In May 2021, at the cloud Native community technology salon · Guangzhou station, The founder of Apache APISIX open source project & PMC Wang Wensheng did the sharing of “With NGINX and Kong, why do we need Apache APISIX” on the event. The following is the text version of the live sharing. The views shared below are the author’s own.
Hi, I’m very happy to share with you a topic that I’m very excited about with NGINX and Kong, why we need Apache APISIX.
As the backend architecture continues to iterate, entering the Kubernetes era, the traffic gateway Ingress will be the official Kubernetes Ingress by default. This project is based on the NGINX native configuration file. Traefik is also used as Ingress by some Korean companies, which is largely due to the large number of Golang developers in Korea.
Let’s take a look at JAVA on the left, which is more interesting. Spring Cloud built-in API gateway has experienced ZUUL and ZUUL2, but it is still not easy to use, and the performance and architecture are not satisfied with the official. Therefore, Spring Cloud officially launched a new project, Spring Cloud Gateway, and finally formed the whole family bucket solution.
Finally, in the lower right corner of the service grid, there is an alternative to the service grid which is istio(CP) + Envoy (DP). Next we see Alibaba’s open source MOSN, in a nutshell: The Golang version of Envoy.
Reviewing the previous architecture evolution diagram, I believe that many students have found the problem. From top to bottom, left to right, for each scenario, we ended up “reasonably” introducing various components to solve our problems individually, the architect’s survival rule: choose what works best for the moment.
When we don’t have many tools, we always have to give up some compromises between functions, dynamics, performance, etc., and people are used to it and even numb. IT technology is evolving rapidly, are they still the most appropriate solution today? With the rapid development of 5G and the Internet of Things, new problems such as flexible expansion and shrinkage and dynamic unified management are forcing us to rethink.
These are all disadvantages of NGINX, such as the low activity of NGINX community. We could invest more resources at the corporate level, but his community is really unfriendly. How unfriendly? As you can see from the above diagram, the NGINX repository on Github is only a mirror image, and the issue function is closed. It is impossible to submit the issue, and even if you submit the PR official, it will not be merged.
In addition, NGINX’s own routing is relatively weak. For example, if I want to do the gray scale operation based on a request parameter such as ID, you will find that NGINX is completely unable to implement it. So we can see a lot of small open source systems that can be independent open source projects as long as they solve the grayscale scene above. In addition, gRPC calls are becoming more and more popular in microservice calls, but NGINX supports them only as “easy to use.”
Finally, NGINX cluster unified management, almost every Internet manufacturer has their own NGINX configuration management system, although the system is similar but there is no unified solution, has been blank for more than ten years.
Before we talk more about Kong, I’d like to talk a little bit about what cloud native is. This noun from the birth to now for a long time, but until now there is no unified clear definition. I integrated several cloud vendors definition, summarizes the cloud native characteristics mainly have two points: first to support container, second to support elastic scale deployment. I think Kong does not fully meet the second point. The official PostgreSQL relational database is a single point, which cannot support elastic expansion and shrink capacity, which is the problem of its architecture selection.
A quick summary of NGINX and Kong’s problems:
- Both NGINX and Kong have different application scenarios;
- NGINX lacks an official cluster management solution.
- Kong’s control plane is not fully cloud-native.
Before introducing APISIX, it is important to thank the two seniors who stood on the shoulders of giants and really gave us a higher starting point from the beginning. APISIX is more than two years old. See the architecture diagram:
The left and right sides of this diagram are DP (Date Plane) and CP (Control Plane), which are the same as the back-end service system that we are familiar with. APISIX didn’t want to build anything new from day one, so it chose the most mature ETCD for the configuration center.
You can’t find a single point in this architecture. Any abnormal outage of any of these services will not affect APISIX’s ability to provide services. High stability of user production systems is easy to achieve when every point in the overall architecture supports high availability.
This is APISIX’s ecological map, which shows exactly what surrounding ecology is currently supported. On the left is the supported protocols. You can see that the common Layer 7 protocols include HTTP(S), HTTP2, Dubbo, QUIC, and Internet of Things protocol MQTT, etc. Layer 4 protocols include TCP/UDP. On the right are open source or SaaS services such as SkyWalking, Prometheus, Vault, etc. Here are some of the more common operating system environments, cloud vendors, and hardware environments, but as a global company, we also support richer platforms like ARM64.
Just to give you a brief update on the current status of APISIX, APISIX has been the most active open source API gateway project in the world for more than a year. Keep in mind that APISIX is now in production and is superior to Kong in terms of functionality, performance, and architecture. Shell House Hunting has been putting APISIX into production since September 2019.
Just to explain a little bit about this graph, you can call it the contributor growth curve. The X-axis is the timeline, and the Y-axis is the total number of contributors. We can see that APISIX and Kong are relatively active projects. APISIX has maintained a very good growth rate from the first day of open source, growing at nearly twice the rate of Kong, which shows the popularity of APISIX. Of course, there are many other ways to evaluate the activity of a project, such as checking the monthly active issues, the total number of PR, and so on. I’m happy to say that APISIX is still the most active in these ways.
