We traced Nginx running on a 80 CPU server as a CDN node in one of the world largest Internet exchange point. We revealed that a ligh-weight monitoring process may cause severe latencies due to the Linux CPU scheduler. During the investigations we had a lot of fun with eBPF and perf.

Learn how to build a high performance billing system for video conferencing services. This article studies the case of a lean startup who we helped to with building the system. We focus not only on the system performance, but also how to make it with as low budget as possible.

It might sound strange, but database performance does depend on used encodings. In this post we explore why and compare performance on different encodings for MariaDB and MySQL.

The recent paper "The Storage Hierarchy is Not a Hierarchy: Optimizing Caching on Modern Storage Devices with Orthus" proposes interesting extension for traditional caching. The approach might be beneficial in Video on demand (VOD) content delivery networks (CDN) challenged by large amount of stored data and high throughput requirements.

We explore several practical performance critical tasks and how they can be solved in C, C++, Rust, and Assembly programming languages. We mostly focus on the speed, but also consider developer productivity and the programs safety. You might be surprised that solving some tasks in Assembly might be more productive than in C programming language!

Kernel bypass technologies like DPDK and Netmap are popular for development of high speed network applications. In this article we discuss user space TCP/IP stacks and their applicability for HTTPS servers.

From our experience in developing custom core logic of Web Application Firewalls (WAF), we learned several performance issues typical for the most, or even all, modern WAFs which may lead to high cost of ownership and/or denial of service. In this article we introduce a WAF accelerator, which like a web accelerator, improves performance of WAFs and protects them against DDoS attacks.

Being a light-weight web application firewall, Tempesta FW takes care about prevention of well-known web cache deception and poisoning attacks. However, recently a new attack of the web cache poisoning class, Cache-Poisoned Denial-of-Service (CPDoS), has appeared and made us to extend our HTTP parser to prevent the attack.

Read our review of Google paper "Snap: a Microkernel Approach to Host Networking" presented on ACM SIGOPS 27th Symposium on OperatingSystems Principles (SOSP 2019). We compare the Snap approach with Temepsta FW synchronous sockets.

We recap the most interesting posts since 2011 from our old NatSys Laboratory blog: effect of the recent CPU vulnerabilities onto Linux system calls performance, deep dive into HTTP proxies functionality and performance comparison of Tempesta FW with Nginx and HAProxy, fast strings processing algorithms, lock-free data structures, and memory allocators. A lot of technical details!