This Saturday (August 21), Apache APISIX Meetup Shanghai will officially start! Today, we bring you an interview with Li Yang, the person in charge of Airwallex Technology platform, to listen to the story between Airwallex and Apache APISIX. At the end of this article is the way to participate in this Meetup in Shanghai. If you are interested, don’t miss it!

Q: Please briefly introduce yourself and your current job

Li Yang: Jan Li, Ph.D., Apache APISIX Committer, Airwallex Technical Platform Lead, responsible for the evolution of the company’s Technical Platform. Before joining Airwallex, he led the transport chain alliance in Wanxiang Blockchain. Prior to Wanxiang Blockchain, He led the OTC Derivatives risk control platform at Citigroup.

Airwallex is a global fintech company that enables businesses of all sizes to operate across borders to help the global economy. With technology as the core, Airwallex has built a proprietary global financial infrastructure platform. The global payment network has covered more than 50 currencies in more than 130 countries and regions, providing digital fintech products for enterprises of all sizes. In the information age of global connectivity, To help enterprises develop rapidly in the world in a more efficient and safe way. Since its establishment in 2015, Airwallex has received over $500 million in financing from top investors and currently has 12 offices and over 900 employees worldwide.

Q: What led you/your technical team to use Apache APISIX when making the technology selection?

Li Yang: API gateway is an extremely important component of basic technology. In the selection of technology, we mainly compare the main gateway products from six dimensions:

  • Stability: The stability of API gateway is crucial. Among the top 1000 websites in the world, 62.1% are Nginx system, which indicates that Nginx system Web server has passed the test of complex and diverse scenarios in production environment. APISIX’s fully dynamic design also allows it to keep long links of clients without having to be reloaded when modifying routes. We also stress-tested Apache APISIX and found that it was stable at 70% or more of the CPU.
  • Performance: Every API request passes through the API gateway, and reducing the gateway performance loss can greatly reduce the overall response time of a company’s API. In the PoC we compared the major gateway products and Apache APISIX’s response latency was more than 50% lower than other gateways; The design of the Apache APISIX data surface also makes each instance in the cluster independent of each other, which makes it naturally scalable horizontally.
  • Extensibility: API gateway pattern is very important for micro service architecture model, in accordance with API gateway pattern API gateway must support the enterprise complex authentication, access control, service discovery, current limiting, demotion, load balancing, white list, dynamic routing, and other functions, so how to support custom is very key considerations in choosing API gateway.
  • Community activity: As new technologies and requirements emerge, an active community is critical for API gateways to keep pace with technological evolution. As early as when Apache APISIX was an Apache incubation project, its community has been very active in terms of contributor number, issue response time and Pull Request number.
  • Private deployment: As an enterprise core technology architecture component, the API gateway should be deployed on the edge of its private network. Apache APISIX is adaptable and can be easily deployed in a variety of environments, including cloud computing platforms.
  • Open source protocol: Apache 2.0 gives enterprises that customize APISIX considerable technical freedom.

Q: What scenarios is Apache APISIX used in? What problems have been solved?

Li Yang: We use Apache APISIX as the core component of the microservices gateway model. It is deployed at the edge of the network to provide a common gateway function for all traffic entering the Airwallex airborne cloud pool. The problems we solve include:

  • Data sovereignty issues: Data sovereignty is a critical regulatory requirement for financial infrastructures that operate across borders. To this end, we use Apache APISIX dynamic upstream selection function to develop a regulatory compliant dynamic routing plug-in. Dynamic routing can intelligently select upstream for request distribution according to the characteristics of user requests and abstract the complex multi-data center coordination problem from the service layer to the gateway layer. Dynamic routing essentially answers two questions: How do you group upstream? How to match requests and groups.

  • Microservice isolation: Airwallex hopes that the engineering teams of each microservice can control their own services, effectively reduce the cost of communication and coordination, and improve the efficiency of the project. This architectural concept requires that infrastructure components shared by teams, such as the API Gateway, support multi-tenant isolation. While ensuring the robustness and cost control of the entire system, the business team is allowed to configure and expand gateway functions according to their own needs, and the independence of the microservice team and service is maintained.

  • Tenant – level traffic limiting: In a multi-tenant environment, traffic characteristics of each tenant are different. Traffic limiting for different tenants cannot meet business requirements. Traffic limiting for tenants can be more appropriate based on user characteristics.

