What does the microservices API gateway do?

Let’s take a look at the microservices API gateway and see a brief illustration below:

API gateway is not a new concept. It has been in existence for more than a decade. Its main function is to serve as the entry point of traffic, unified processing and business related requests, so that requests can be processed more securely, quickly and accurately. It has the following traditional functions:

  1. Reverse proxy and load balancing, which are in line with Nginx’s positioning and functionality;
  2. Dynamic runtime features such as dynamic upstream, dynamic SSL certificates, and dynamic traffic limiting are not available in the open source version of Nginx;
  3. Upstream active and passive health checks, and service fuses;
  4. On the basis of the API gateway, it is extended to become a full life cycle API management platform.

In recent years, business-related traffic is no longer only initiated by PC clients and browsers, but more from mobile phones and IoT devices. In the future, with the popularization of 5G, such traffic will be more and more. At the same time, with the structural changes of micro-service architecture, the traffic between services also begins to explode. In this new business scenario, more and more advanced functions of THE API gateway are spawned:

  1. Cloud native friendly, architecture to become lightweight, easy to container;
  2. Interconnecting with Prometheus, Zipkin, Skywalking and other statistical and monitoring components;
  3. Support gRPC agent, and protocol conversion between HTTP and gRPC, the user’s HTTP request into internal service gPRC request;
  4. Shouldering the role of OpenID Adopt the services of Authentication providers such as Auth0 and OKTA to treat traffic security as a top priority;
  5. Serverless is realized by dynamically executing user functions at runtime, which makes edge nodes of gateway more flexible.
  6. Users are not locked and hybrid cloud deployment architecture is supported.
  7. Finally, gateway nodes should be stateless and can be expanded or shrunk at will.

A microservice API gateway with the above ten functions can make users only care about the service itself, and functions unrelated to the service implementation, such as service discovery, service fusing, identity authentication, traffic limiting, statistics, performance analysis, can be solved at the independent gateway level. From this perspective, the API gateway can either replace all the functionality of Nginx to handle north-south traffic, or fulfill the role of Istio control surface and Envoy data surface to handle east-west traffic.

What are the alternative API gateways?

Because of the importance of the microservices API gateway, IT has always been a battleground for the traditional IT giants, such as Google, CA, IBM, Red Hat, Salesforce, as well as public cloud vendors such as AWS and Alicloud.

These closed-source commercial products are fully functional, covering the full lifecycle management of API design, multi-language SDKS, documentation, testing and release, and provide SaaS services. Some of them are also integrated with public clouds, which are very convenient to use, but also bring two pain points:

  1. Platform lock. API gateway is the entrance of business traffic. Unlike the non-business traffic accelerated by CDN, such as pictures and videos, which can be migrated at will, API gateway will bind a lot of business-related logic. Once a closed-source solution is used, it is difficult to migrate smoothly and cheaply to other platforms.
  2. It cannot be redeveloped. General large and medium-sized enterprises will have their own unique needs, need custom development, at this time you can only rely on the manufacturer, and can not do their own secondary development.

So we are more focused on open source API gateway solutions such as Kong, APISIX and Trk. These API gateways were taken from the Cloud Native Software Foundation (CNCF) [Panorama] :

Comparison of selection basis

Deployment and maintenance costs

  • Can it be fully deployed on a single machine, or can it be used with multiple nodes?
  • Are there external database dependencies? Like MySQL, Postgres?
  • Is there a Web console that can operate the entire cluster?

Open source or closed source

  • Can you write your own plug-ins to extend the functionality of the API gateway?
  • When you use one API gateway, can you migrate smoothly and cheaply to another API gateway?
  • Will it be locked into a particular platform?

Privatized deployment

  • Is deployment supported on a user’s own internal server?
  • Is the deployment mode of multi-cloud and hybrid cloud supported?

function

  • Supports dynamic upstream, dynamic SSL certificate, active/passive health check and other basic functions
  • Can it link with k8S ecological system
  • Whether the gateway configuration can be controlled through HTTP REST APIS and YAML configuration files

community

  • Can users contact the developers of the community through Github, QQ group, Stack Overflow and other ways?
  • Are open source licenses friendly?
  • Can I easily submit my own changes to the mainline version?
  • Are there commercial companies behind it?

Business support and pricing

  • Are the open source and commercial versions very different?
  • Is the commercial version charged per API call or by subscription?

API Gateway Comparison

API gateway Kong APISIX Trk Apigee AWS Gateway Aliyun Gateway
Deployment patterns stand-alone stand-alone stand-alone Single machine not supported PaaS PaaS
Data is stored Postgres or Cassandra etcd Redis Postgres, Cassandra and Zookeeper PaaS PaaS
Whether open source Yes, The Apache 2.0 protocol Yes, The Apache 2.0 protocol Yes, MPL protocol no no no
The core technology Nginx + Lua Nginx + Lua Golang The unknown The unknown The unknown
Private deployment is is is no no no
Custom plug-in is is is no no no
Community activity high high high In the low low
Connects to the external IdP no is no is is no
Support yaml is is no no no no

Kong and APISIX are both good choices.