Tempesta

TEMPESTA FW

BE FASTER, BE PROTECTED

Tempesta FW is an open-source application delivery controller (ADC) built into Linux that provides fast web content acceleration and web application protection. It is built into the Linux TCP/IP stack for better and more stable performance relative to usual modern HTTP accelerators and load balancers. Not only that, but it provides the same user experience as normal Linux installations, meaning that it can be installed on almost any server and is easier to use than hardware appliances.

Tempesta FW dynamically monitors upstream server performance and predicts how that performance will change in the near future. Adaptive load balancing leverages that data to forward client queries to the server that has or is expected to have the smallest load.

All load balancing methods can be configured as HTTP sessions aware, in which case only the client’s first request is used by the original algorithm to determine which upstream server the request should be sent to. Responses to requests contain HTTP session cookies for the client, and all subsequent requests from the client are delivered to the same server.

 

How it works

  1. The IP packet is received by the network adapter and verified against Frang filtering tables.
  2. The HTTP request is immediately parsed in softirq while the data is hot in CPU caches. Advanced HTTP parsing techniques are used, including stateless finite state machine and AVX2 instruction set.
  3. The request is analyzed by Frang module and can be blocked with filter rule propagation to IP layer such that subsequent queries from the client are blocked at step 1.
  4. The request is serviced from the cache or forwarded to an upstream server according to the established load balancing policy. The web cache is built on top of Tempesta DB. The database uses cutting-edge technology like cache-conscious lock-free burst hash trie for index, NUMA aware record distribution and replication, huge pages, and SSE4.2 instruction set.
Tempesta FW archtecture  

Web content acceleration

Tempesta FW uses Tempesta DB, a very fast in-memory database, to serve as a web cache. Tempesta DB employs a number of cutting-edge technologies to achieve outstanding performance: NUMA-aware data distribution, cache-conscious and lock-free data indexing, huge pages and zero-copy data transport between users and kernel spaces.

 

Web application security

Tempesta FW provides the Frang module for fine-grained HTTP filtering to protect against various forms of attack, including an HTTP flood, Slow HTTP DDoS, HTTP Response Splitting and SQL injections. Clients violating the module rule can be automatically black-listed; any subsequent traffic from them will be dropped at the IP layer, saving system resource for really useful work.

A sticky cookie module allows for unique identification of each client. Alternatively, it can be used as a challenge cookie for application layer DDoS mitigation.

 

Load balancing

Tempesta FW provides an extensive array of load balancing methods. HTTP requests can be distributed among upstream servers via complex conditional statements over almost any set of HTTP request fields, via round-robin, rendezvous hashing or adaptive techniques.

Tempesta FW allows you to configure the number of persistent connections established to each upstream server and automatically reestablishes failed connections, enabling it to smoothly overcome upstream server outages. It also distributes HTTP requests among server persistent connections in various ways. And request distribution can be configured independently from server load balancing.

 

SSL/TLS offloading

Upstream server farms can benefit from offloading SSL/TLS encryption to Tempesta FW. We develop our own lightweight fork of mbedTLS library to maximize encryption performance.

 

Application performance monitoring

Tempesta FW measures the delays between when client requests are forwarded to the upstream server and the server response. That data is collected and analyzed, so system administrators can monitor online results for minimum, maximum, and average response times as well as different percentiles. Data is collected for each server.

 

Key-value database

Tempesta DB is used as a web cache and to set filter rules. It provides user-space interfaces for persistent key-value data storage, which can be then accessed from web applications. The tdbq user-space tool modifies and queries stored data.

The libtdb library provides access to the database from user space so you can use Tempesta DB as an embedded database. Unlike traditional embedded databases, Tempesta DB can be used by many processes concurrently. With all that, the database has much lower overhead for data transport than client-server databases.

 

Upcoming features

The following features will be implemented in the near feature:

 

Performance

Tempesta FW is embedded into the Linux TCP/IP stack, uses the fastest HTTP parser around, AVX2 HTTP strings processing and also a NUMA-aware web cache with modern hardware optimized data structures. Tempesta FW handles up to 1.8M HTTP requests per second on 4 cores CPU.

Details on the benchmarks data are also available.

 

FAQ

 

Fork it on

GitHub

 

About us

Tempesta Technologies Inc., headquartered in Seattle, WA, was founded in 2014 as a branch of NatSys Laboratory Ltd., a consulting company with more than 8 years of international experience in networking and high-performance computing in the Linux/x86-64 environment. Tempesta Technologies' mission is to explore and develop algorithms which can exploit the full power of modern hardware and operating systems to deliver new experience in building high performance and reliable web applications.

 

Careers

We're looking for talented and experienced Linux kernel hackers who can help make Tempesta FW more robust and add features.

To be successful, you’ll need to:

The position is remote, as we have no central office and most employees work from their homes. Please send your CV and cover letter at  .

 

Contacts

We're always happy to receive feedback - and bug reports - about Tempesta FW. We also offer custom solutions to meet our clients' special needs. Please email us at  .

+1(206)801-6131
1001 4th Avenue, #3200
Seattle, WA 98154