After our actual customer visits, support for multiple languages became essential. After all, for many companies, there are familiar technology stacks, and many companies are blank on NGINX C and Lua technology stacks. APISIX recently announced support for multiple languages. Java is currently supported, with Golang, Rust, NodeJS and other languages to follow.
APISIX’s full dynamic, high performance, and the quality of the surrounding ecology is inseparable. APISIX uses a project called Resty-RadixTree, which is led by our company and open source for routing. Simply put, it uses Radixtree to complete routing matching, and the matching efficiency is improved by one or two orders of magnitude compared with competing products. Other peripheral libraries, such as JsonSchema and Ipmatcher, are orders of magnitude better than comparable open source projects.
APISIX supports multiple languages and is now available as an open source project. Interested students are welcome to follow and participate at any time. The advantage of this implementation is that it is simple, generic, and you can use the language you are familiar with natively.
Having talked so much, what are the advantages of APISIX? Look at the image above.
The first three (foundation program, security, stability) I think are the most important, as a foundation program, it no longer belongs to one person or one company, but the property of all human beings, we can use it forever. On the other hand, commercial company open source projects can modify open source project licenses at any time, as you’ve all heard recently. The security and stability of APISIX is due to its foundation, NGINX, which makes it one of the most popular and widely used Web servers.
High performance, dynamic, and active community are APISIX’s trump cards, and they have formed a positive interaction.
If I could sum up APISIX’s pride in one sentence, IT would be this: APISIX, the most active API gateway project in the world. Under this consensus, we will devote more resources to the community, and we believe that the community will enable APISIX to grow steadily and healthily.
You can see right away what APISIX is all about. APISIX goal: Unified agent infrastructure.
You might be wondering: Does APISIX have to support so many different scenarios? At its core, APISIX is a high-performance proxy service that does not bind itself to any environment attributes. When it evolves into Ingress, Service Grid and other products, it is external services that work with APISIX. It is the external programs that change, not APISIX itself. In the following steps, we will explain how APISIX supports these scenarios.
The big advantage of APISIX for traditional LB and API Gateway scenarios is that it goes from static to fully dynamic, no longer needing to be reload, as many tech companies do with NGINX Reload starting in half an hour. The previously mentioned scaling of grayscale scenes based on the request ID can be easily accomplished in APISIX using refined routing.
APISIX Ingress Controller solves all the problems mentioned above and inherits all the advantages of APISIX. In addition, it supports native K8S CRD for easy migration.
Service grid, which is necessary to talk about with you. What will be the most likely mainstream server architecture five or ten years from now? If I had to answer, I would choose service grid.
The image on the right shows the internal architecture of APISIX Mesh.
Having talked so much about APISIX today, I want to talk to you about the future of APISIX.
Because APISIX is currently an Apache Foundation project, it no longer belongs to individuals or companies, but is shared by all human beings. So that every one of you in the community has the right to decide which way he goes.
The default configuration center for the open source version of APISIX is ETCD. Although etCD is still the best choice, we often hear about whether other configuration centers are supported when we communicate with users. The common reason is that ETCD is so new that it is not included in the company’s existing operation and maintenance product support list. So we plan to make APISIX available to collaborate with other configuration centers.
APISIX is already on the road to full traffic data, so I’m sure you’ll be asking some questions, such as: Why unify traffic forwarding? Does unification bring value to the organization? What are the benefits for technicians? With these questions in mind, let’s look at the following picture:
Unification itself is not the goal, but the benefits after unification are the logic behind our pursuit, which are expounded from several different perspectives.
- O&m role: Use the same O&M tool to collect logs and metrics.
- Development role: Based on standardized APISIX plug-in development, capabilities can be easily reused, and accumulated experience can be applied to LB, API Gateway, K8s Ingress and other product lines;
- Company value: Unified technology stack, reduce company operating costs, ease the transition to microservices, cloud native, accelerate enterprise digital transformation.
About the Apache APISIX
Apache APISIX is a dynamic, real-time, high-performance open source API gateway, providing load balancing, dynamic upstream, gray publishing, service fuse, identity authentication, observable and other rich traffic management functions. Apache APISIX helps companies quickly and securely handle API and microservice traffic, including gateways, Kubernetes Ingress, and service grids. Apache APISIX is used by hundreds of companies around the world to handle critical business traffic, including finance, Internet, manufacturing, retail, operator, and more. For example, NASA, THE European Union’s digital Factory, China Airlines, China Mobile, Tencent, Huawei, Weibo, netease, Shell Find room, 360, Taikang, Naixue tea and so on. Over 200 contributors create Apache APISIX, the world’s most active open source gateway project. Smart developers! Come join this active and diverse community and bring more beautiful things to the world!
- Apache APISIX Project address: github.com/apache/apis…
- Apache APISIX official website: apisix.apache.org