this SNI field can be captured using the aFleX…
-
[T&C] Using DNS over HTTPS (DoH) while preserving Client IP
Thunder CFW enables you to provide DNS over HTTPS (DoH) service to end-users without having to upgrade the DNS infrastructure itself. Here is a sample setup: The client browser (in this case Firefox browser) is configured with a custom DoH URI, which resolves to a VIP on the Thunder CFW: The Thunder CFW configuration is as…
-
[T&C] DNS over HTTPS (DoH) and DNS services on the same VIP
DNS over HTTPS (DoH) is a protocol for securing DNS communication by sending DNS queries and getting DNS responses over HTTPS. In DoH, each DNS query-response pair is mapped into an HTTP exchange. For details, refer to RFC 8484 (https://tools.ietf.org/html/rfc8484). Thunder CFW enables you to provide DoH service to…
-
How to deploy Thunder Container ?
This article provides you the steps on how to deploy A10 Thunder in the cloud native environment. What is Thunder Container ? Thunder Container is a containerized ACOS image that is deployed by using Docker on a host operating system. It can be configured to operate as an Application Delivery Controller (ADC), Convergent…
-
Ansible Playbook Examples for ADC Features
This article provides some Ansible playbook examples for application acceleration and optimization features for Thunder ADC shown below. Each playbook uses the respective acos_axapi module for that feature. A10 acos_axapi module set consists of more than 1,600 modules. Module set can be downloaded from GitHub Repository:…
-
How to automate basic Thunder ADC config using Ansible ?
Ansible is an open-source software tool facilitating configuration management, application deployment, IT, and infrastructure automation. The playbook used in this article provides the steps on how to configure basic Layer 4 VIP (virtual server) on Thunder ADC using Ansible. The playbook contains four “tasks” and uses…
-
Automated Service Discovery using HashiCorp Consul
This article describes how to use the Thunder ADC integration with HashiCorp Consul for automated application delivery. Thunder ADC directly polls associated services catalog from Consul periodically while serving user traffic for load balancing and application security. When service status changes are detected on the…
-
A10 throughput limit enforcement behavior
I'm considering switching to A10 from F5. I have a question on A10 throughput limit enforcement. Does the licensed throughput limit only apply only to load balanced traffic? Or does this also include passthrough traffic that's only being layer 3 forwarded through the appliance?
-
Help to factory reset my AX1000-11
Hi, I bought a used AX1000-11 and the previous owner of the equipment doesn't remember the login for accessing the device. Is there any way that I can restore it to default, like a reset button? I didn't find any information about that anywhere and the support can't help because the serial expired. Thanks!
-
CGN + ADC
Hi, We have a 1040S that we use primarily for CG Nat. We also have 3 HTTP video servers that have high demand on our network, and are currently statically load balanced. Can I load balance them using SLB with my Thunder, while maintaining CGNAT funcionality? Many thanks!
-
Active Directory ADC
Hi, Does A10 ADC support for active directory load balancing via layer 7 protocol? Is there any use-case for active directory slb from A10 networks guide? Appreciate it in advance. Regards, Shawn
-
error after upgrade ADC to ACOS 5.2.0
After of upgrade from 4.1.1P13 to 5.2.0 firmware version, i have the follow errors and the device seems to reload ( conmute to slave node ), with previous version don't have issues Oct 06 2020 16:10:11 Error [Fail Safe]:Failed in thread LWP 12227 Oct 06 2020 16:10:11 Error [Fail Safe]:Failed in thread LWP 12609 Oct 06 2020…
-
Disable RC4 in A10
How can we disable rc4 in A10? There is no option of RC4 in cipher template. Can I do something like this? DEFAULT:!RC4:!SSLv3:!SSLv2:!TLSv1 If yes, where to add this? Thanks in advance!
-
ADC health monitor and SSL cipher
Trying to config health monitor to use tls1.1/tls 1.2 level ssl ciphers. I've tried something like DEFAULT:!SSLv3:!SSLv2:!TLSv1, or even just TLS1_ECDHE_ECDSA_AES_128_GCM_SHA256:TLS1_ECDHE_RSA_AES_128_GCM_SHA256 in the cli for ssl-cipher. I'm debugging this with openssl s_server(so that health-monitor talks to this debug…
-
Difference in UDP-Other and ANY-UDP for TPS Services
Hi team Can you, please tell me to understand the main difference between the services Protocol: UDP; Port/Protocol Num: Other and Any-UDP (the same for TCP) in TPS Solution? In the below image from the Galaxy I can choose the two options, but I'm not sure what is the main difference: Thanks
-
IPv6 tools
I am facing an client how wants view how TPS works against DDoS attacks. I know tools to emulate attacks for IPv4, but I do not know tools to emulate the same for IPv6. Where can I find a guidelines to make the tests? Regards,
-
How to clear RAM cache on A10 via AXAPI?
I don't see a way to do this, I only know of the SSH way. How to clear cache during our DevOps auto-deploys using AXAPI? We have V3 AXAPI on our A10.
-
How to do a graceful shutdown on a per virtual server basis?
I only see graceful shutdown settings at ADC -- SLB -- Global Where is the settings to do this at a virtual server level? On some of our websites we need graceful shutdowns to let the sessions flush out, but on others we do not. I don't see a way to accomplish that on the A10.
-
SNAT-ON-VIP
Can someone explain to me what SNAT-ON-VIP is and what it does. I can't find a great deal of information about it. Many thanks
-
Advance Traffic Replication on SLB
Hi, currently my setup is round robin (active/standby) with mirror traffic replication. I tried to duplicate port udp 9000 and supposedly both server receive the packet but only active server will reply. But right now the problem is the other server doesn't receive any duplicate packet udp port 9000. Can someone help thanks
