Author | Rufenke
Traditional gateway classification and deployment mode
Gateways in the industry are usually divided into two categories: traffic gateway and service gateway. Traffic gateway mainly provides global policy configuration unrelated to back-end services. For example, Tengine, the unified access gateway of Ali, is a typical traffic gateway. As the name implies, the business gateway mainly provides the configuration of tightly coupled policies with back-end services at the level of independent business domains. With the evolution of the application architecture pattern from monomer to distributed microservices, the business gateway has a new name – microservices gateway (illustrated below). In the current era of container technology and K8S-led cloud native, is the next generation gateway model still the same?
Next generation gateway product portrait
Just as the question in the figure above: in the cloud native era dominated by container technology and K8s, will the next generation gateway mode still be the two-layer architecture of traditional traffic gateway and micro-service gateway? With this problem in mind and combined with ali’s internal gateway technology and operation and maintenance experience, we tried to make product portraits for the next generation of gateway products, which are described as follows:
As the next generation gateway product, we expand on several core elements:
- Cloud native: To support standard K8s Ingress, K8s Gateway API and K8s service discovery, in the era of cloud native K8s has become a cloud OS, and the network inside and outside the K8s native cluster is isolated, K8s Gateway API is the further evolution of K8s Ingress. Based on this, as the next generation Gateway, it is bound to support this feature.
- Embrace open source: to build gateways based on open source ecology, with the help of open source and open source, I believe that we should be familiar with this point.
- High scalability: it is impossible for any one gateway to cover all user demands. It is necessary to have extensible capabilities. For example, the booming development of K8s owes much to its open expansion capabilities.
- Service governance: As application architectures evolve to distributed microservices, the gateway itself provides traffic scheduling capabilities for back-end businesses, and the ability to support basic service governance comes naturally.
- Rich observability: Distributed microservice architecture brings benefits such as improved collaborative efficiency, but also brings greater challenges to problem identification and operation and maintenance. As a traffic bridgehead, gateways need to have rich observable data to help users locate problems.
Birth of the cloud native gateway
Based on the above understanding of the next generation gateway, we first launched the cloud native gateway inside Ali, and successfully deployed it online in multiple businesses and experienced the test of double 11 promotion. The diagram of the cloud native gateway is as follows:
Product advantages of cloud native gateway
More economical: the traffic gateway and micro-service gateway are combined as one, and the cost of user resources is reduced by 50%
Under the micro service architecture of virtualization period, the business usually adopts micro flow gateway + service gateway two layers architecture, traffic gateway is responsible for the north-south traffic scheduling and safety protection, the service gateway is responsible for the east-west traffic scheduling and service management, and in the era of containers and K8s leading cloud native, Ingress into K8s ecological standard of gateway, The gateway is endowed with a new mission, which makes it possible to combine traffic gateway with micro-service gateway.
The cloud native gateway released by Ali Cloud MSE changes the two-layer gateway into one layer without any discount, which can not only save 50% of the resource cost, but also reduce the operation, maintenance and use costs. The deployment diagram is as follows: The traditional gateway mode is on the left, and the native gateway mode of the next-generation cloud is on the right.
In the context of microservices, rich observability is also the basic core appeal of users. Based on this, the cloud native gateway integrates the real-time monitoring service ARMS of Ali Cloud application by default to provide rich observable data, and this function is free for users.
More secure: Provides rich authentication capabilities, reducing the cost of secure access for customers
MSE Cloud Native Gateway provides not only conventional JWT authentication, but also OIDC authentication based on the authorized open network standard OAuth 2.0. At the same time, MSE cloud native Gateway naturally supports aliyun’s application identity service IDaaS, helping customers to realize three-party authentication login on Alipay, Taobao and Tmall, and extending authentication and authentication functions in the way of plug-ins, so as to reduce the cost of secure access for customers. The existing authentication and authentication functions are shown as follows:
More unified: the gateway directly connects to the back-end services, opens up multiple service sources of Nacos/Eureka/K8s, and takes the lead in supporting Apache Dubbo3.0 protocol
Open source has become one of the driving forces of software development, and open commercial products facing community standards have more vitality.
Envoy is one of the most popular Ingress implementations in the K8s community and is becoming the standard technology solution for traffic entry in the cloud native era. MSE cloud native gateway is built on Envoy and Istio to realize unified control surface control, directly connect to back-end services, support Dubbo3.0, Nacos, connect to ali cloud container service ACK, and automatically synchronize service registration information. The support of MSE cloud native Gateway for Dubbo 3.0 and Nacos has been first launched in Dingding service. The following is the deployment diagram of Dingding Dubbo 3.0:
More stable: the technology has been accumulated for a long time. After the 2020 Double 11 test, the number of requests per second is 100,000
Commercial products didn’t happen overnight.
MSE cloud native gateway has long been tempered inside Alibaba. At present, it has been used in Alipay, Dingpin, Taobao, Tmall, Youku, Feizu, Koubei and other Ali business systems, and has passed the test of massive requests in 2020 Double 11. It can easily carry 100,000 requests per second and the daily request volume reaches ten billion level.
Application scenario of cloud native gateway
Currently, the cloud Native Gateway can cover all Service scenarios from north to south and from east to west, that is, it supports traditional registries such as Nacos, K8s Service, and traditional ECS. The following is illustrated in the figure:
Write in the last
The cloud native gateway has been commercialized, aims to provide users with more reliable, lower cost, higher efficiency meet K8s Ingress standard enterprise gateway products, release more details set studio to watch: yqh.aliyun.com/live/detail…
Cloud native gateway provides two payment modes: post-payment and annual and monthly payment. It supports hangzhou, Shanghai, Beijing and Shenzhen, and will gradually open other regions. All the preferential periods of cloud native gateway are 10% off.
Dingding can scan the qr code below or search the group number 34754806 to join the user group to communicate and answer questions.
Click on the bottom of the article to read the original article for more product information.
IDaaS introduction: help.aliyun.com/document_de… 2) cloud native gateway to buy links: www.aliyun.com/product/ali…