DEPLOYMENT GUIDE

DEPLOYING VTHUNDER
ADC FOR WEB APPLICATION
SERVICES ON ORACLE CLOUD
INFRASTRUCTURE
Reference Architecture for Deploying Highly Available Application Services
on Oracle Cloud Infrastructure
OVERVIEW
Organizations require their business-critical
applications to be highly available and secure
to ensure always-on service availability while
considering lower total cost of ownership,
including operational costs. Building and
maintaining a data center is a large investment,
both in terms of capital costs and operational
costs. The capital costs include physical server,
network hardware, and the operational costs are
recurring expenses such as support maintenance
fees, and electrical and environmental expenses.
It’s also required to properly design the data
center to scale the capacity required for future
growth and to keep the systems up to date on
a regular basis. As a result, many organizations
have been adopting public cloud services
(e.g., IaaS and/or PaaS) to run their business
applications and services for a variety of reasons:
• Agility and efficiency
Without any preparation, infrastructure
resources are available any time the user needs,
which helps minimize IT staff workloads and
provide faster service deployment. In addition,
there are selections of available locations,
regions and countries for the user to pick based
on needs.
• Cost effectiveness
The user only needs to pay for the resource
used. As a result, the user can take advantage

TALK
of a utility billing model for data center
infrastructure requiring little to no capital
cost outlay. Since the cloud service providers
build their infrastructure to be scalable and
WITH A10 reliable, the user can eliminate a big concern
on designing redundant and future proof
CONTACT US infrastructure, which could double up the
a10networks.com/contact
capital expense and operational cost.
While public cloud service providers are responsible for ensuring the security and
availability of their infrastructure, organizations are still responsible for the reliability
and security of the application services. This requirement does not differ from on-
premises data center deployments. Thus, it is important to understand the specific
details and requirements of how to properly design and deploy application services
in a public cloud environment such as Oracle Cloud Infrastructure.

A10 Networks vThunder® series is the certified solution, available on the marketplace
of many public cloud services including Oracle Cloud Infrastructure. The A10
Thunder® Application Delivery Controller (ADC) works seamlessly with any business
application to ensure fast, secure, and consistent application delivery. Deploying the
A10 Thunder ADC solution for various business applications on Oracle Cloud enables
organizations to enjoy reliable application services, strengthens high availability
using a local redundancy feature, as well as global server load balancing, and
maximizes elasticity and performance for business-critical applications. The A10
Harmony® Controller is the centralized management platform for A10 Thunder series
products. It is also available on the Oracle Cloud marketplace and provides detailed
per-application visibility and analytics for all the Thunder application services.

This guide provides the reference architecture and detailed configuration steps of
how to build highly available and secure business application services running on
Oracle Cloud infrastructure using the A10 vThunder ADC.

3
TABLE OF CONTENTS

OVERVIEW............................................................................................................................................................................. 2
CHALLENGES OF DEPLOYING BUSINESS CRITICAL APPLICATIONS.............................................................................. 5
ORACLE CLOUD INFRASTRUCTURE SERVICES................................................................................................................. 5
Regions and Availability Domains...............................................................................................................................................................................................................5
Virtual Cloud Network (VCN) and Subnets................................................................................................................................................................................................7

A10 THUNDER ADC ON ORACLE CLOUD. . .......................................................................................................................... 8

A10 vThunder ADC Models..........................................................................................................................................................................................................................8
A10 vThunder ADC Advantages..................................................................................................................................................................................................................9
Integration with Oracle Cloud......................................................................................................................................................................................................................9

REFERENCE ARCHITECTURE. . .......................................................................................................................................... 10

Deployment Options for Highly Available Services................................................................................................................................................................................10
Deploy Services with an ADC Among Multiple Availability Domains within a Region.....................................................................................................................10
Deploy Services Across Multiple Regions with the ADC Running GSLB ..........................................................................................................................................11
Deploy Services on Both Oracle Cloud Infrastructure and On-premises Datacenter with the ADC Using GSLB.......................................................................12

DEPLOYMENT SCENARIO.................................................................................................................................................. 14
DEPLOYMENT PREREQUISITES........................................................................................................................................ 14
CONFIGURATION STEPS OVERVIEW................................................................................................................................ 15
API KEYS AND CONFIG FILE PREPARATION.................................................................................................................... 15
DEPLOY THE VTHUNDER ON ORACLE CLOUD INFRASTRUCTURE............................................................................... 16
Configure VCN and Subnets on the Oracle Cloud Portal......................................................................................................................................................................16
Install vThunder Instance...........................................................................................................................................................................................................................17

CONFIGURE VTHUNDER. ................................................................................................................................................... 21

Access vThunder ADC................................................................................................................................................................................................................................21
General Configuration.................................................................................................................................................................................................................................22
Import API Private Key and Cloud Config File to vThunder ADC.........................................................................................................................................................25
High Availability (VRRP-a) Configuration.................................................................................................................................................................................................26
Configure the Virtual Server (VIP) on vThunder ADC-1.........................................................................................................................................................................26
Synchronize the ADC Configuration to vThunderADC-2.......................................................................................................................................................................30

VERIFICATION. .................................................................................................................................................................... 31
SUMMARY........................................................................................................................................................................... 32
APPENDIX A - THUNDER ADC CONFIGURATION. ............................................................................................................ 32
ABOUT A10 NETWORKS.................................................................................................................................................... 35

DISCLAIMER

This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not limited to fitness for a particular use and
noninfringement. A10 Networks has made reasonable efforts to verify that the information contained herein is accurate, but A10 Networks assumes no responsibility for its use. All
information is provided “as-is.” The product specifications and features described in this publication are based on the latest information available; however, specifications are subject
to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current information regarding its products or services. A10
Networks’ products and services are subject to A10 Networks’ standard terms and conditions.
CHALLENGES OF DEPLOYING BUSINESS CRITICAL APPLICATIONS
When an organization deploys business applications, they must maximize their service availability and uptime as much as possible.
There are many ways and approaches to achieve this goal from a servers and network infrastructure point of view. The first and
obvious approach is eliminating a single point-of-failure on the application server by adding a backup or secondary server with
a server load balancer (e.g., ELB, ALB, SLB, ADC). The organization can have not only fast failover in case of a server failure but
also use all available resources by load balancing the application traffic during normal operation. Of course, single point-of-failure
possibility exists on the networking devices including access, edge and gateway routers and load balancers. Therefore, redundancy
on network and routers (e.g., VRRP) is also highly recommended. To avoid any outage due to site or facility failures (e.g., disaster
recovery), they may want to design their services, so they are deployed on multiple sites and geographically distributed. However,
there will be challenges to maintain and efficiently operate multiple data centers. The biggest motivation for enterprises to move to
public cloud environments is reducing operational challenges and complexity.

ORACLE CLOUD INFRASTRUCTURE SERVICES

Oracle Cloud Infrastructure is a public cloud service designed for enterprises, offering powerful compute and networking performance,
as well as a comprehensive portfolio of infrastructure and platforms. It enables the user to run their mission-critical business
applications in a highly available hosted environment. This section covers an overview of the Oracle Cloud Infrastructure services
relevant to A10 vThunder ADC deployment. For additional information, please refer to the Oracle Cloud Infrastructure Documentation.

