Tempesta FW provides fast web content acceleration and web application protection at low TCO. Tempesta FW is the first and only hybrid of its kind - both an HTTP accelerator (reverse proxy) and a multi-layer firewall. It is specially designed to deliver web content at top speed while providing maximum protection against a range of web application attacks. This makes it the ideal platform for building application-level DDoS mitigation systems or high-performance Web Application Firewalls (WAF).
Tempesta FW is built into the Linux TCP/IP stack for better and more stable performance relative to the usual TCP servers on top of Socket API or even kernel sockets.
Tempesta FW is open source and published under GPLv2.
Tempesta FW uses Tempesta DB, a very fast in-memory database, to serve as a web cache. Tempesta DB employs a number of cutting-edge technologies to achieve outstanding performance: NUMA-aware data distribution, cache-conscious and lock-free data indexing, huge pages and zero-copy data transport between users and kernel spaces.
Tempesta FW provides the Frang module for fine-grained HTTP filtering to protect against various forms of attack, including an HTTP flood, Slow HTTP DDoS, and HTTP Response Splitting. Clients violating the module rules can be automatically black-listed; any subsequent traffic from them will be dropped at the IP layer, saving system resources for really useful work.
A sticky cookie module allows for unique identification of each client. Alternatively, it can be used as a challenge cookie for application layer DDoS mitigation.
Tempesta FW provides an extensive array of load balancing methods. HTTP requests can be distributed among upstream servers via complex conditional statements over almost any set of HTTP request fields or via round-robin or rendezvous hashing techniques.
Tempesta FW allows you to configure the number of persistent connections established to each upstream server and automatically reestablishes failed connections, enabling it to smoothly overcome upstream server outages. It also distributes HTTP requests among server persistent connections in various ways. And request distribution can be configured independently from server load balancing.
Tempesta DB is used as a web cache and to set filter rules. It provides user-space interfaces for persistent key-value data storage, which can be then accessed from web applications. The tdbq user-space tool modifies and queries stored data.
The libtdb library provides access to the database from user space so you can use Tempesta DB as an embedded database. Unlike traditional embedded databases, Tempesta DB can be used by many processes concurrently. With all that, the database has much lower overhead for data transport than client-server databases.
Tempesta FW is embedded into the Linux TCP/IP stack, uses the fastest HTTP parser around and also a NUMA-aware web cache with modern hardware optimized data structures. Tempesta FW performance is 8-12 times that of modern HTTP servers and scales linearly on multi-core hardware to large numbers of concurrent TCP connections.
Is Tempesta FW like TUX, kHTTPd, and other in-kernel HTTP servers?
Nope. Tempesta FW isn't just an in-kernel HTTP server. Rather, think of it as a Linux extension for a better user experience in various web applications. It processes HTTP the same way IP or TCP do, running in softirq context, building a monolithic protocols stack. It combines netfilter logic with HTTP processing, making it a unique hybrid solution - an HTTP server and a firewall at the same time. Tempesta DB is built into Linux memory management and provides interfaces similar to transactional record-oriented file systems (part of this work is currently still in progress).
Can I use Tempesta FW in a cloud-based scenario?
Yes. Tempesta FW is a pure software solution, so it can be used in virtual machines. However, it does patch the Linux kernel extensively, so a cloud-based set-up will have to have the ability to load custom Linux kernels. For example, a KVM-based virtual environment is usually suitable, while an operating system-level virtualization like LXC isn't.
I'm scared letting a web server into the kernel.
Tempesta FW isn't a web server, it’s an operating system extension. We try to keep our code base as small as possible and to implement only mission-critical logic in the kernel. For example, Tempesta FW is smaller than any of the popular file systems, including EXT4, BtrFS, and XFS.
I found a bug. I crashed your server.
That's possible. Tempesta is relatively young (the major version number is still 0), bugs are possible. If you do find a bug, please check here for currently open bugs with the "crucial" tag to determine whether the bug is already known. If not, please create an entry for the new bug. Do your best to accurately describe the scenario - that will help us a lot in refining the software. We pay $100 for each new crucial bug report. Thank you!
Tempesta Technologies Inc., headquartered in Seattle, WA, was founded in 2014 as a branch of NatSys Laboratory Ltd., a consulting company with more than 8 years of international experience in networking and high-performance computing in the Linux/x86-64 environment. Tempesta Technologies' mission is to explore and develop algorithms which can exploit the full power of modern hardware and operating systems to deliver new experience in building high performance and reliable web applications.
We're always happy to receive feedback - and bug reports - about Tempesta FW. We also offer custom solutions to meet our clients' special needs. Please email us at .
1001 4th Avenue, #3200
Seattle, WA 98154