Skip to content

Home

Jump to bottom Edit New page
Alexander Krizhanovsky edited this page Sep 19, 2023 · 20 revisions

Tempesta FW is an open-source application delivery controller (ADC) built into Linux that provides fast web content acceleration and web application protection. It is built into the Linux TCP/IP stack for better and more stable performance relative to usual modern HTTP accelerators and load balancers. Not only that, but it provides the same user experience as normal Linux installations, meaning that it can be installed on almost any server and is easier to use than hardware appliances.

Design considerations

Tempesta FW is designed with following considerations which define its architecture:

  1. Tempesta FW targets maximum performance in modern Linux/x86-64 environments. Thus, it frequently migrates to new Linux kernels and requires relatively modern hardware.

  2. Modern hardware has plenty of RAM. This consideration eliminates requirement of slow disks access making Tempesta FW working with RAM only. The web cache is very fast, but doesn't suite to handle volumes of large content. If you need to cache data larger than your RAM, then use other web accelerators behind Tempesta FW: the whole installation benefits from small and fast cache at first layer.

  3. Tempesta FW is fully Linux compatible. All the existing Linux software works with Tempesta FW. It significantly different from kernel bypass approaches (e.g. DPDK or Netmap): web accelerator built on top of the technologies don't allow you to use such handy tools with your network traffic as Netfilter, Tcpdump, Tc and so on. (Actually, in some cases you can use the tools, but copying through dummy network interfaces is required making the whole system slower).

The best description of Tempesta FW design and architecture can be found in our talk on Netdev 2.1 referenced at the below.

Demo

Tempesta FW has appeared in the Security Weekly show (issue PSW #669): Fast And Secure Web. In the show we has discussed the typical use cases for Tempesta FW as well as showed the demo.

Publications

  1. Kernel HTTP/TCP/IP stack for HTTP DDoS mitigation, Netdev 2.1, April 2017. Video.

  2. Tempesta FW: Linux Application Delivery Controller, FOSDEM'17, February 2017. Video.

  3. Tempesta FW, a handfull firewall against DDoS attacks, HackMag, 2015.

Add a custom footer

Contents

Clone this wiki locally