REGIONS AND AVAILABILITY DOMAINS

Oracle Cloud Infrastructure has a concept of Regions and Availability Domains to provide high-availability connectivity and services
globally. A region is a localized geographic area where Oracle Cloud data centers reside, and it consists of one or more availability
domains. Availability domains are physical data centers isolated from each other, and do not share infrastructure such as network,
power or cooling, therefore, a failure at one availability domain is unlikely to impact the service and availability of the others within
the same region.

The availability domains within the same region are connected to each other by a low-latency and high-bandwidth network, which
makes it possible for an organization to build highly secure and redundant systems and services in multiple availability domains for
both high availability and disaster recovery purposes.

NOTE: Traffic between availability domains and between regions is encrypted.

5
 Oracle Cloud Infrastructure
Region

VM VM

APP APP APP

Virtual
Cloud
Network

Availability Domain A Availability Domain B Availability Domain C

Figure 1: Architecture of a Region on Oracle Cloud Infrastructure

In order to properly build resilient services using multiple availability domains on Oracle Cloud Infrastructure, Oracle recommends
that users distribute their application servers across all availability domains within the region and use a load balancer to effectively
operate application services.

NOTE: Oracle Cloud Infrastructure offers a native load balancer, which has limited capabilities. For detail, see https://docs.cloud.oracle.com/iaas/Content/Balance/
Concepts/balanceoverview.htm#LBlimits

NOTE: Deploying a native load balancer requires the user to create one or more components called “Load Balancer Listeners” for each traffic type (i.e. TCP, HTTP.
HTTPS) you monitor and associate security policies accordingly. For more details, see https://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Concepts/
balanceoverview.htm

6
VIRTUAL CLOUD NETWORK (VCN) AND SUBNETS
One of the first steps of the Oracle Cloud Infrastructure resource design is to create a VCN with one or more subnets. A VCN is
a software-defined network including subnets, route tables and gateways, that the user sets up in a region of the Oracle Cloud
Infrastructure data centers.

Oracle Cloud Infrastructure

Region

VM VM

Subnet A1 Subnet B1

APP APP APP

Subnet S1

Subnet S1
VCN

Availability Domain A Availability Domain B Availability Domain C

Figure 2: VCN and Subnets concept in a Region

A VCN covers a single, contiguous IPv4 CIDR block of the user’s choice. Subnets are subdivisions of the VCN and can be set as
either availability domain (AD)-specific or regional for each subnet depending on their need. Oracle recommends using regional
subnets because they are more flexible and support high availability design for availability domain failure. All VNICs in each subnet
use the same route table, security lists, and DHCP options. The user can designate a subnet as public if you want to assign a public
IP address on the VNIC within the subnet.

7
 Oracle Cloud Infrastructure INTERNET

Region
US-EAST

Internet Gateway

Public Subnet (public)

10.0.1.0/24 | 203.0.113.X

ADC ADC

Server Subnet (private)

10.0.10.0/24

APP APP APP

VCN 10.0.0.0/20
SRV-A1 SRV-A2 SRV-B1

Availability Domain A Availability Domain B

Figure 3: Example Subnets design across multiple Availability Domains

A10 THUNDER ADC ON ORACLE CLOUD

A10 Networks Thunder ADC provides intelligent Layer 4-7 load balancing to optimize, accelerate and secure an organization’s
application services hosted in any cloud environment including Oracle Cloud Infrastructure. vThunder ADC deployed in the Oracle
Cloud Infrastructure has the same features, configuration and management as the physical appliance, which enables easy and
unified operation. With A10 Harmony Controller, the user can consolidate all operations and management and apply the same
security policy regardless of location and platform. In addition, consolidated application visibility and analytics are available.

A10 VTHUNDER ADC MODELS

vThunder ADC is available with two choices of license type in Oracle Cloud Marketplace. The user can bring their own license or pay
the hourly-based price depending on the use. If the user has A10’s FlexPool consumption-based license (https://www.a10networks.
com/how-to-buy/flexpool-licensing/), the user can select a bring-your-own-license (BYOL) type and allocate the capacity from the
pool on the vThunder running on Oracle Cloud infrastructure.

8
TABLE 1: A10 VTHUNDER ADC FOR ORACLE CLOUD PRODUCT SPECIFICATIONS

Throughput Up to 10 Gbps

Image Available on Marketplace (QCOW2)

• VM.Standard2.x (X7-based standard compute. Processor: 2.0 GHz Intel Xeon Platinum 8167M)
VM Shapes • Available OCPU options – 1, 2, 4, 8, 16 or 24
NOTE: 1 OCPU equals 2 vCPU

• Pre-installed per-OCPU based price:

- 1 OCPU to 24 OCPU
• BYOL bandwidth license:
License Types
- Lab/developer, 200 Mbps, 1 Gbps, 4 Gbps, 10 Gbps
• FlexPool license - Up to 10 Gbps
• 30-days trial license available

NOTE: Oracle has been expanding performance and offering of compute instances. The 10 Gbps bandwidth throughput was tested with the X6-based VM.standard.
B1 compute shape.

NOTE: Want to try out A10 vThunder? Access https://get.a10networks.com/vthunder-trial/

A10 VTHUNDER ADC ADVANTAGES

Adding Thunder ADC to the user application deployment in Oracle Cloud deployments provides the following benefits:

• Advanced load balancing – Thunder ADC offers intelligent L4-7 load balancing supporting a comprehensive algorithm,
performance acceleration features including TLS offload, customizable server health-check, and application-aware advanced
scripting using aFleX®.
• High capacity and high performance – vThunder ADC can offer high-performance application throughput (~10Gbps) and serve
thousands (maximum 4,096) of virtual servers (VIPs) on a single virtual appliance deployed in Oracle Cloud Infrastructure. It also
supports a high density of application delivery partitions (ADP) that can be used for multi-tenancy deployment.
• Higher availability – Due to the nature of server load balancing technology, service availability is guaranteed even when one of
the application servers fails. Thunder ADC supports the VRRP-A feature, which eliminates a single point-of-failure of the ADC in a
site and enables quick failover using Layer 4-based session synchronization. The user can also enable disaster recovery (DR) and/
or intelligent geolocation-based load balancing among multiple sites using global server load balancing (GSLB) at no extra cost.
• Integrated security – Thunder ADC offers several security features that can be added on top of ADC functionality without any
additional software licensing required. It includes an authentication proxy service named AAM, web application firewall (WAF)
and an integrated distributed denial of service (DDoS) attack protection.
• DevOps ready – Thunder ADC supports 100% API operation by leveraging A10’s REST-based aXAPI®. The user can easily
integrate and automate the Thunder ADC’s configuration, management and operation to their existing management consoles
with using RESTful aXAPI.

INTEGRATION WITH ORACLE CLOUD

ORACLE CLOUD API INTEGRATION FOR HIGH AVAILABILITY
A10 vThunder supports unicast-based VRRP-A to make service highly available in case of active vThunder failure. In the cloud
environment, the VIP address needs to be associated with one of the attached VNIC IP addresses (e.g., secondary IP). In order to
achieve successful failover, A10 vThunder implements a workflow to move the VIP address and other floating IP address from the
failed vThunder instance to a new active vThunder instance using Oracle-Cloud-SDK when VRRP-A failover occurs. This process and
configuration are covered in the later section of this document.

9
QUICK DEPLOYMENT USING TERRAFORM
The Terraform script helps the user create an instance of vThunder with three network interfaces on the public cloud including
Oracle Cloud Infrastructure. The user can choose either a vThunder insurance on a totally new infrastructure environment (e.g.,
VCN, subnets, security groups, internet gateway et al.) or in the existing infrastructure. For more details and obtaining the Terraform
scripts, visit to A10 Networks Github page https://github.com/a10networks/a10-terraform.

