Alexander K edited this page Dec 2, 2017 · 13 revisions

Tempesta FW is an open-source application delivery controller (ADC) built into Linux that provides fast web content acceleration and web application protection. It is built into the Linux TCP/IP stack for better and more stable performance relative to usual modern HTTP accelerators and load balancers. Not only that, but it provides the same user experience as normal Linux installations, meaning that it can be installed on almost any server and is easier to use than hardware appliances.

Design considerations

Tempesta FW is designed with following considerations which define its architecture:

  1. Tempesta FW targets maximum performance in modern Linux/x86-64 environments. Thus, it frequently migrates to new Linux kernels and requires relatively modern hardware.

  2. Modern hardware has plenty of RAM. This consideration eliminates requirement of slow disks access making Tempesta FW working with RAM only. The web cache is very fast, but doesn't suite to handle volumes of large content. If you need to cache data larger than your RAM, then use other web accelerators behind Tempesta FW: the whole installation benefits from small and fast cache at first layer.

  3. Tempesta FW is fully Linux compatible. All the existing Linux software works with Tempesta FW. It significantly different from kernel bypass approaches (e.g. DPDK or Netmap): web accelerator built on top of the technologies don't allow you to use such handy tools with your network traffic as Netfilter, Tcpdump, Tc and so on. (Actually, in some cases you can use the tools, but copying through dummy network interfaces is required making the whole system slower).

Publications

  1. Kernel HTTP/TCP/IP stack for HTTP DDoS mitigation, Netdev 2.1, April 2017. Video.

  2. Tempesta FW: Linux Application Delivery Controller, FOSDEM'17, February 2017. Video.

  3. Tempesta FW, a handfull firewall against DDoS attacks, HackMag, 2015.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.