Tempesta Technologies
  • Home
  • Tempesta FW
    • Features
      • Web acceleration
      • Load balancing
      • Application performance monitoring
    • Performance
    • How it works
    • Deployment
    • Support
    • Knowledge base
  • Services
    • Software development
      • High performance
      • Networking
      • Databases
      • Linux kernel
      • Machine learning
      • How we work
      • Case studies
    • Performance analysis
    • Network security
      • DDoS protection
      • Application security
      • Cryptography
      • Security assessment
      • How we work
      • Case Studies
  • Solutions
    • DDoS Protection
    • Web Acceleration
  • Blog
  • Company
    • Research
    • Careers
    • Contact
Tempesta Technologies

Performance

We use Cisco TRex to test Tempesta xFW performance. At the moment we use two machines: Generator generating traffic with TRex and SUT running Tempesta xFW, with following specifications:

  • SUT: Dell R650 with 2xGold 6348, 256 GB RAM, 1 x 256 GB SSD 4 x 375 GB NVMe.
  • Generator: R750 with 2xGold 6348 – 64 GB RAM – 2 x 960 SSD.
  • Both the machines have: DELL F6FXM Mellanox CX623106A ConnectX-6 Dx EN 100Gigabit Ethernet Card 0F6FXM, Dual port 100G.

You can find more details in our repository.

Tempesta xFW is configured for the dual interface host mode (xfw.json):

{
    "devices": "enp202s0f0np0 enp202s0f1np1",
    "devices-mode": "native",
    "verbose": true,
    "sysctl-tcp-max-syn-backlog": 4096,
    "sysctl-tcp-syncookies": 1
}

Ubuntu 24.04.3 LTS was used during the tests.

While SUT has dual Intel Gold 6348, we use only one processor in the tests. This way the performance numbers at the below are for single Intel Gold 6348.

ICMPv6 flood test🔗

TRex call (use icmpv6_fix_cs.py):

./t-rex-64 -i -c 28

./trex-console

trex>start -f icmpv6_fix_cs.py -m 122000000

Results:

-Per port stats table 
      ports |               0 |               2 
 -----------------------------------------------------------------------------------------
   opackets |      1539202331 |      1541720718 
     obytes |    126214591142 |    126421098876 
   ipackets |               0 |               0 
     ibytes |               0 |               0 
    ierrors |               0 |               0 
    oerrors |               0 |               0 
      Tx Bw |      66.64 Gbps |      66.83 Gbps 

-Global stats enabled 
 Cpu Utilization : 74.6  %  7.8 Gb/core 
 Platform_factor : 1.0  
 Total-Tx        :     133.47 Gbps  
 Total-Rx        :       0.00  bps  
 Total-PPS       :     203.46 Mpps  
 Total-CPS       :       0.00  cps  

 Expected-PPS    :       0.00  pps  
 Expected-CPS    :       0.00  cps  
 Expected-BPS    :       0.00  bps  

 Active-flows    :        0  Clients :        0   Socket-util : 0.0000 %    
 Open-flows      :        0  Servers :        0   Socket :        0 Socket/Clients :  -nan 
 Total_queue_full : 321246752         
 drop-rate       :     133.47 Gbps   
 current time    : 37.0 sec  
 test duration   : 0.0 sec  
  • Workload is 130 Gbps and 200 Mpps.
  • No ierrors and oerrors.

TCP/UDP flood test🔗

UDP flood of packet length 1514 bytes and various types of TCP flood traffic (length 54 bytes):

  • ACK flood
  • FIN flood
  • NULL flood
  • RST flood
  • SYN flood
  • SYN-ACK flood
  • URG flood
  • XMAS flood (FIN-PUSH-URG)

Use (tcpudp.yaml):

./t-rex-64 --ipv6 -f tcpudp.yaml -m 650 -c 23

Results:

-Per port stats table 
      ports |               0 |               2 
 -----------------------------------------------------------------------------------------
   opackets |       552946710 |       553663783 
     obytes |    125580328244 |    125743176476 
   ipackets |         1369324 |         2197350 
     ibytes |       112284568 |       180182700 
    ierrors |               0 |               0 
    oerrors |               0 |               0 
      Tx Bw |      69.58 Gbps |      69.94 Gbps 

-Global stats enabled 
 Cpu Utilization : 58.2  %  10.4 Gb/core 
 Platform_factor : 1.0  
 Total-Tx        :     139.52 Gbps  
 Total-Rx        :     190.76 Mbps  
 Total-PPS       :      76.79 Mpps  
 Total-CPS       :       0.00  cps  

 Expected-PPS    :      39.60 Mpps  
 Expected-CPS    :      39.60 Mcps  
 Expected-BPS    :      71.95 Gbps  

 Active-flows    :     7200  Clients :    65535   Socket-util : 0.0002 %    
 Open-flows      :     7200  Servers :      500   Socket :     7200 Socket/Clients :  0.1 
 Total_queue_full : 129480281         
 drop-rate       :     139.33 Gbps   
 current time    : 16.3 sec  
 test duration   : 3583.7 sec  
  • Workload is 140 Gbps and 75 Mpps.
  • No ierrors and oerrors.
  • Home
  • XFW
    • Basic Administration
    • Quick start
    • DNS DDoS protection
    • Observability
    • Performance
  • XFW Filtration Rules
    • Chaining
    • Evaluation Mode
    • IP Filter
    • ICMP Filter
    • DNS Filter
    • UDP Anomaly Filter
    • TCP Anomaly Filter
    • TCP Authentication Filter
    • TCP SYN Cookies
    • TCP Flags Filter
    • Destination Filter
    • Source Filter
    • Protected Network Definition
    • Rate Limits
    • Default Rules
  • Manager
    • Management daemon
    • Client library
    • Command line interface
  • DDoS Protection Use Cases
    • DNS server
    • Web server
    • Advanced Protection
  • Troubleshooting
    • Troubleshooting System Description
    • Troubleshooting System Verification Script
    • Troubleshooting Netconsole Configuration
    • Troubleshooting Server
    • Troubleshooting Support Server

Powered by Tempesta FW

Stay up to date with our latest developments

Useful Links

Home
Blog

Tempesta® FW

Features
Performance
Deployment
Support
Knowledge Base

Services

Software Development
Performance analysis
Network Security

Solutions

DDoS Protection

Web Acceleration

Company

Research
Careers
Contact