REFERENCE ARCHITECTURE
DEPLOYMENT OPTIONS FOR HIGHLY AVAILABLE SERVICES
When deploying application services along with A10 Thunder ADC on the Oracle Cloud Infrastructure environment, there are several
options to build highly available services.

1. Deploy services with the ADC among multiple availability domains within a region

2. Deploy services across multiple regions with the ADC running a global server load balancer feature

3. Deploy services on both Oracle Cloud Infrastructure and on-premises datacenter with the ADC using GSLB (so called hybrid-
cloud deployments)

DEPLOY SERVICES WITH AN ADC AMONG MULTIPLE AVAILABILITY DOMAINS WITHIN

A REGION
Oracle Cloud Infrastructure provides one or more availability domains in a region that are isolated from each other, fault tolerant, and
very unlikely to fail simultaneously. The availability domains within the same region are connected to each other with a low-latency
and high-bandwidth network. This makes it possible to build a resilient and highly available system. (ref: link)

As documented on the Oracle Cloud doc, users are required to set up one or more load balancers to enable high availability using
multiple available domains. By using the A10 vThunder ADC instead of the native load balancer in Oracle Cloud, the user can simplify
network configurations and operations, and have many other advantages. For example, the user doesn’t have to create a load
balancer listener entity for each service protocol and can eliminate network design complexity. Here are some examples of features
and benefits from using the vThunder ADC;

• Highly available application services using multiple available domains in the Oracle Cloud
• Advanced Layer 4-7 server load balancing
• Faster ADC failover using the VRRP-A feature
• Full-proxy architecture with aFleX scripting and customizable server health checks
• Comprehensive application security with integrated security features
• Automation for DevOps and SecOps with 100% API operation support
• Consolidated visibility and detailed analytics for multiple devices deployment using Harmony Controller

10
 Oracle Cloud Infrastructure INTERNET

Region
US-EAST

Internet Gateway

Data-Public Subnet (public)

10.0.1.0/24 | 203.0.113.X VIP VIP
VIP VIP
VIP

HA-Link subnet (private)

ADC 10.0.13.0/29 ADC

Server Subnet (private)

10.0.10.0/24

APP APP APP

VCN 10.0.0.0/20
SRV-A1 SRV-A2 SRV-B1

Availability Domain A Availability Domain B

Figure 4: Multiple availability domains deployment using ADC in a high availability pair

NOTE: In this example, one dedicated interface is assigned as the VRRP-A interface for high availability (HA) communication and syncronization. The user can use
other data ports (e.g. server side or gateway side interfaces) for that purpose.

DEPLOY SERVICES ACROSS MULTIPLE REGIONS WITH THE ADC RUNNING GSLB
One of the biggest advantages of using a public cloud service is that the user can choose to deploy the same services in different
geographical locations or regions across the globe. Generally, the user would deploy an application service in the region where it
is most heavily used, because using closer resources gets faster response. The ideal scenario is to use the service that is closest
to the end user or has lower utilization to minimize latency. Here, the global server load balancing feature plays an important role.
It expands server load balancing functionality across global data centers (or regions) for high availability and fault tolerance. It is
designed with advanced geographic and network intelligence to select the best region for each user request, while safeguarding their
network for disaster recovery.

Oracle Cloud Infrastructure offers over 10 regions (ref: link) so that the user can select multiple regions based on their requirements and
user presence. Global server load balancing is the inclusive feature of the A10 Thunder ADC, even on the public cloud, so the user can
use it to take advantage of global application presence and intelligently distribute the application traffic across multiple regions.

• Global server load balancing architecture for higher availability and optimal user experience
• Advanced Layer 4-7 server load balancing
• Faster failover using VRRP-A feature
• Full-proxy architecture with aFleX scripting and customizable server health checks
• Comprehensive application security with integrated security features

11
 • Automation for DevOps and SecOps with 100% API operation support
• Consistent and unified policy management to secure workloads for multiple regions using Harmony Controller
• Consolidated application analytics and policy enforcement for multiple regions deployments from one central location using
Harmony Controller

Oracle Cloud Infrastructure INTERNET

Region Region
US-EAST BRAZIL

Internet Gateway

Data-Public subnet (public) Data-Public subnet (public)

10.0.1.0/24 | 203.0.113.X 10.1.1.0/24 | 192.0.2.X
VIP A1 VIP A2

HA-Link subnet (private) Global Server

10.0.13.0/29 Load Balancing
ADC ADC ADC

Server subnet (private) Server subnet (private)

10.0.10.0/24 10.1.10.0/24

APP APP APP APP APP

VCN
VCN 10.0.0.0/20
10.1.0.0/20
SRV-A1 SRV-A2 SRV-B1 SRV-BZ1 SRV-BZ2

Availability Domain A Availability Domain B Availability Domain

Figure 5: Multiple regions deployment using ADC with GSLB

DEPLOY SERVICES ON BOTH ORACLE CLOUD INFRASTRUCTURE AND ON-PREMISES

DATACENTER WITH THE ADC USING GSLB
When transitioning to the public cloud from a local or on-premises data center, it is required for an organization to have services
up and running in both the on-premises data center and one of regions in the public cloud. As an alternative requirement case,
an organization may want to design their service deployment using on-premises as a primary resource and the public cloud as a
backup or secondary resource. This architecture design is referred to as hybrid-cloud or Polynimbus service deployment where they
want to fully utilize both resources in different locations with less complex operation. This is another example where A10 Thunder
ADC can help.

As an example, during normal operation, an administrator may want all user traffic to come to an on-premises data center and use
Oracle Cloud as a secondary resource. They can enable GSLB to control the traffic on the ADCs hosted in both on-premises and
the cloud. It intelligently monitors the sites health, server loads and usage, proximity and response time. If there is any issue (e.g.,
unexpected heavy traffic or downed application service) in the on-premises site, GSLB can automatically distribute or forward the
user traffic to secondary services hosted in Oracle Cloud, thereby ensuring a better user experience. The A10 Thunder ADC has
feature parity regardless of form factor – either hardware appliance or virtual appliance – in private cloud or public cloud. Thus, the
operator can apply the same features and security policies in any cloud or form factor.

12
 • Global server load balancing for intelligent traffic control using on-premises and cloud data centers
• Advanced Layer 4-7 server load balancing
• Faster failover using VRRP-A feature
• Full-proxy architecture with aFleX scripting and customizable server health-checks
• Comprehensive application security with integrated security features
• Automation for DevOps and SecOps with 100% API operation support
• Consistent and unified policy management to secure workloads for hybrid-cloud deployment using Harmony Controller
• Consolidate visibility and detailed analytics for hybrid-cloud deployments from one central location using Harmony Controller

Oracle Cloud Infrastructure INTERNET

Region
US-EAST
Gateway
FW

Internet Gateway

Data-Public subnet (public)

10.0.1.0/24 | 203.0.113.X
VIP A1 VIP A2 Public IP 192.0.2.X

HA-Link subnet (private) Global Server

10.0.13.0/29 Load Balancing
ADC ADC ADC

Server subnet (private)

10.0.10.0/24

APP APP APP APP APP

VCN 10.0.0.0/20
SRV-A1 SRV-A2 SRV-B1 SRV1 SRV2

Availability Domain A Availability Domain B

On-Premises Datacenter

Figure 6: Hybrid-cloud (Polynimbus) deployment using ADC with GSLB

13
DEPLOYMENT SCENARIO
As a deployment example, this document uses the first deployment option described in the previous section where a web application
service is deployed in one region using two available domains for redundancy in Oracle Cloud Infrastructure.

