Datasheet

Fastly Next-Gen WAF Agent Performance Benchmarks

SecurityWeb Application Firewall (WAF)

The Fastly Next-Gen WAF agent performance benchmarks represent what our customers routinely see in their production deployments.

On this page

The Fastly Next-Gen WAF engineering team developed an agent performance testing framework to determine CPU and memory utilization in various host configurations. The resulting benchmarks represent what our customers routinely see in their production deployments: that our lightweight agent requires few host resources, will not create significant latency yet remains performant.

Introduction

From inception, the Fastly Next-Gen WAF agent was designed to be as lightweight and efficient as possible wherever our customers run their apps and APIs. We provide the agent performance metrics in this document based on internal performance testing to prove out that our agent is lightweight, requires few host resources, and will not create significant latency once installed1. When evaluating web application and API protection solutions, we know performance is top of mind for development and operations teams: businesscritical applications must be performant and available to drive your business. Additionally, legacy WAF and other application and API protection solutions typically lead to significant performance and reliability issues that do not occur with the Next-Gen WAF.

Example Performance Benchmark Scenario

To report on the benchmarks presented in this document, our engineering team analyzed our agent usage metrics across multiple typical customer configurations. Below we focus on one test scenario our team chose because it reflects a common host configuration we see across our customer base. Most acronyms used in this document will be known to development, operations, and security professionals, but to be clear, “RPS” stands for “Requests Per Second”: 1,000 web requests per second per server is well over the average request volume of even large scale web apps and APIs experience in production. As the data below proves, even with significant request traffic load, our agent decision remains fast and performant, which is why it’s trusted by some of the largest scale companies on the Internet. Before moving on to the benchmark results, two factors influence the resulting agent performance metrics in our test scenario:

  • Request rate (RPS) and size impact performance results most.

  • The larger the request volume, the bigger the request size, and thus, the more CPU and memory resources are required.

Typical Test Scenario

1,000 RPS on compute instance with eight (8) cores running at 3.6GHz: running the benchmark test on a host with this configuration, the following findings result:

  • Median agent decision time required: under one millisecond. Larger requests take longer, but the agent still decides to block or allow the request in an average of 1.43ms for requests over 7KB in size.

  • CPU utilization on average: up to 35% for medium-sized requests.1

  • Agent memory utilization: around 40MB of available host memory1 — memory utilization is dependent on volume and size.

RPS Simulated

Request Size (bytes)

Median Agent Decision Time (Milliseconds)

Avg. Agent CPU Utilization % (out of 100%)

Avg. Memory Usage (bytes)

1,000

None (0)

0.2

7.61

31MB

1,000

Small (560)

0.33

10.95

35MB

1,000

Med (7,320)

0.98

34.54

31MB

NOTE: The resulting metrics do not include overhead potentially generated by the module. The Next-Gen WAF's module resource consumption is highly dependent on the application itself. However, typical applications add very little overhead.


1 Performance can vary by environment so you may not see similar results.

Datasheet
Fastly Response Security Service

Learn how you can prepare for and respond to suspected attacks with industry-leading support from Fastly security experts.

Web Page
Fastly Managed Security Service

Explore how Fastly’s global security experts can continuously monitor and proactively mitigate attacks 24/7 so you can maximize protection and focus efforts elsewhere.

Web Page
Fastly Security Professional Services

Learn how our team of application security experts is here to help every step of the way.

Meet a more powerful global network.

Our network is all about greater efficiency. With our strategically placed points of presence (POPs), you can scale on-demand and deliver seamlessly during major events and traffic spikes. Get the peace of mind that comes with truly reliable performance — wherever users may be browsing, watching, shopping, or doing business.

377 Tbps

Edge network capacity1

150 ms

Mean purge time with Instant Purge™

>1.8 trillion

Daily requests served4

~90% of customers

Run Next-Gen WAF in blocking mode3

As of March 31, 2024

As of December 31, 2019

As of March 31, 2021

As of July 31, 2023

Ready to get started?

Get in touch.