  • Tenant level whitelist: In a multi-tenant environment, the access IP address of each tenant is different. A single whitelist cannot meet the requirements of tenant-level security management. Tenant whitelist allows each tenant to control its own whitelist without worrying about other users in the whitelist accessing its resources.

  • Authentication: THE API gateway must not only support request Authentication, but also support dynamic key update. Updating the key frequently is a key to ensure user resource security.

  • Authorization: Authorization management of enterprise-level applications is very complex. Different application scenarios have different Authorization management models. According to the route configuration, the API gateway can verify whether the requesting user has sufficient permission to access the interface and intercept the illegal traffic in the first time.The content is more simplified to make it clearer:

Q: Did the Apache APISIX upgrade go well? Share your feelings or stories about upgrading.

Li Yang: In order to be able to upgrade to new versions of Apache APISIX at any time, we implemented the main functions as custom plug-ins. This means that our code base is unlikely to collide with the Apache APISIX main Repo core code, which helps us avoid code conflicts that we might encounter. But sometimes we need to change the core code, and we try to do that in the open source community. When the open source community discussed these features, the community was very eager to participate and in most cases solved our problems very quickly.

Q: How long has Apache APISIX been running in production? How are you doing online?

Li Yang: The production environment has been running for 15 months. When dynamic routing, tenant-level traffic limiting, tenant-level whitelist, Authentication, Authorization and other functions are enabled, 99% of the response latency is less than 23ms. The overall performance is very stable. Thanks to Apache APISIX’s excellent plug-in mechanism, we were able to add proprietary plug-ins that fit our business needs with very little change to its core code. The complete testing system also further guarantees the software quality, which can increase the personalized requirements of plug-ins without destroying the original core logic.

Q: What are the weaknesses of Apache APISIX that we hope the community can build together?

Li Yang: The data surface design of Apache APISIX gives it lossless horizontal scaling and extreme performance, but it also makes the routing configuration difficult to achieve forward compatibility, causing some coordination difficulties for the release of new versions.

Q: What are your future plans?

Li Yang: The follow-up plan mainly includes three aspects:

  1. In multi-layer networks, different gateway logics are divided into different layers. For example, traffic distributed according to data sovereignty belongs to different network layers with other gateway logics.
  2. Readable and easy-to-use routing management is critical to the success of API gateways, and while gateway functionality will continue to evolve and grow, routing management needs to be developer-friendly so that developers can easily understand what the gateway can do for them, how to configure it, and how to distribute it.
  3. Use request staining to help with production environment testing. Using API Gateway request dyeing for production environment testing gives us flexibility and ease of use.

More Corporate Cases

  • Instead of Kong and Nginx, Apache APISIX is implemented on Qulink technology BaaS platform \

  • Application of Apache APISIX in mobile cloud \

  • Based on Apache APISIX, sina Weibo API gateway customized development path \

  • Practice of Gateway Apache APISIX in 360 basic operation and maintenance platform project

Meetup Shanghai station participation method

Offline/online participation

This activity can be participated by offline (scan code to register) or online (watch live broadcast online), partners can choose according to their own situation.

The group of communication

Follow the official account, reply the keyword “Shanghai” in the background, and join the Apache APISIX Meetup Shanghai Group.

Mp.weixin.qq.com/mp/profile_…

About the Apache APISIX

Apache APISIX is a dynamic, real-time, high-performance open source API gateway that provides rich traffic management features such as load balancing, dynamic upstream, grayscale publishing, service circuit breaker, authentication, observability, and more. Apache APISIX helps enterprises quickly and securely handle API and microservice traffic, including gateways, Kubernetes Ingress, and service grids.

World has hundreds of companies using Apache APISIX processing key business flow, covering financial, Internet, manufacturing, retail, operators, etc., such as NASA (NASA), the European Union, letter of digital factory, Air China, China mobile, tencent, huawei, weibo, netease, shell to find room, 360, taikang, nai snow tea, etc.

More than 200 contributors contribute to Apache APISIX, the world’s most active open source gateway project. Smart developers! Join this vibrant and diverse community to bring more good to the world!

  • Apache APISIX GitHub: github.com/apache/apis…
  • Apache APISIX website: apisix.apache.org/
  • Apache APISIX document: apisix.apache.org/zh/docs/api…