Oracle Cloud Infrastructure INTERNET

Region
US-EAST

Internet Gateway

Public Subnet (public)

10.0.1.0/24 | 203.0.113.X
VIP 1 – 203.0.113.11 (www.example.com)
(.2) (.3) Port 80 HTTP
HA-Link subnet (private) Backend Server: A1, A2, B1
Port 443 HTTPS
10.0.13.0/29
(.2) ADC Backend Server: A1, A2, B1
ADC (.3) Port 8080 TCP
VRRP floating IP (.10)
Backend Server: A2, B1
Server Subnet (private)
10.0.10.0/24

APP APP APP

VCN 10.0.0.0/20
SRV-A1 SRV-A2 SRV-B1

Availability Domain A Availability Domain B

Figure 7: Example deployment topology and network information

DEPLOYMENT PREREQUISITES
To deploy vThunder ADC for a business application running in Oracle Cloud Infrastructure, the user needs the following:

• Oracle Cloud Infrastructure accounts and access information

- Confirm available resources and regions
- Define IAM and compartment policies accordingly
• vThunder ADC (image available in the Oracle Cloud Marketplace)
- Prepare appropriate license (BYOL including FlexPool or trial/ pre-installed OCPU-based license)
• (Optional) Harmony Controller for centralized management and application visibility and analytics
- Prepare appropriate license
• SSH key pair (openssh format) for SSH and console access to vThunder and other Linux VM instances hosted in Oracle Cloud.
For example,
- Private key – In this guide, “ssh_key_priv.pem” is used as private key
- Public key – In this guide, “ssh_key.pub” is used as public key

NOTE: For detailed information and steps, refer to https://docs.cloud.oracle.com/en-us/iaas/Content/GSG/Tasks/creatingkeys.htm

14
CONFIGURATION STEPS OVERVIEW
The high-level configuration steps of this example deployment are as follows:

1. Prepare API keys (used for HA failover operation)

2. Define and set VCN and subnets in Oracle Cloud
3. Install two vThunder ADC instances
4. Configure vThunder ADC

a. General and interfaces

b. High-availability (VRRP-A and failover) configuration
c. SLB virtual service (VIP) configuration

API KEYS AND CONFIG FILE PREPARATION

API keys are required to perform the VRRP-A failover process in an Oracle Cloud Infrastructure deployment. vThunder supports
unicast-based VRRP-A to provide redundancy when an active vThunder goes down for any reason. In the Oracle Cloud environment,
a public IP address is assigned for a VIP as a secondary IP on the uplink / gateway facing interface. The secondary public IP
address(es) have to be moved from the failed vThunder to a new active vThunder when the failover is triggered. The A10 vThunder in
the Oracle Cloud implements this workflow and can automatically move the VIP address(es) and other floating IP addresses to the
new active vThunder using API-based Oracle functions.

The following files need to be prepared before starting the vThunder configuration.

• API key pair to create API signing key. For example,

- Private key: oci_api_key.pem (RSA 2K key, PEM format)
- Public key: oci_api_key_pub.pem
• Public API key need to be uploaded to the user account on Oracle Cloud portal.

NOTE: For detailed procedures and information for API keys creation, refer to Oracle Cloud Doc https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/
functionssetupapikey.htm

• Oracle Cloud Infrastructure CLI configuration file (txt format)

- This config file is required to use the Oracle Functions for failover process. Please make sure to name and import this file as
“config” on to the vThunder.
- This needs to be created containing the following information. (Use a text editor)
• User = User account OCID, see Where to Get the Tenancy’s OCID and User’s OCID.
• Fingerprint = Public API key fingerprint that was uploaded in the previous step. See, 1. Set up an Oracle Cloud
Infrastructure API Signing Key for Use with Oracle Functions.
• Key file = full path of private API key file on the vThunder
• Pass phrase = add pass phrase if the private key is generated with a pass phrase (optional)
• Tenancy = OCID of the tenancy in which the user will be creating and deploying functions. See, Where to Get the
Tenancy’s OCID and User’s OCID.
• Region = Region identifier of the Oracle Cloud Infrastructure in which the user is deploying services.

NOTE: For more details of the Oracle Cloud configuration file for Oracle Functions, refer to Oracle Cloud doc https://docs.cloud.oracle.com/en-us/iaas/Content/
Functions/Tasks/functionsconfigureocicli.htm

- An example of a ‘config’ file below to be imported to the vThunder. See the section later in the document for the detailed
procedures.

15
 [DEFAULT]
user=ocid1.user.oc1..aaaaaaa1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7s8t9u0
fingerprint=1b:2c:3d:4e:5f:6g:7h:8i:9j:0k:1l:2m:3n:4o:5p:6q
key_file=/a10data/cloud/oci_api_key.pem
pass_phrase=
tenancy=ocid1.tenancy.oc1..aaaaaaaagz11111111bbbbbbbb2222222cccccccc3333333333
region=us-ashburn-1

DEPLOY THE VTHUNDER ON ORACLE CLOUD INFRASTRUCTURE

The vThunder ADC image is available in the Oracle Marketplace so the user doesn’t have to upload the image file and create a
custom image for vThunder installations. This section describes how to prepare their Oracle Cloud Infrastructure environment and
launch the vThunder ADC.

CONFIGURE VCN AND SUBNETS ON THE ORACLE CLOUD PORTAL

The user starts with planning and allocating resources such as region, available domains, VCN and subnets for this deployment. The
first step is to create a virtual cloud network (VCN) and subnets on the Oracle Cloud portal.

1. Select region in which to deploy the application service

2. Select the available domains to use
3. Create a VCN and associate it with a CIDR
4. Create subnets within the VCN

NOTE: Please also configure appropriate resources and rules to the VCN, such as Internet Gateways, Route Tables, Security List and others.

The following table shows an example of VCN and subnet assignment.

NOTE: The user may use separate VCNs for management and data networks. Please consult with the administrator to design VCN and subnets accordingly.

TABLE 2: EXAMPLE VCN AND SUBNET ASSIGNMENT

COMPONENTS NAME VALUE NOTES

Region US-EAST

Available Do-mains AD1, AD2

VCN VCN-a10demo 10.0.0.0/20

Subnet Data-Public 10.0.1.0/24 Public/ Regional

Server 10.0.10.0/24 Private (or Private) / Regional

HA-Link 10.0.13.0/29 Private/ Regional

Mgmt-US-East-AD1 10.0.11.0/24 Public/ AD1 specific

Mgmt-US-East-AD2 10.0.12.0/24 Public/ AD2 specific

16
Figure 8: Example VCN Details on the Oracle Cloud portal

INSTALL VTHUNDER INSTANCE

Here are the detailed steps to install the vThunder ADC as a compute instance in Oracle Cloud Infrastructure.

1. On the Oracle Cloud portal, navigate to Marketplace

• Select “A10 Networks” from the publisher and chose the “A10 vThunder Application Delivery Controller” image with appropriate
license type

NOTE: There are two pricing options – BYOL and paid (pre-installed) license

• Select appropriate Version and Compartment, and then Launch Instance

NOTE: Choose the ACOS version marked as default unless there is any specific reason.

2. On Create Compute Instance page, specify the vThunder instance properties and specification. This document used the
following specifications.

