Requirements

• x86-64 CPU with SSE 4.2, AVX2, ADX and BMI2 support (Intel Broadwell, AMD Zen, or later microarchitectures). Tempesta DB also requires 2MB huge pages enabled. Check sse4_2, pse, avx2, bmi2, and adx flags respectively in your /proc/cpuinfo;
• At least 8GB RAM;
• RSS capable network adapter;
• Filesystem with fallocate(2) system call (e.g. ext4, btrfs or xfs);
• Linux Kernel with the small Tempesta FW’s patch. Please see instructions to build the patched Linux kernel.

Notice: All CPU instructions are mandatory, but in some environments (virtual machines, VPS) can be unpresented in /proc/cpuinfo even if CPU supports it. In this case try to comment out all required checks in Makefile and then run unit tests to make sure everything is OK.

Security warning: Tempesta TLS uses the CPU hardware random generator, provided by the RDRND instruction in x86-64, to speedup the most performance crucial cryptography calculations. Some Intel CPUs are vulnerable to for the Special Register Buffer Data Sampling (SRBDS): the RDRAND result can be exposed to a sibling CPU core. This means that you should not run Tempesta FW in a public cloud environment with switched off SRBDS mitigation. If you run Tempesta FW on a dedicated hardware server or CPU starting with Ice Lake microarchitecture, you don’t need to care about the issue.

Currently Ubuntu 24.04 is the preferred build and execution environment. You can use other Linux distributions at your own risk.

Check supported virtualization types if you want to run Tempesta FW inside a virtual machine. QEMU is the most tested VM. There were complains about VirtualBox support of necessary CPU flags from a host system.

Since Tempesta FW uses advanced CPU features, please make sure that your VM properly exports the CPU featrues. For QEMU you can do this with -cpu host command line option.

For the best Tempesta FW performance inside a virtual machine, the hardware must meet following requirements (plese check the Wiki for details):

• VT-d and VT-x technologies must be supported by the CPU and enabled in BIOS;

• vAPIC support in the CPU

• SR-IOV support in the network adapter.

Tempesta requires that the following Linux kernel configuration options are switched on:

• CONFIG_SLUB
• CONFIG_SECURITY
• CONFIG_SECURITY_NETWORK
• CONFIG_SECURITY_TEMPESTA
• CONFIG_DEFAULT_SECURITY_TEMPESTA
• "tempesta" listed first in CONFIG_LSM, e.g.

CONFIG_LSM="tempesta,lockdown,yama,loadpin,safesetid,integrity,selinux,smack,tomoyo,apparmor,bpf"

We suggest that CONFIG_PREEMPT_NONE is used for better throughput. However, please use CONFIG_PREEMPT_VOLUNTARY for debugging since this mode causes additional stress to synchronization of several algorithms. Also note that CONFIG_PREEMPT is not supported at all.

• Boost library – install libboost-all-dev on Debian-based Linux distributives.
• Perl Template-Toolkit – you can find the package as libtemplate-perl in Debian-based system.