Zion Edge Gateway

233K req/s

Peak throughput on Apple M4 with TLS 1.3 end-to-end. 107K req/s API proxy, 103K with full WAF pipeline active (CV 0.5%). Zero errors.

Zero-Regex WAF

Aho-Corasick automaton in a single O(N) pass over the body. Two pattern sets — balanced (default, ~120 high-precision patterns) and aggressive (opt-in, +~70 broad-substring patterns). Per-profile entropy gate (default 6.5 bits/byte, JSON-string-aware).

Two-Level Cache

L1 thread-local with O(1) LRU (intrusive doubly-linked list) + L2 shared DashMap. Generation-based coherence. Watch-channel singleflight (race-free even when the fetcher completes between subscribe and await).

TLS 1.3 + Hot-Reload

rustls + hardware crypto (AES-NI/NEON). Multi-SNI, session tickets, 0-RTT. Certificate hot-reload via ArcSwap with zero downtime.

HTTP/1.1 + H2 + H3

Full protocol support including HTTP/2 upstream multiplexing, WebSocket proxy, SSE streaming, HTTP/3 QUIC (feature-gated). ACME auto-renewal.

Prometheus Native

/metrics, /healthz, /readyz built-in. Lock-free sharded counters, differential latency histograms. X-Request-ID + W3C traceparent propagation.

Hardware-Aware

Auto-detects CPU cores, L1d cache, AES-NI/NEON. Pins workers to cores. TCP_FASTOPEN, TCP_CORK, SO_REUSEPORT, SO_BUSY_POLL, io_uring.

Single Binary, TOML Config

No runtime dependencies. ~4MB release binary. Validates config at startup. Graceful shutdown with 30s drain. systemd + Docker ready.

Why Zion?

	nginx	HAProxy	Envoy	Caddy	Traefik	Pingora	Zion
Language	C	C	C++	Go	Go	Rust	Rust
Memory safety	No	No	No	GC	GC	Yes	Yes
Built-in WAF	No	No	No	No	No	No	Aho-Corasick, dual-mode
RAM cache	No	Yes	No	No	No	No	L1+L2
TLS hot-reload	Signal	Signal	xDS	Auto	File watch	Custom	ArcSwap
Config format	Custom	Custom	YAML/xDS	JSON/API	YAML/API	Rust code	TOML
Binary size	~1.5MB	~3MB	~40MB	~40MB	~100MB	Library	~4MB
Singleflight	No	No	No	No	No	No	Yes
HTTP/3 QUIC	Patch	No	Yes	Yes	Yes	No	Feature-gated
JWT/OIDC auth	No	No	Yes	Yes	Yes	No	Feature-gated

nginx

HAProxy

Envoy

Caddy

Traefik

Pingora

Zion

Language

C++

Rust

Rust

Memory safety

Yes

Yes

Built-in WAF

Aho-Corasick, dual-mode

RAM cache

Yes

L1+L2

TLS hot-reload

Signal

xDS

Auto

File watch

Custom

ArcSwap

Config format

Custom

YAML/xDS

JSON/API

YAML/API

Rust code

TOML

Binary size

~1.5MB

~3MB

~40MB

~100MB

Library

~4MB

Singleflight

Yes

HTTP/3 QUIC

Patch

Yes

Feature-gated

JWT/OIDC auth

Yes

Feature-gated

Quick Start

bash

cargo build --release
ZION_CONFIG=zion.toml ./target/release/zion

toml

[server]
listen_https = "0.0.0.0:443"

[tls]
cert_path = "/etc/ssl/zion/tls.crt"
key_path = "/etc/ssl/zion/tls.key"

[upstreams]
backend = "http://127.0.0.1:8000"

[[route]]
path = "/api/{*rest}"
upstream = "backend"
waf = true

ZionEdge Gateway

233K req/s

Zero-Regex WAF

Two-Level Cache

TLS 1.3 + Hot-Reload

HTTP/1.1 + H2 + H3

Prometheus Native

Hardware-Aware

Single Binary, TOML Config

Performance at a Glance

Why Zion?

Quick Start

ZionEdge Gateway

233K req/s

Zero-Regex WAF

Two-Level Cache

TLS 1.3 + Hot-Reload

HTTP/1.1 + H2 + H3

Prometheus Native

Hardware-Aware

Single Binary, TOML Config

Performance at a Glance ​

Why Zion? ​

Quick Start ​

Performance at a Glance

Why Zion?

Quick Start