• Network configuration here is for management interface

• Select appropriate compute shape from the list upon clicking “Change Shape”.

NOTE: Currently six VM compute shapes, from Standard2.1 to Standard2.24, are supported along with bare metal. If any of shapes are not seen in the complete list,
contact the administrator for a limit increase. See Service Limit.

NOTE: If the organization has a separate VCN for the management network, please use it accordingly. VCN and subnets for the data network will be configured under
VNIC configuration

17
TABLE 3: VTHUNDER ADC INSTANCE AND NETWORK CONFIGURATION SPECIFICATIONS

PRIMARY ADC SECONDARY ADC NOTES

Instance Name vThunderADC-1 vThunderADC-2

Availability Domain AD1 AD2

Selected based on VNIC counts (4)

Instance Shape VM.Standard 2.4 VM.Standard 2.4
required in this de-ployment

CONFIGURE NETWORKING

VCN Compartment a10demo A10demo

VCN VCN-a10demo VCN-a10demo

Subnet Compartment a10demo a10demo For mgmt. interface

Subnet Mgmt-US-East-AD1 Mgmt-US-East-AD2 For mgmt. interface

Public IP assignment Yes Yes

NOTE: A subnet for management can be set as AD-specific unless there is any specific reason to be regional

NOTE: A10 Networks recommends using the VM.Standard 2.4 or larger when considering system capacity including OCPU, Memory and vNICs. Smaller instanced can
be used for trials and lab use.

3. Add SSH Key (i.e., SSH public key prepared in prerequisite) for the console and SSH access and click Create
4. Next, add data interfaces to the vThunder ADC. On the “vThunderADC-X” instance page, select Attached VNICs from the
‘Resources’ menu on the left side, and click Create VNIC (repeat 3 times for all interfaces)

TABLE 4: VTHUNDER ADC INTERFACE SETTINGS

vThunderADC-1 vThunderADC-2
VCN: VCN-a10demo VCN: VCN-a10demo
Name: p1-data Name: p1-data
2nd VNIC Subnet: Data-Public Subnet: Data-Public
Check on Assign public IP address Check on Assign public IP address
3 Skip Source/Destination Check 3 Skip Source/Destination Check

VCN: VCN-a10demo VCN: VCN-a10demo

3rd VNIC Name: p2-server Name: p2-server
Subnet: Server Subnet: Server

VCN: VCN-a10demo VCN: VCN-a10demo

4th VNIC Name: p3-ha Name: p3-ha
Subnet: HA-link Subnet: HA-link

NOTE: Skip Source/Destination Check - The source/destination check causes this VNIC to drop any network traffic whose source or destination is not this VNIC. Only
mark the checkbox if you want this VNIC to skip the check and forward that traffic (for example, to perform Network Address Translation).

18
Figure 9: vThunderADC-1 instance information

19
5. [vThundeADC-1 only] To assign the secondary IP addresses used for the virtual server VIP address, go to p1-data VNIC, select
IP address from the ‘Resources’ menu, and click Assign Private IP address

• Private IP address: 10.0.1.5

• On the Public IP Address section
- Select “RESERVED PUBLIC IP”
- Compartment: a10demo
- Select “Create a New Reserved Public IP”
- Name: VIP1
• Click Assign

NOTE: This IP is a shared resource for HA and should exist only on active an vThunder, therefore this step is required only on one of the vThunder ADCs (e.g.
vThunderADC-1).

Figure 10: Adding secondary IP as VIP on p1-data VNIC

6. [vThundeADC-1 Only] To assign the secondary IP address used for a floating IP as a gateway address for backend servers, go
to “p2-server” VNIC and click Assign Private IP address

• Private IP address: 10.0.10.10

• Check “NO PUBLIC IP”
• Click Assign

NOTE: This IP is a shared resource for HA and should exist only on active the vThunder, therefore this step is required only on one vThunder (e.g. vThunderADC-1).

20
Figure 11: Adding a secondary IP as floating IP on p2-server VNIC

7. Reboot the vThunder in the Oracle Cloud portal. This will populate the newly created primary VNICs to the vThunder instances.

CONFIGURE VTHUNDER
ACCESS VTHUNDER ADC
Once the vThunder instance is installed and running, the user can find the public IP assigned to the instance on the Primary
VNIC, which is associated as the management port on the vThunder. This section describes how to access vThunder ADC from a
command line interface (CLI), graphical user interface (GUI) to configure the device.

• CLI – The CLI is a text-based interface in which you type commands on a command line. The user can access the CLI directly
through using Secure Shell (SSH) version 2.
• GUI – This is a web-based interface over HTTPS protocol, in which the user clicks buttons, menus and other graphical icons to
access the configuration or management pages. From these pages, the user can type or select values to configure or manage
the device.
The user can configure the vThunder devices using the CLI or GUI. In addition, A10 vThunder offers wizard-based configuration tools
called AppCentric Templates (ACT).

• AppCentric Templates (ACT) – This is a GUI plug-in module that enhances the user experience to deploy, monitor and
troubleshoot applications in a frictionless manner. AppCentric Templates can be accessed via the GUI, following by navigating
to System > App Template.

NOTE: The user can also configure and manage Thunder ADC using the Harmony Controller, a centralized management and analytics system. For more details, refer
to Harmony Controller documentation.

21
Access information:

• GUI
- Default user: admin
- Default password: <unique ID of instance OCID>
• The user can obtain the unique ID from the instance OCID in the Oracle Cloud portal, navigate to Compute > Instances >
‘your vThunder Instance’ and find OCID in the Instance Information
• The syntax of instance OCID will help get the unique ID for the instance
OCID syntax: - ocid1.<RESOURCE TYPE>.<REALM>.[REGION][.FUTURE USE].<UNIQUE ID>
• Example: Use the section in bold as your login password
ocid1.instance.oc1.iad.anuwcljswtg6jvt3yqx3nwh2qzwsb5vsphsisfs7kwlhmv4tcc4q

Figure 12: vThunder ADC instance OCID

NOTE: The user can change the default password on either the GUI or CLI. Please consult with administrator.

• CLI over SSH

- Default user: admin
- SSH authentication, use the SSH private key that is created in the prerequisites

NOTE: If the user is accessing the vThunder and the data port/ethernet interfaces are not shown from the CLI command “show interface brief” or on the GUI >
Network > Interface. In this case, please go ahead and reboot the vThunder.

GENERAL CONFIGURATION
In this step, the user starts configuring the vThunder system and data interfaces based on IP addresses assigned on VNICs. The
user can configure this using either the GUI or CLI. This section describes the configuration steps using CLI.

First, log into the vThunder CLI over SSH, go to enable mode and then configuration mode.
$ ssh -i ssh_key_priv.pem [email protected]
Last login: Sat Feb 1 00:45:56 2020 from 192.0.2.123

System is ready now.

