Tempesta FW

What it is?

Tempesta FW is an all-in-one open-source solution for high performance web content delivery and advanced protection against DDoS and web attacks. This is a drop-in-replacement for the whole web server frontend infrastructure: an HTTPS load balancer, a web accelerator, a DDoS mitigation system, and a web application firewall (WAF).

Tempesta FW is the first and only hybrid of a Web accelerator and a multi-layer firewall. This unique architecture provides seamless integration with the Linux iptables or nftables.

Tempesta FW services up to 1.8M HTTP requests per second on the cheapest hardware, which is x3 faster than Nginx or HAProxy. Tempesta TLS is about 40-80% faster than Nginx/OpenSSL and provides up to x4 lower latency.

Demo

Watch the Tempesta FW demo in the Security Weekly show - Fast And Secure Web.

How it works?

Tempesta FW is built into Linux TCP/IP stack for better and more stable performance characteristics in comparison with TCP servers on top of common Socket API or even DPDK or other kernel bypass technology.

We do our best to keep the kernel modifications as small as possible. Current patch is just about 3,200 lines.

Current state

We're in Beta state for now. The beta is available by:

• source code
• installation script (binary packages)

The master branch is a development (and unstable) branch for contributers and early testers only. Use release-0.8 branch for a stable version.

Installation and Configuration

Please see our Wiki for following topics:

• Quick start
• Design description
• System requirements
• Installation procedures
• Configuration guide
• Use cases
• Performance tips & benchmarks
• High availability
• Observability
• Application performance monitoring

Contribute to Tempesta FW

Please follow Tempesta Contributor's Guide for guidance on making new contributions to the repository.