CDN
High-performance and secure web content delivery
Fully in-house managed solutions for CDNs. No vendor locks. No third party dependencies.
For fast growing and innovative CDNs that want to deliver the best performance and security, Tempesta Technologies provides customizable solutions using the open source for secure low-latency and high throughput content delivery. This allows Internet companies to deliver the best user experience and not depend on vendor’s proprietary products or third party services.
High throughput and low latency
Improve throughput of a CDN edge node and reduce its latency with:
Deep system analysis revealing sophisticated performance issues
Performance optimizations of an open source or in-house proprietary software
Content storage
We contributed to the most sophisticated parts of the MariaDB and Percona XtraDB Cluster engines, so we know everything about efficient disk I/O. Old-fashion web proxies handle the web cache in filesystem (e.g. Nginx) or mmap() (e.g. Varnish) barely handle terabyte caches with millions of objects.
Tempesta FW’s cache is built on top of an in-memory database, which uses a cache-conscious lock-free data structure to service millions requests per second.
We develop optimized database-like storages for web content with:
Machine learning for the best cache eviction strategy
Compact lock-free indexes to reduce RAM overhead and improve concurrency
Secondary per-upstream index for efficient Vary headers handling
Optimized multi-disk IO for large HDD arrays or modern NVMe SSDs
Edge computing
Tempesta FW can map processed HTTP messages to the users space, where they can be processed in zero-copy fashion using any programming language with C binding, e.g. Rust, C++, JavaScript, Python etc. This allows serverless computations to run and finish with lowest latencies.
Besides the client serverless code, the Tempesta FW zero-copy HTTP message mapping is efficiently used to implement high-performance custom web application security logic (WAF).
Web Application Firewall
Tempesta FW accelerates WAFs by offloading filtration rules and load balancing between multiple WAF instances. Our SIMD-accelerated HTTP parser performs x10 more security checks and is x2-3 faster than the popular open source HTTP proxies.
Combining Tempesta FW with powerful WAFs, like ModSecurity, builds highly secure and high-throughput web security solutions.
DDoS mitigation
Tempesta FW provides a rich set of web application level (L7) DDoS mitigation techniques, such as rate limits, challenges and behaviour analysis, which do not break user experience.
We develop custom DPDK and XDP DDoS mitigation systems to protect specific non-web traffic from volumetric L3-L4 attacks
Bots detection
Behavior analysis of weighted graphs of client transitions, dynamic requests validation using advanced machine learning techniques, challenges with no or minimal impact to a user experience and JavaScript/markup honeypots in combination with reach rules engine provide multi-layer protection against application (L7) bot attacks. Efficient data compression, probabilistic algorithms and advanced performance optimizations make the computations fast enough to perform the clients classification even on entry level server hardware.
Open source
Build a feature full edge node with open source to avoid any vendor locks.
Our team prepares ready to use CI/CD pipelines to deploy well-tuned open source software, such as Nginx, Varnish, HAproxy, ModSecurity, Curiefence and many others, to build a feature-full CDN edge node.
Tempesta FW, our open source high-performance hybrid of HTTPS accelerator and firewall, provides a platform to build high-throughput low-latency secure edge nodes.
Custom modules
Most businesses have unique workloads and client needs, e.g. a CDN specializing in gaming or online education traffic provides more client value if it uses specific solutions dplust to the traditional web acceleration. We develop custom software modules for:
Advanced security solutions (e.g. machine learning driven bots detection)
DDoS mitigation (e.g. our team developed the regular expressions running in XDP on 400Gbps by request of G-Core)
Data storages capable to transfer hundreds thousand gigabits per second per node
Flexible management software to dynamically configure and monitor thousands edge nodes
Kinescope
NetActuate
G-Core Labs