[type ? for help]

22
 vThunderADC-1>enable
Password: /* No password by default */
vThunderADC-1#configure
vThunderADC-1(config)#

Before starting configuration, please confirm the status of all the interfaces and each MAC address. Run the “show interface brief”
command and note the MAC addresses on each interface and compare them to the MAC addresses in the attached VNICs of the
vThunder instance. Please make sure that the MAC correlates to the vThunder ethernet ports for the corresponding function.
vThunderADC-1(config)# sh int br
Port Link Dupl Speed Trunk Vlan MAC IP Address IPs Name
------------------------------------------------------------------------------------
mgmt Up auto auto N/A N/A 0200.1702.606c 10.0.11.5/24 1
1 Disb None None none 1 0200.1702.dccd 0.0.0.0/0 0
2 Disb None None none 1 0200.1706.137e 0.0.0.0/0 0
3 Disb None None none 1 0200.1706.68c5 0.0.0.0/0 0

Figure 13: Attached VNIC information under the vThunder instance in the Oracle Cloud portal

In a typical Thunder ADC deployment, it’s recommended to use a VE (virtual ethernet with VLAN) interface for its flexibility and
usability rather than using the ethernet port directly. Therefore, please note the IP addresses assigned on all data interfaces to
configure the vThunder using the CLI from the “Attached VNICs information of Oracle Cloud Portal” instance page.

NOTE: VLAN IDs (or VE IDs) can be a number between 2 - 4096

In this document, the following information is used to configure the interface, routes and system-related items on both vThunder
ADCs.

23
TABLE 5: VTHUNDER SYSTEM & NETWORK CONFIGURATION DETAILS
HOST NAME vThunderADC-1 vThunderADC-2

P1-Data VNIC Interface ve 101 (VLAN 101) Interface ve 101 (VLAN 101)
(interface ethernet 1) IP address 10.0.1.2 255.255.255.0 IP address 10.0.1.3 255.255.255.0

P2-Server VNIC Interface ve 110 (VLAN110) Interface ve 110 (VLAN110)

(interface ethernet 2) IP address 10.0.10.2 255.255.255.0 IP address 10.0.10.3 255.255.255.0

P3-HA Link VNIC Interface ethernet 3 Interface ethernet 3

(interface ethernet 3) IP address 10.0.13.2 255.255.255.248 IP address 10.0.13.3 255.255.255.248

Route IP route 0.0.0.0 /0 10.0.1.1 IP route 0.0.0.0 /0 10.0.1.1

DNS primary 4.2.2.1 DNS primary 4.2.2.1

Others system-jumbo-global enable-jumbo (see note below) system-jumbo-global enable-jumbo (see note below)
Allow SSH access on port 3 for configuration sync Allow SSH access on port 3 for configuration sync

NOTE: When the “system-jumbo-global enable-jumbo” command is run on the CLI config mode, it will be prompted to reboot the vThunder. Once booted, the user can
configure mtu size 9216 on ethernet 2 and 3.

Here is the sample CLI configuration from vThunderADC-1. The user can modify this sample config based on their deployment
design, copy and paste on the CLI of their vThunder ADC.

! !
hostname vThunderADC-1
!
ip dns primary 4.2.2.1 interface ethernet 2
! name p2-server
vlan 101 mtu 9216
untagged ethernet 1 enable
router-interface ve 101 !
! interface ethernet 3
vlan 110 name p3-ha
untagged ethernet 2 enable
router-interface ve 110 ip address 10.0.13.2 255.255.255.248
! !
system-jumbo-global enable-jumbo interface ve 101
! ip address 10.0.1.2 255.255.255.0
interface ethernet 1 !
name p1-data interface ve 110
mtu 9216 ip address 10.0.10.2 255.255.255.0
enable !
! !
enable-management service ssh ip route 0.0.0.0 /0 10.0.1.1
ethernet 3 !

24
Updated interface status of the vThunderADC-1.
vThunderADC-1#show interfaces brief
Port Link Dupl Speed Trunk Vlan MAC IP Address IPs Name
------------------------------------------------------------------------------------
mgmt Up auto auto N/A N/A 0200.1702.606c 10.0.11.2/24 1
1 Up Full 10000 none 101 0000.1702.dccd 0.0.0.0/0 0 p1-data
2 Up Full 10000 none 110 0200.1706.137e 0.0.0.0/0 0 p2-server
3 Up Full 10000 none 1 0200.1706.68c5 10.0.13.2/29 1 p3-ha
ve101 Up N/A N/A N/A 101 0000.1702.dccd 10.0.1.2/24 1
ve110 Up N/A N/A N/A 110 0200.1706.137e 10.0.10.2/24 1

IMPORT API PRIVATE KEY AND CLOUD CONFIG FILE TO VTHUNDER ADC
A10 vThunder ADC has a tighter integration with Oracle Cloud Infrastructure using APIs, enabling an ADC high availability
deployment. This section describes how to import an API key and cloud config file that are used for the automation of ADC failover
workflow.

1. Locate the API private key (oci_api_key.pem) prepared in the API Key Preparation section. On the vThunder CLI (config) mode,
import the file as “oci_api_key.pem”. By default, this file is stored in the vThunder under the /a10data/cloud/ directory.

vThunderADC-1# conf
vThunderADC-1(config)#import cloud-creds oci_api_key.pem use-mgmt-port scp://192.168.0.254/root/
oci/oci_api_key.pem
User name []?root
Password []?
Done.

vThunderADC-1(config)#show cloud-creds
--------------------------------------------------
Name Permissions
--------------------------------------------------
oci_api_key.pem 0400
--------------------------------------------------

NOTE: The user can also download the file from a file share service such as Dropbox using the shared download link. Copy and paste the link into the command, as
shown below. If the link is not set with a password, the user can use the vThunder login and password (Default user: admin, default password: <Unique ID of the
Instance OCID>)

vThunderADC-1(config)#import cloud-creds oci_api_key.pem use-mgmt-port https://www.dropbox.

com/s/qwerty123456780/oci-config?
User name []?admin
Password []?
Done.

2. Locate the cloud config file (filename: config) prepared in the API Keys Preparation section. On the vThunder CLI (config)
mode, import the file as “config”.

vThunderADC-1(config)#import cloud-config config use-mgmt-port scp://192.168.0.254/root/oci/con-

fig
User name []?root
Password []?
Done.

25
 vThunderADC-1(config)#sh cloud-config config
[DEFAULT]
user=ocid1.user.oc1..aaaaaaa1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7s8t9u0
fingerprint=1b:2c:3d:4e:5f:6g:7h:8i:9j:0k:1l:2m:3n:4o:5p:6q
key_file=/a10data/cloud/oci_api_key.pem
pass_phrase=
tenancy=ocid1.tenancy.oc1..aaaaaaaagz11111111bbbbbbbb2222222cccccccc3333333333
region=us-ashburn-1

NOTE: Key_file name (e.g. oci_api_key.pem) in the config must match the user’s cloud-cred key file imported earlier.

HIGH AVAILABILITY (VRRP-A) CONFIGURATION

In this section, you will configure the device redundancy feature, VRRP-A, on both vThunder ADCs. Here is the list of the CLI
commands to form the VRRP-A and make vThunderADC-1 as an active device. You can copy and paste the following config, with
appropriate modification if needed, to your vThunder ADCs.

TABLE 6: VTHUNDER VRRP-A CONFIGURATION EXAMPLE

vThunderADC-1 vThunderADC-2

vrrp-a common vrrp-a common

device-id 1 device-id 2
set-id 1 set-id 1
enable enable
exit exit
! !
vrrp-a vrid 0 vrrp-a vrid 0
floating-ip 10.0.10.10 floating-ip 10.0.10.10
blade-parameters preempt-mode disable
priority 220 blade-parameters
exit priority 150
! exit
vrrp-a interface ethernet 3 !
! vrrp-a interface ethernet 3
vrrp-a peer-group !
peer 10.0.13.3 vrrp-a peer-group
exit peer 10.0.13.2
! exit
vrrp-a session-sync enable !
vrrp-a session-sync enable

CONFIGURE THE VIRTUAL SERVER (VIP) ON VTHUNDER ADC-1

The user can configure virtual services, or VIP, using the CLI, GUI, AppCentric Templates (ACT) or Harmony Controller.

