Max RPS Throughput

Hi! What is the max RPS/Mbit/Kpps throughput I can filter using this WAF? How do you benchmark WAF? I am stuck at max 5-8k RPS on wrk local 1Gbit test. And it uses around 22% of 16cpu Proxmox VM Ryzen 9 5950X CPU. I want to use this WAF to DoS/DDoS protection LAB so this values are essential to ensure it can keep up with the load.

Setup is: One simple block all but one SrcIP firewall, one app working on 443 (SSL installed) via RevProxy
How to make it efficient? And if it can't be scaled to 100k RPS minimum then is there any opensource solution that i can try for my lab?
Zrzut_ekranu_2025-07-23_o_18.20.26.png

With the Pro edition of SafeLine and a 16-core setup, the estimated performance can reach around 15,000 RPS.

If you’re seeing 5–8k RPS, are you testing with a single core? The free Personal Edition is single-threaded and doesn’t support performance scaling — so 5–8k RPS per core is expected.

Also, please note that SafeLine is not a DDoS protection product. For Layer 7 DDoS, it can only provide mitigation, not full protection.

If you want to defend against such attacks, you could consider deploying multiple instances in a cluster. Each SafeLine node would require a different Pro license, and you can use the config sync feature along with a load balancer to distribute traffic across the cluster.

DrThrax

Updated 10 months ago

There isn't an issue with clustering it, just question "Will it scale?" and "Can we mesure how it will scale with some RPS lost on the way for cluster computing?"