Alexander is the CEO of Tempesta Technologies, Inc., and is the architect of Tempesta FW, a high performance open source Linux application delivery controller. Alexander is responsible for the design and performance of several products in the areas of network traffic processing and databases. He designed the core architecture of a Web application firewall, mentioned in the Gartner Magic Quadrant, and MariaDB system versioning.

Presentations

23x

Dynamic Bot Blocking with Web-Server Access-Log Analytics

In this talk, we present WebShield, a small open-source Python daemon that analyzes Tempesta FW, an open-source web accelerator, access logs and dynamically classifies and blocks bad bots.

* Bots' types and characteristics: L7 DDoS, password crackers, scrapers, carting/checkout abuse and others.
* How to employ users’ access patterns to classify bad bots.
* How to efficiently deliver web-server access logs to an analytics database (e.g., ClickHouse).
* Traffic fingerprints (JA3, JA4, p0f): computation and properties
* Tempesta Fingerprints: lightweight fingerprints designed for automatic web clients clustering.
* How to correlate multiple traffic characteristics and catch lazy bot developers.
* Baseline models for access-log analytics and how to validate them.
* How to block large botnets without blocking half the Internet.
* Scoring, behavioral analysis, and other advanced techniques.
 

See Presentation
22x

Scalable and Low Latency Lock-free Data Structures

* when standard containers and locking mechanisms aren't enough
* several advanced data structures: split ordered lists and other variations of lock-free hash tables, tries (partricia trees) and hybrid data structures
* x86-64 memory ordering and cache hierarchy, operating system preemption and how to employ all the knowledge to implement a very fast data structure
* gotchas of data structures benchmarking, such as keys distribution, latency vs throughput, worst cases and so on
* an open source lock-free cache conscius Hash Trie implementation

See Presentation
20x

Scalable and Low Latency Lock-free Data Structures

* when standard containers and locking mechanisms aren't enough
* several advanced data structures: split ordered lists and other variations of lock-free hash tables, tries (partricia trees) and hybrid data structures
* x86-64 memory ordering and cache hierarchy, operating system preemption and how to employ all the knowledge to implement a very fast data structure
* gotchas of data structures benchmarking, such as keys distribution, latency vs throughput, worst cases and so on
* an open source lock-free cache conscius Hash Trie implementation

See Presentation
18x

Web acceleration mechanics

  • Client and backend server connections management;
  • HTTP message queues and backend server connections failovering in HTTP standards and proxy implementations;
  • How HTTP/1.x, HTTP/2, and HTTP/3 (QUIC) decoders and parsers interact to each other;
  • HPACK and QPACK compression from HTTP/2 and HTTP/3 (QUIC) and when it hurts performance;
  • What and how HTTP allows to cache;
  • Different caching architectures;
  • Network I/O and TLS optimizations available in some web accelerators and modern Linux kernels;
See Presentation
17x

Fast HTTP string processing algorithms

There are binary optimizations in HTTP/2, so the protocol becomes less about string processing. However, strings, sometimes quite large like URI or Cookie, stil exists in HTTP. A typical program working with HTTP, must perform various string operations, e.g. tokenization, string matching, searching for a pattern etc. Classic computer science describe many string processing algorithms, but HTTP strings are special and specialized algorithms can improve performance of the strings processing in several times.

See Presentation