In this document, for ease of configuration and operation, ACT is used, the A10 ACOS GUI plug-in module that enhances the user
experience to deploy, monitor and troubleshoot applications in a frictionless manner. ACT contains wizard-based configuration tools
for many different applications and use-case configurations, including Basic LB, HTTPS/SSL Offload, MS Exchange, GSLB and more.

26
L4 VIP CREATION USING ACT
This section explains how to configure a basic VIP (virtual server) for a port 80 web service using the ACT.

NOTE: ACT version used in the example is act-v2-1214-17-a10-0.tar.gz

Figure 14: ACT version (GUI > System > App Template > Setting (icon on top right)

1. Login to vThunderADC-1 GUI and navigate to System > App Template to access ACT
2. Select L4 SLB from ACT Store and click to Wizard from menu
3. On the SLB Wizard, please follow the configuration example below.

27
TABLE 7: L4 SLB CONFIGURATION EXAMPLE WITH ACT

Deployment Choice Source-NAT

Virtual Server Partition: shared

IP address: 10.0.1.5
Name: VIP1
Virtual Port: 80
Protocol: TCP

Note: This IP address of the VIP is the

secondary IP address created during
the vThunder installation step.

Pool LB Method: Least-connection

Persistence: Enable
Health Monitor: Enable

Members:
10.0.10.5 port 80
10.0.10.6 port 80
10.0.10.7 port 80

4. In the ‘Review’ tab, click ‘FINISH’ and push the configuration to the vThunder ADC-1
5. Confirm the VIP service is up and running on vThunder ADC-1

28
Figure 15: VIP status on ACT L4SLB dashboard

Figure 16: ACT L4 SLB > Configuration to review VIP configuration

ENABLE VRRP-A SESSION SYNCHRONIZATION USING CLI

VRRP-A uses one active device and one standby device for a given VRID. If session synchronization (also called connection
mirroring) is enabled, the active device backs up active session entries on the standby device. Session synchronization applies to
Layer 4 sessions. To configure session synchronization, apply the “ha-conn-mirror on-syn” CLI command under all (Layer 4) vPorts of
the configuration of the VIP.

Using CLI:
vThunderADC-1-Active#conf
vThunderADC-1-Active(config)#slb virtual-server VIP1 10.0.1.5
vThunderADC-1-Active(config-slb vserver)#port 80 tcp
vThunderADC-1-Active(config-slb vserver-vport)#ha-conn-mirror

29
Here is the simplified CLI configuration from this section.

! health monitor Hm_VIP1_80

interval 10 method least-connection
! health-check Hm_VIP1_80
slb server srv_10_0_10_5 10.0.10.5 member srv_10_0_10_5 80
port 80 tcp member srv_10_0_10_6 80
health-check ping member srv_10_0_10_7 80
! !
slb server srv_10_0_10_6 10.0.10.6 slb template persist source-ip VIP1_per-
port 80 tcp sist_template_80

health-check ping !

! slb virtual-server VIP1 10.0.1.5

slb server srv_10_0_10_7 10.0.10.7 port 80 tcp

port 80 tcp ha-conn-mirror on-syn

health-check ping source-nat auto

! service-group VIP1_80_tcp_sg
template persist source-ip VIP1_per-
sist_template_80

slb service-group VIP1_80_tcp_sg tcp

NOTE: The user finds more items in the actual config such as “user-tag” and “sampling-enable,” which are generated by ACT wizard for visibility and analytics
purposes. Refer to the full configuration in the appendix.

SYNCHRONIZE THE ADC CONFIGURATION TO VTHUNDERADC-2

This is an optional step to synchronize VIP configuration of vThunder ADC-1 to standby vThunder ADC-2.

NOTE: If the user prefers to configure VIPs on vThunder ADC-2 manually, please skip this step.

NOTE: Configure sync command covers most of SLB configuration, security policies except routing and interface settings.

Before running ‘configure sync’ command, the user will need to import the SSH private key on to vThunder ADC-1 as it’s required for
SSH authentication.

Locate the SSH private key (ssh_key_priv.pem) prepared in the Deployment Prerequisites section. On the vThunder CLI (config)
mode, import the SSH private key file “ssh_key_priv.pem”.
vThunderADC-1(config)#import key sync_ssh_priv use-mgmt-port scp://192.168.0.254/root/oci/ssh_
key_priv.pem
User name []?admin
Password []?
Done.

vThunderADC-1(config)#sh pki cert

Name: sync_ssh_priv Type: key [Unbound]

NOTE: If this operation failed with an error related to key file format, please try to convert the private key to OpenSSH format (Old or New) again, then import it again.

30
Next, run the ‘configure sync’ command using the the SSH private key and IP address of vThunderADC-2 (e.g. 10.0.13.3, IP address
of HA-Link/ port 3)
vThunderADC-1-Active(config)#configure sync all private-key sync_ssh_priv 10.0.13.3
User name []?admin

Once this command is successfully run, the user will see that the ADC configurations are synced on vThunderADC-2. This sync
process may take a few, ~ 10 seconds, depending on the size of the configuration. If configuration changes related to VIP are made,
the sync command would need to be run to sync configurations to the standby vThunder.

VERIFICATION
Once VIP configuration is done on both vThunder ADCs, it is time to verify the application traffic and service status. Navigate to ACT
(GUI > System > App Template) and then go to L4SLB > Dashboard to see the VIP status and traffic and connection statistics.

Figure 17: ACT L4 SLB dashboard

As for the verification of the high-availability function, it can be tested using the following command on the active vThunder.

vThunderADC-1(config)#vrrp-a force-self-standby enable

This will force the active vThunderADC-1 to be in standby mode and the other vThunder in the HA standby mode (vThunderADC-2) to
be active. Go to the vThunderADC-2 instance page (Instance Detail -> Attached VNICs -> Click on the VNIC) in the Oracle Cloud portal
and verify the VIP (secondary IP address) of the P1-Data VNIC and other floating IP addresses of the P2-Server VNIC have moved to
the new active instance.

31
SUMMARY
This document describes the reference architecture for deploying high-availability application services using A10 vThunder ADC in
Oracle Cloud Infrastructure and provides the detailed configuration steps of deploying vThunder ADC in high-availability mode and
using multiple available domains in Oracle Cloud.

Oracle Cloud Infrastructure is a public cloud service designed for enterprises, offering powerful compute and networking
performance and a comprehensive portfolio of infrastructure and platforms that enable users to run the mission-critical business
applications in highly available hosted environment. The A10 Thunder ADC works seamlessly with any business application to
ensure fast, secure, and consistent application delivery. Deploying the A10 Thunder ADC solution for various business applications
in Oracle Cloud enables organizations to enjoy reliable application services, strengthens high availability using local the redundancy
feature, as well as global server load balancing, and maximizes elasticity and performance for business-critical applications.

For more information about Thunder ADC products, please refer to:

https://www.a10networks.com/products/thunder-adc/

https://www.a10networks.com/solutions/cloud-security/public-cloud/

https://cloudmarketplace.oracle.com/marketplace/en_US/listing/51617399 

APPENDIX A - THUNDER ADC CONFIGURATION

Here is the vThunder ADC configuration used in an actual test environment.

