Web Content Delivery and Security

High-performance and secure web content delivery

Fully in-house managed solutions for CDNs. No vendor locks. No third party dependencies.

For fast growing and innovative CDNs that want to deliver the best performance and security, Tempesta Technologies provides customizable solutions using the open source for secure low-latency and high throughput content delivery. This allows Internet companies to deliver the best user experience and not depend on vendor’s proprietary products or third party services.

High throughput and low latency

Improve throughput of a CDN edge node and reduce its latency with:

Ready to use components, such as high-performance web cache and TLS

Deep system analysis revealing sophisticated performance issues

Performance optimizations of an open source or in-house proprietary software

Content storage

We contributed to the most sophisticated parts of the MariaDB and Percona XtraDB Cluster engines, so we know everything about efficient disk I/O. Old-fashion web proxies handle the web cache in filesystem (e.g. Nginx) or mmap() (e.g. Varnish) barely handle terabyte caches with millions of objects.
Tempesta FW’s cache is built on top of an in-memory database, which uses a cache-conscious lock-free data structure to service millions requests per second.
We develop optimized database-like storages for web content with:

Machine learning for the best cache eviction strategy

Compact lock-free indexes to reduce RAM overhead and improve concurrency

Secondary per-upstream index for efficient Vary headers handling

Optimized multi-disk IO for large HDD arrays or modern NVMe SSDs

Edge computing

Tempesta FW can map processed HTTP messages to the users space, where they can be processed in zero-copy fashion using any programming language with C binding, e.g. Rust, C++, JavaScript, Python etc. This allows serverless computations to run and finish with lowest latencies.
Besides the client serverless code, the Tempesta FW zero-copy HTTP message mapping is efficiently used to implement high-performance custom web application security logic (WAF).

Web Application Firewall

Tempesta FW accelerates WAFs by offloading filtration rules and load balancing between multiple WAF instances. Our SIMD-accelerated HTTP parser performs x10 more security checks and is x2-3 faster than the popular open source HTTP proxies.
Combining Tempesta FW with powerful WAFs, like ModSecurity, builds highly secure and high-throughput web security solutions.

DDoS mitigation

Tempesta FW provides a rich set of web application level (L7) DDoS mitigation techniques, such as rate limits, challenges and behaviour analysis, which do not break user experience.
We develop custom DPDK and XDP DDoS mitigation systems to protect specific non-web traffic from volumetric L3-L4 attacks

Bots detection

Behavior analysis of weighted graphs of client transitions, dynamic requests validation using advanced machine learning techniques, challenges with no or minimal impact to a user experience and JavaScript/markup honeypots in combination with reach rules engine provide multi-layer protection against application (L7) bot attacks. Efficient data compression, probabilistic algorithms and advanced performance optimizations make the computations fast enough to perform the clients classification even on entry level server hardware.

Open source

Build a feature full edge node with open source to avoid any vendor locks.

Our team prepares ready to use CI/CD pipelines to deploy well-tuned open source software, such as Nginx, Varnish, HAproxy, ModSecurity, Curiefence and many others, to build a feature-full CDN edge node.

Tempesta FW, our open source high-performance hybrid of HTTPS accelerator and firewall, provides a platform to build high-throughput low-latency secure edge nodes.

Custom modules

Most businesses have unique workloads and client needs, e.g. a CDN specializing in gaming or online education traffic provides more client value if it uses specific solutions dplust to the traditional web acceleration. We develop custom software modules for:

Advanced security solutions (e.g. machine learning driven bots detection)

DDoS mitigation (e.g. our team developed the regular expressions running in XDP on 400Gbps by request of G-Core)

Data storages capable to transfer hundreds thousand gigabits per second per node

Flexible management software to dynamically configure and monitor thousands edge nodes

Case Studies

18 October 2022

Kinescope

We provided consulting services to improve performance of the video on demand and live video CDN edge nodes. We collected the time series data on the CDN operation statistics and developed a C++ data crunching program, which computes various web cache metrics. The metrics can be directly used to estimate the hardware configuration for a CDN edge node, which is the most optimal in terms of performance and cost. Read the full client review.

2 October 2023

NetActuate

A full CDN PoC, including a the control plane onboarding new clients and managing the proxy nodes, and the data plane with proxy nodes built on top of Tempesta FW was developed and launched by our team. Tempesta FW and other software for anycast operating nodes is deployed in fully automated CI/CD pipeline.

26 October 2022

G-Core Labs

We analyzed performance of a production CDN edge node running in one of the largest European Internet exchange. The Linux scheduler issue was revealed using advanced eBPF and perf scripts. That was a very exciting assignment and you can enjoy reading all the technical details about it in our blog post.