Performance Characteristics
Measured and estimated performance characteristics for TameFlare components. All numbers are from local testing on commodity hardware (4-core CPU, 16 GB RAM, SSD).
Proxy latency (Gateway)
The gateway adds latency to every proxied request. This is the overhead TameFlare introduces on top of the upstream API's response time.
| Metric | HTTP | HTTPS (with TLS interception) |
|---|---|---|
| p50 | ~1-2ms | ~3-5ms |
| p95 | ~3-5ms | ~8-12ms |
| p99 | ~8-15ms | ~15-25ms |
What contributes to latency
| Step | Time | Notes |
|---|---|---|
| Connector lookup (domain → connector) | <0.1ms | In-memory map |
| Action parsing (HTTP → structured action) | ~0.5-1ms | Regex matching on URL/method |
| Permission check (SQLite lookup) | ~0.5-2ms | Cached after first lookup |
| Credential injection | <0.1ms | In-memory vault |
| TLS to upstream API | ~2-5ms | Fresh TLS handshake to upstream; session resumption after first request |
| Traffic log write (SQLite) | ~0.5-1ms | Async, non-blocking |
First request to a new domain
The first HTTPS request to a new domain takes ~20-50ms extra because the cloud gateway performs connector lookup, permission resolution, and a fresh TLS handshake to the upstream API. Subsequent requests to the same domain benefit from cached configuration and TLS session resumption.
Gateway resource usage
| Metric | Idle | Under load (100 req/s) |
|---|---|---|
| RAM | ~20-30 MB | ~40-80 MB |
| CPU | <1% | ~5-15% (4-core) |
| Goroutines | ~10 | ~200-500 |
| Open file descriptors | ~20 | ~300-500 |
The gateway is a single Go binary with no external dependencies. Memory usage scales linearly with concurrent connections.
Cold start
| Component | Time | Notes |
|---|---|---|
| Cloud gateway | ~50-200ms | Config fetch + vault decrypt + CA load |
| First proxied request | +10-50ms | Connector init + first TLS cert generation |
Scaling limits
| Dimension | Practical limit | Bottleneck |
|---|---|---|
| Concurrent agents | ~50-100 per gateway | Port allocation (one port per agent) |
| Requests per second | ~500-1,000 per gateway | SQLite write throughput for traffic logs |
| Policies | ~100-200 | Evaluation time grows linearly |
| Audit events | ~10M rows before queries slow | SQLite full-table scan. Use AUDIT_RETENTION_DAYS to prune. |
| Traffic log size | ~1 GB per ~5M requests | Disk space. Prune via maintenance endpoint. |
For higher throughput, create multiple gateways in the dashboard and run them on separate machines.
Next steps
- Deployment Topology - how components connect
- Security - TLS interception and credential vault
- Proxy Behavior - headers, streaming, protocol support