// vThuderADC-1 Configuration // hostname vThunderADC-1

!64-bit Advanced Core OS (ACOS) ver- !
sion 4.1.4-GR1-P1-SP2, build 5 (Jun-06- system-jumbo-global enable-jumbo
2019,07:46)
!
!
interface ethernet 1
vrrp-a common
name p1-data
device-id 1
mtu 9216
set-id 1
enable
enable
!
!
interface ethernet 2
multi-config enable
name p2-server
!
mtu 9216
!
enable
system resource-usage max-aflex-file-size
256 !
! interface ethernet 3
ip dns primary 4.2.2.1 name p3-ha
! enable
vlan 101 ip address 10.0.13.2 255.255.255.248
untagged ethernet 1 !
router-interface ve 101 interface ve 101
! ip address 10.0.1.2 255.255.255.0
vlan 110 !
untagged ethernet 2 interface ve 110
router-interface ve 110 ip address 10.0.10.2 255.255.255.0
! !
vrrp-a vrid 0

32
 floating-ip 10.0.10.100 port 80 tcp
blade-parameters health-check ping
priority 220 user-tag uiext_l4_slb_VIP1_server_
! port_80_vport_80_tcp

vrrp-a interface ethernet 3 sampling-enable total_conn

! sampling-enable total_fwd_bytes

vrrp-a peer-group sampling-enable total_rev_bytes

peer 10.0.13.3 !

! slb service-group VIP1_80_tcp_sg tcp

enable-management service ssh method least-connection

ethernet 3 health-check Hm_VIP1_80

! user-tag uiext_l4_slb_VIP1_sg_tcp_80

ip route 0.0.0.0 /0 10.0.1.1 member srv_10_0_10_5 80

! member srv_10_0_10_6 80

health monitor Hm_VIP1_80 member srv_10_0_10_7 80

interval 10 !

user-tag uiext_l4_slb_VIP1_HM slb template persist source-ip VIP1_persist_

!
slb server srv_10_0_10_5 10.0.10.5
user-tag uiext_l4_slb_srv_10_0_10_5
port 80 tcp
health-check ping
user-tag uiext_l4_slb_VIP1_server_
port_80_vport_80_tcp
sampling-enable total_conn
sampling-enable total_fwd_bytes
sampling-enable total_rev_bytes
! template_80
slb server srv_10_0_10_6 10.0.10.6
user-tag uiext_l4_slb_srv_10_0_10_6
port 80 tcp
health-check ping
user-tag uiext_l4_slb_VIP1_server_
port_80_vport_80_tcp
sampling-enable total_conn
sampling-enable total_fwd_bytes
sampling-enable total_rev_bytes
!
slb server srv_10_0_10_7 10.0.10.7
user-tag uiext_l4_slb_srv_10_0_10_7
template_80
user-tag uiext_l4_slb_VIP1_persist_tem-
plate_80
!
slb virtual-server VIP1 10.0.1.5
user-tag uiext_l4_slb_VIP1_virtualserver
port 80 tcp
ha-conn-mirror on-syn
source-nat auto
service-group VIP1_80_tcp_sg
template persist source-ip VIP1_persist_
user-tag uiext_l4_slb_VIP1_80_tcp
sampling-enable total_l4_conn
sampling-enable total_fwd_bytes
sampling-enable total_rev_bytes
!
sflow setting local-collection
!
sflow collector ip 127.0.0.1 6343
!
!
end

33
//vThuderADC-2 Configuration// priority 150
!64-bit Advanced Core OS (ACOS) ver- !
sion 4.1.4-GR1-P1-SP2, build 5 (Jun-06- vrrp-a peer-group
2019,07:46)
peer 10.0.13.2
!
!
vrrp-a common
enable-management service ssh
device-id 2
ethernet 3
set-id 1
!
enable
ip route 0.0.0.0 /0 10.0.1.1
!
!
ip dns primary 4.2.2.1
health monitor Hm_VIP1_80
!
interval 10
vlan 101
user-tag uiext_l4_slb_VIP1_HM
untagged ethernet 1
!
router-interface ve 101
slb server srv_10_0_10_5 10.0.10.5
!
user-tag uiext_l4_slb_srv_10_0_10_5
vlan 110
port 80 tcp
untagged ethernet 2
health-check ping
router-interface ve 110
user-tag uiext_l4_slb_VIP1_server_
! port_80_vport_80_tcp
hostname vThunderADC-2 sampling-enable total_conn
! sampling-enable total_fwd_bytes
system-jumbo-global enable-jumbo sampling-enable total_rev_bytes
! !
interface ethernet 1 slb server srv_10_0_10_6 10.0.10.6
name p1-data user-tag uiext_l4_slb_srv_10_0_10_6
mtu 9216 port 80 tcp
enable health-check ping
! user-tag uiext_l4_slb_VIP1_server_
interface ethernet 2 port_80_vport_80_tcp
name p2-server sampling-enable total_conn
mtu 9216 sampling-enable total_fwd_bytes
enable sampling-enable total_rev_bytes
! !
interface ethernet 3 slb server srv_10_0_10_7 10.0.10.7
name p3-ha user-tag uiext_l4_slb_srv_10_0_10_7
enable port 80 tcp
ip address 10.0.13.3 255.255.255.248 health-check ping
! user-tag uiext_l4_slb_VIP1_server_
interface ve 101 port_80_vport_80_tcp

ip address 10.0.1.3 255.255.255.0 sampling-enable total_conn

! sampling-enable total_fwd_bytes

interface ve 110 sampling-enable total_rev_bytes

ip address 10.0.10.3 255.255.255.0 !

! slb service-group VIP1_80_tcp_sg tcp

! method least-connection

vrrp-a vrid 0 health-check Hm_VIP1_80

floating-ip 10.0.10.100 user-tag uiext_l4_slb_VIP1_sg_tcp_80

blade-parameters member srv_10_0_10_5 80

34
 member srv_10_0_10_6 80 template persist source-ip VIP1_persist_
member srv_10_0_10_7 80 template_80

! user-tag uiext_l4_slb_VIP1_80_tcp

slb template persist source-ip VIP1_per- sampling-enable total_l4_conn

sist_template_80 sampling-enable total_fwd_bytes
user-tag uiext_l4_slb_VIP1_persist_tem- sampling-enable total_rev_bytes
plate_80 !
! sflow setting local-collection
slb virtual-server VIP1 10.0.1.5 !
user-tag uiext_l4_slb_VIP1_virtualserver sflow collector ip 127.0.0.1 6343
port 80 tcp !
ha-conn-mirror on-syn !
source-nat auto end
service-group VIP1_80_tcp_sg

ABOUT A10 NETWORKS

A10 Networks (NYSE: ATEN) provides Reliable Security Always™ through a range of high-performance solutions that enable
intelligent automation with deep machine learning to ensure business critical applications are protected, reliable and always
available. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers globally with offices worldwide.

For more information, visit: a10networks.com or tweet @a10Networks

LEARN MORE ©2020 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, A10 Thunder, A10 Lightning,
A10 Harmony and SSL Insight are trademarks or registered trademarks of A10 Networks, Inc. in the United States and
other countries. All other trademarks are property of their respective owners. A10 Networks assumes no responsibility
ABOUT A10 NETWORKS for any inaccuracies in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise
this publication without notice. For the full list of trademarks, visit: www.a10networks.com/a10-trademarks.
CONTACT U S
a10networks.com/contact Part Number: A10-DG-16174-EN-01 MAR 2020

35