1. Use of API Gateway
API Gateway will use the following three scenarios in my analysis.
- Open API. Enterprises need to open up their data and capabilities as development platforms, and usually provide them in the form of rest. The best examples are Taobao Open Platform, Tencent's QQ Development Platform, and WeChat Open Platform. The Open API open platform will inevitably involve the access of client applications, management of API permissions, management of call times, etc. There will inevitably be a unified portal for management, which is when the API gateway can play a role.
- Microservice gateway . The concept of microservices was first proposed in 2012. With the vigorous promotion of Martin Fowler, microservices have been vigorously developed after 2014. In the microservices architecture, there is a component that can be said to be indispensable. That is the microservices gateway. The microservices gateway handles load balancing, caching, routing, access control, service proxy, monitoring, logging, etc. The API gateway exists as a microservice gateway in the microservice architecture.
- API service management platform . The above microservice architecture may be difficult for an enterprise to implement. There are many legacy systems in the enterprise, and all of them have to be extracted as micro server changes, which is too costly for the enterprise. However, since a large number of API services exist between different systems, it is necessary to manage service calls between systems, clearly see the relationship between system calls, and monitor calls between systems. API gateway can solve these problems. We can think that if there is no large-scale implementation of microservice architecture, then for enterprises, microservice gateway is the API service management platform of enterprises.
Second, the position of the API gateway in the overall structure of the enterprise
With the increase in the complexity of information systems, an enterprise will inevitably appear external partner applications, enterprise's own public network applications, enterprise intranet applications, etc., these three applications should be distinguished in architecture, the arrangement level of the three applications, The access method is also different.
Therefore, in my design, these three applications are managed with different gateways for API management, namely: API gateway (OpenAPI partner application), API gateway (internal application), API gateway (internal public network application).
3. How to apply API gateway in enterprises
1. For the API gateway used by OpenAPI, the general partners need to access the OpenAPI platform in the form of applications, and the partners need to apply for applications on the OpenAPI platform.
Therefore, in addition to the OpenAPI gateway, there needs to be a platform for partners to use for partners, which requires the OpenAPI gateway to provide APIs to the user platform for access.
The following architecture:
Of course, if it is a simple scenario, you may not need to provide a partner-oriented portal. You only need to add the partner application id / key directly by the company's operations staff. In this case, the partner portal is not needed. Subsystem.
2. The API gateway of the intranet can be regarded as a microservice gateway or an API service management platform of the intranet in terms of its role.
When an enterprise manages all applications using the architecture of microservices, then the API gateway functions as a microservices gateway.
When the enterprise only uses the rest api method to access the calls between the system and the API gateway to manage the calls, then the API gateway plays the role of API service management.
The architecture reference is as follows:
3. For the company's internal public network applications (such as APP and company's website), if the management is more detailed, it is possible that an independent API gateway can handle this part of the internal public network application in the architecture. It could be using an API gateway for partners.
If you use an independent API gateway, there are the following benefits:
- The priorities for partners and the main business of the company are different. Different API gateways can isolate the business impact.
- The management process used by the internal API may be different from the management process for partners.
- The requirements of the internal API in terms of function expansion and other aspects are generally greater than the requirements of OpenAPI for functions.
Based on the above analysis, if the company is capable, it is recommended to use the partner OPEN API gateway and the internal public network application gateway separately.
4. What are the competitive solutions of API Gateway?
1. For the API gateway of the Open API platform, my analysis can only choose the API gateway as the solution. The industry has not found any other solutions that can be used as the entrance of the Open API platform.
2. For the API gateway as a microservice gateway, there are many solutions that the industry can choose from, which also depends on the implementation scheme of the microserver. Some implementation schemes of the microservice architecture do not require the microservice gateway.
- Service Mesh, which is an emerging architecture based on API-less gateways, shields access to the network layer through the proxy on the client, so as to achieve the minimum changes to the application layer. The current Service Mesh products are still under development Mature and directly applicable products. The fastest growing product is Istio. It is recommended that you pay close attention to the development of related products and business use.
- Based on the duboo architecture, a gateway is usually not required in this architecture. The client directly accesses the service provider, and the registration center returns the server's address to the client.
V. API Gateway Solution
The private cloud open source solution is as follows:
- Kong kong is a secondary development solution based on Nginx + Lua, https://konghq.com/
- Netflix Zuul, zuul is a recommended component of spring cloud, https://github.com/Netflix/zuul
- orange, this open source program was developed by the Chinese, http://orange.sumory.com/
Public cloud solutions:
- Amazon API Gateway,https://aws.amazon.com/cn/api-gateway/
- Alibaba Cloud API Gateway, https://www.aliyun.com/product/apigateway/
- Tencent Cloud API Gateway, https://cloud.tencent.com/product/apigateway
Self-developed solutions:
- Based on the Nginx + Lua + OpenResty solution, you can see that Kong and orange are based on this solution
- