A10 CEO spells out application delivery controller advantage and next steps

A10 has built a solid business in the application delivery controller (ADC) market, but its platform also supports IPv6 migration and many cloud requirements, nicely positioning the company for the future. Network World Editor in Chief John Dix recently sat down with A10 founder and CEO Lee Chen for a company update. Chen, who was co-founder of Foundry Networks, says A10 already has 1,700 customers and more than 7,000 devices deployed.

RELATED: A10 boosts application delivery controllers

Your Advanced Core Operating System (ACOS) platform seems to give you some product flexibility, can you spell that out for us?

We have invested significantly over the years in ACOS, A10's proprietary data kernel, and it gives us a performance advantage, particularly in Layer 4 and Layer 7 transactions per second.

From day one A10 has been focused on application networking, and our vision was to build a really powerful platform and on top, layer multiple applications. So the ADC has been one of the major applications we built on the platform, and we then addressed IPv6 migration and the cloud is another piece we are building on top. Today ADC generates about 75% of our revenue, and the rest comes from IPv6 migration and cloud deployment.

Read dozens of other Q&As with tech industry CEOs

You're up against some big players in the ADC market, but still manage to do well for yourself. What do you attribute your success to?

When we entered the market there were already several big players, including F5 and Cisco, with F5 being the biggest with a bit over 50% share. But A10 focused on customer service from day one, and now we have a good reputation for that, and we focused on building a platform that provides a big performance advantage, especially in the Layer 4 and Layer 7 space. Some of our customers really care about the price and our objective is to provide the least cost per connection, per transaction, per session.

We also provide some advanced features. I'll give you two examples. One is called multi-tenancy. We allow a single device to run multiple routing domains. Each domain can be running either IPv4 or IPv6. This allows a data center operator to use one device to host multiple customers. That will reduce operational costs. And we are fairly early on in terms of providing a feature called virtual chassis so, as traffic continues to increase, the customer does not need to keep installing bigger and bigger boxes, they can just add additional devices and logically chain them together in a cluster that behaves as one device.

Also, as a result of our performance advantage, some larger customers are using our device to consolidate multiple ADCs, thus reducing operational costs. And our device provides a tremendous power consumption advantage. In some comparative analyses we did, compared to our largest competitor, we use one-third of the power, so if you have a large data center, you're talking about big power savings.

What percentage of your customers are service providers vs. enterprise shops?

I would say it's probably 80% enterprise to 20% service providers. But on the other hand, our revenue is probably 75% generated from service and content providers and 25% enterprises.

When you're in a bid against the likes of an F5, how do you win?

F5 being the dominant player in the market, sometimes they are the default. But when we get invited to the party, especially with a proof of concept, we have a good chance based on our responsiveness and our product performance. If you look at transactions and connections per second, our 2U 5200-11 can provide 4.5 million Layer 4 connections per second, which is more than double F5's four-blade chassis solution today.

What's the secret sauce? Is it all in the ASICs?

No, it's actually all in the software. The software is a big piece of it. We have more than six years invested in ACOS. That pays a significant dividend for us.

That sounds like something that would be hard to emulate?

In theory, with R&D anyone can catch up. But it's all in the people, the innovation, how you lead a team. So there's nothing to prevent anybody from doing anything in technology, but it's a moving target, right? We never stop. When we first released ACOS in 2007 it was a 32-bit OS. Between 2009 and 2010, we released a 64-bit ACOS. Now we are working on something to address the next-generation ADC, but I can't disclose the details yet.

Is it hard to unseat incumbents?

ADC is a very sticky business. Nobody wants to change their vendor. But on the other hand, after three or four years a customer will typically look around because it's beneficial to consider a second vendor solution. So sometimes we get invited because the customer wants to look at a second vendor. Sometimes we get invited because they are not happy with their current vendor. Sometimes the cost of the existing vendor is too high.

One additional advantage we have is we decided early on we wanted to reduce a customer's operational complexity by not having a license model. So with A10 you get everything. Layer 2/Layer 3 devices vendors typically compete on port density and price per port. We make the deployment and buying experience really simple. You buy one box at one price. We don't play the games the others do for professional services, extra modules, $X amount more for Y performance. When you buy one of our boxes you can use two features or you can use 100 features. When we add a new feature in, you can use it.

RELATED: How to shop for application delivery controllers

What is the underlying box?

The AX series, which we design completely. Basically it's an Intel-based PC server platform but we have been really keeping up with the Intel platform. I think we are probably the only company in the ADC space that already has two models leveraging Intel's Sandy Bridge technology, and we have more Sandy Bridge products coming out. So does Intel but the box is an A10 specialized design. The interface is a 1-gig or 10-gig. We plan to roll out the 40-gig and 100-gig in the future.

How far out is that do you think?

I think in the next 12 to 18 months you will see us roll out the 40-gig and the 100-gig.

How about the other capabilities you support, like IPv6 migration.

We entered the IPv6 business in September 2010 and in a very short 15 months it is now 25% of our revenue.

How do you change the complexion of the product? Is it just a software layer on top of ACOS that makes it an IPv6 play vs. an ADC?

Exactly.

Do customers add the IPv6 as a module on the same box or tend to bring in separate boxes?

They tend to bring in separate boxes because of the performance required. But on the other hand, it's good for customers to know they don't need to change the hardware. They just need to enable different features in the same box.

Is the demand for IPv6 mostly on the service provider side so far?

Yes, mostly on the service provider side. We do have some enterprise customers whose business really depends on the Internet that are using that as a service. One of the travel sites is using us for the IPv6 migration.

Is it happening as fast as you have anticipated?

Much faster than what I thought. Even though we call it IPv6 migration, most of the deployments actually are about conserving IPv4 addresses as companies virtualize everything and the number of mobile devices continues to skyrocket. It is about contending with that by replacing router and firewall NAT functions. The number of interconnected devices is mind boggling, right? But enterprises and service providers cannot just keep buying the same old device to manage the traffic. What they want is a more powerful box that can be used to replace a number of devices so they reduce operational costs, and that plays to A10's advantage.

We have had fairly big success in the mobile market with our IPv6 migration tool, with examples here and in Japan. They both use our carrier grade NAT - what the industry now calls large scale NAT (LSN) -- to replace today's router and firewall NAT solution. In the U.S. example they're getting a 1-to-3 advantage -- one A10 carrier grade NAT solution replaces three firewall NATs.

So you just take on the NAT function?

Right. Many service providers and enterprises use firewalls or routers to provide purely a NAT function because the NAT has to be really fast because every packet coming in needs to be translated, so they separate that out.

Also with mobile devices, in addition to a fast transaction rate, we are seeing the requirement for a large number of sessions. Look at Google Maps. This one application often has hundreds of sessions, and some applications even close to 1,000 sessions. So now you require a device to provide 1 million, 2 millions sessions. As a matter of fact, in one deployment the requirement was to provide a device to support over 100 million sessions concurrently and over 10-gig of throughput.

The market for this must still be relatively small at this point, so how does it account for 25% of revenue already?

The number of customers is significantly less, but in terms of revenue it is typically higher.

You mentioned cloud as being another opportunity for you, can you expand on that?

We are in the fairly early stage of cloud deployment but we are seeing a lot of interest in server virtualization. So A10 provides multiple options, including the ability to run AX as software. Now you don't buy the hardware from A10, you're just running a software ACOS on top of VMware or KVM. You can also run it on top of Amazon Web Services.

Or you can run ACOS as a VM on A10's own hardware, and that will give you guaranteed performance, especially for those customers who care about SSL performance because we have a hardware-based SSL acceleration that can vastly outperform the commoditized server.

A third option is, because we support multi-tenancy, you can do Layer 3 partitioning, Layer 3 virtualization with one device, so we allow customers to virtualize ADC. And the fourth option is, as I also mentioned earlier, we allow customers to customize multiple devices into one. So we really provide the intelligence, the elasticity, to address the cloud space.

What's gaining traction most here? Where is the demand?

Today we have more deployment in terms of multi-tenancy, but we are seeing tremendous interest in the software-based SoftAX.

There's been a lot of talk about appliances getting subsumed into the virtual world. Do you see that as an inevitability?

I think the big function box sounds great, but if you look at today's deployments, it has not reduced the number of devices. It actually increased the number of servers used in any deployment.

So I do not see that happening any time soon. If you are a service provider and just want to run your operation, the hardware-based fixed appliance is still the most cost effective way. To manage a virtualized instance, whether it's a server, storage or an ADC, is actually quite challenging. Now you don't really have physical devices, you have multiple components in big devices. If you have any issue, how are you going to debug it? Multiple factors could be in play. How are you going to troubleshoot it? How are you going to address scalability?

The idea is great, right? You have the resources globally and you can just move around what you need to meet demands, but I think to reach that level will take years.

Since we're talking about the future, what do you anticipate changing here in 2012?

We have a plan to grow the company fairly significantly for the next several years, and I cannot go into specifics, but I can assure you that we're going to continue to drive performance, we're going to continue to reduce the price per connection, reduce the price per transaction, reduce the price per throughput. We're going to continue to make our boxes smaller and more power efficient. We're also going to focus on the bigger issue of how to make our device more suitable as a policy maker, as a traffic manager, to address the intelligence and elasticity of the cloud deployment.

To switch subjects a bit here at the end, given your background in high-end Ethernet switching, what do you make of all of this talk about fabrics today?

I could be wrong on this, but I just don't see the customer moving to fabric in a big way anytime soon. A lot of the solutions proposed today are proprietary. They don't really interoperate with each other. You have to take one vendor solution completely. So to me, that's a no-go from the get-go. Also, they don't really work well with the existing equipment. So does the customer want to be completely locked in? I'm not sure that is the right solution.

Read more about lan and wan in Network World's LAN & WAN section.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about ADCAmazon Web ServicesCiscoF5Foundry NetworksGoogleIDGIntelJohn DixKVMLANVMware Australia

Show Comments
[]