What is a service gateway

Service gateway = route forwarding + filterCopy the code

1. Routing and forwarding: receiving all external requests and forwarding them to the back-end micro service;

2. Filter: a series of crosscutting functions can be completed in the service gateway, such as permission verification, traffic limiting and monitoring, etc., all of which can be completed through filters (in fact, routing and forwarding are also realized through filters).

Why is a service gateway needed

The crosscutting functionality described above (using permission verification as an example) can be written in three places:

  • Each service implements itself
  • Write to a common service that all other services depend on
  • To the service gateway’s pre-filter, all requests come in for permission verification

The first kind, the shortcoming is too obvious, basic need not; The second, much better than the first, is that code development is not redundant, but it has two disadvantages:

  • Since each service introduces this public service, it is equivalent to introducing the same permission verification code in each service, making the jar package size of each service increase some without reason, especially for the deployment scenario using docker image, the smaller the jar is the better;
  • Because each service introduced the public service, then we further upgrade the service may be more difficult, and the function of public service, the more upgrade the more difficult it will be, and if we change the permissions checking in the public service way, want to let all of the services to use new permissions check way, we will need to be before all of the services to package, Compile and deploy.

The service gateway solves this problem:

  • If the permission verification logic is written in the filter of the gateway, the back-end service does not need to pay attention to the permission verification code. Therefore, the jar package of the service does not import the permission verification logic and does not increase the jar package size.
  • If you want to modify the permission verification logic, you only need to modify the permission verification filter in the gateway instead of upgrading all existing microservices.

So, need service gateway!!

Service gateway technology selection

The microservice architecture after the introduction of the service gateway is described as above, which consists of three parts: service gateway, open-Service, and Service.

1. Overall process

  • Service gateways, open-services, and services are registered in the registry when they are started.
  • When a user requests the gateway, the gateway performs intelligent route forwarding (including service discovery and load balancing) to the open-service, including permission verification, monitoring, and traffic limiting
  • Open-service aggregates internal service responses and returns them to the gateway, which then returns them to the user

2. Introduce the attention point of gateway

  • If the gateway is added and a layer of forwarding is added (originally, users request to access open-service directly), the performance will be reduced (but not significantly. Generally, the performance of the gateway machine is very good, and the access between the gateway and open-service is usually Intranet access, which is fast).
  • Single point of gateway problem: During the entire network call, there must be a single point, possibly gateway, Nginx, DNS server, etc. To prevent a single gateway point, you can put another nginx in front of the gateway layer. Nginx has very high performance and almost never hangs, so that the gateway service can continuously add machines. However, such a request is only forwarded twice, so the best way is to deploy the gateway single point service on a great machine (to estimate the configuration of the machine by pressure measurement), and the performance comparison between Nginx and Zuul is not very different, according to an experiment done by a friend abroad. Zuul is an open source framework used by Netflix as a gateway;
  • Gateways should be as light as possible.

3. Basic functions of service gateway

  • Intelligent route: Receive

    external

    All requests are forwarded to the back-end external service open-service.

  • Note: We only forward external requests, and requests between services do not go through the gateway, which means that full link tracing, internal service API monitoring, fault tolerance of calls between internal services, and intelligent routing cannot be completed in the gateway. Of course, it could be possible to move all service invocations through the gateway, and almost all functionality could be integrated into the gateway, but then the gateway would be overburdened.

  • Permission verification: verifies only the user requests to the open-service service, not the internal requests. Is it necessary to validate requests within the service?

  • API monitoring: Monitors only requests that pass through the gateway and some performance metrics of the gateway itself (e.g., GC, etc.);

  • Current limiting: Cooperate with monitoring to perform current limiting operations;

  • Unified API log collection: Like an aspect aspect, logs interface entry and exit

  • . Subsequent complement

The preceding functions are basic functions of the gateway. The gateway also provides the following functions:

  • A | B test: A | B when testing A bigger things, buried contain backstage experimental configuration, data points (see conversion) and shunt engine, in the service of the guanzhong, can realize shunt engine, but in fact shunt engine invokes the internal service, so if it is in accordance with the above, the architecture of the shunting engines do best in the open – service, don’t be in the service of the guanzhong.
  • . Subsequent complement