Tempesta

TEMPESTA FW

BE FASTER, BE PROTECTED

Tempesta FW provides fast web content acceleration and web application protection at low TCO. Tempesta FW is the first and only hybrid of its kind - both an HTTP accelerator (reverse proxy) and a multi-layer firewall. It is specially designed to deliver web content at top speed while providing maximum protection against a range of web application attacks. This makes it the ideal platform for building application-level DDoS mitigation systems or high-performance Web Application Firewalls (WAF).

Tempesta FW is built into the Linux TCP/IP stack for better and more stable performance relative to the usual TCP servers on top of Socket API or even kernel sockets.

Tempesta FW is open source and published under GPLv2.

 

Web Content Acceleration

Tempesta FW uses Tempesta DB, a very fast in-memory database, to serve as a web cache. Tempesta DB employs a number of cutting-edge technologies to achieve outstanding performance: NUMA-aware data distribution, cache-conscious and lock-free data indexing, huge pages and zero-copy data transport between users and kernel spaces.

 

Web Application Security

Tempesta FW provides the Frang module for fine-grained HTTP filtering to protect against various forms of attack, including an HTTP flood, Slow HTTP DDoS, and HTTP Response Splitting. Clients violating the module rules can be automatically black-listed; any subsequent traffic from them will be dropped at the IP layer, saving system resources for really useful work.

A sticky cookie module allows for unique identification of each client. Alternatively, it can be used as a challenge cookie for application layer DDoS mitigation.

 

Load Balancing

Tempesta FW provides an extensive array of load balancing methods. HTTP requests can be distributed among upstream servers via complex conditional statements over almost any set of HTTP request fields or via round-robin or rendezvous hashing techniques.

Tempesta FW allows you to configure the number of persistent connections established to each upstream server and automatically reestablishes failed connections, enabling it to smoothly overcome upstream server outages. It also distributes HTTP requests among server persistent connections in various ways. And request distribution can be configured independently from server load balancing.

 

Key-Value Database

Tempesta DB is used as a web cache and to set filter rules. It provides user-space interfaces for persistent key-value data storage, which can be then accessed from web applications. The tdbq user-space tool modifies and queries stored data.

The libtdb library provides access to the database from user space so you can use Tempesta DB as an embedded database. Unlike traditional embedded databases, Tempesta DB can be used by many processes concurrently. With all that, the database has much lower overhead for data transport than client-server databases.

 

High Performance

Performance comparison of Tempesta with a common HTTP server Tempesta FW is embedded into the Linux TCP/IP stack, uses the fastest HTTP parser around and also a NUMA-aware web cache with modern hardware optimized data structures. Tempesta FW performance is 8-12 times that of modern HTTP servers and scales linearly on multi-core hardware to large numbers of concurrent TCP connections.

 

Research

Tempesta FW was presented at IBM CASCON 2014. You can download the paper or full conference proceedings.
Here you can also find our talk on Tempesta DB at the Percona Live'16 conference.

 

FAQ

Is Tempesta FW like TUX, kHTTPd, and other in-kernel HTTP servers?

Can I use Tempesta FW in a cloud-based scenario?

I'm scared letting a web server into the kernel.

I found a bug. I crashed your server.

 

Fork it on

GitHub

 

About Us

Tempesta Technologies Inc., headquartered in Seattle, WA, was founded in 2014 as a branch of NatSys Laboratory Ltd., a consulting company with more than 8 years of international experience in networking and high-performance computing in the Linux/x86-64 environment. Tempesta Technologies' mission is to explore and develop algorithms which can exploit the full power of modern hardware and operating systems to deliver new experience in building high performance and reliable web applications.

 

Contacts

We're always happy to receive feedback - and bug reports - about Tempesta FW. We also offer custom solutions to meet our clients' special needs. Please email us at .

+1(206)801-6131
1001 4th Avenue, #3200
Seattle, WA 98154