-
Notifications
You must be signed in to change notification settings - Fork 103
Best practices
Tempesta FW is a Linux kernel hybrid of HTTP accelerator and an application layer firewall, so following best practices are recommended for high performance, reliable and secure installations.
In fact Tempesta Technologies web site is ran in two KVM virtual machines running on a bare metal server in active-standby scenario using keepalived.
Tempesta FW significantly outperforms any existing software HTTP accelerator while 2 VMs installation provides the whole service availability and maintainability. It has sense to assign all CPU cores to both the VMs in active-standby scenario and only half of CPU cores to each VM in active-active scenario. Even running in virtualized environment Tempesta FW processes traffic much faster than traditional servers on bare metal.
The benefits of using the virtualized installation are:
-
Performance is still high, thanks to modern virtualization technologies;
-
You can deploy fresh versions of software (we do this for the new versions of Tempesta FW) any time: keepalived works quite fast and the service will always be accessible for your clients;
-
Any failures aren't crucial any more: just deploy the newest software version on one VM leaving the second one with older and stable version - update the second one after some time, when you sure that the newest version is stable enough.
Read Clouds page for information about support of different virtualization technologies and High availability for Tempesta FW with keepliaved configuration guide.
While modern virtualization is fast enough, it's still tempting to get the whole hardware resources for maximum performance and run Tempesta FW on bare metal. Besides running Tempesta FW on bare metal, you might want to get as much performance as possible from your small VM and this is also a case for Kexec.
In such installations if a failure occurs, usually it's much faster to restart a user space daemon than reboot the kernel. Thus, if you're going to use Tempesta FW on bare metal, then it has sense to use Kexec for faster kernel reboot on a disaster. Kexec boots an alternate Linux kernel without going through BIOS, which saves a lot of time on big servers. It's safe and efficient to run Tempesta FW as an alternate Linux kernel which can be rebooted quickly.
There are many other situations when a faster reboot is wished, so there are many guides about the Linux kernel boot process speedup. Consider these links as a starting point:
- Home
- Requirements
- Installation
-
Configuration
- Migration from Nginx
- On-the-fly reconfiguration
- Handling clients
- Backend servers
- Load Balancing
- Caching Responses
- Non-Idempotent Requests
- Modify HTTP Messages
- Virtual hosts and locations
- HTTP Session Management
- HTTP Tables
- HTTP(S) Security
- Header Via
- Health monitor
- TLS
- Virtual host confusion
- Traffic Filtering by Fingerprints
- Run & Stop
- Application Performance Monitoring
- Use cases
- Performance
- Contributing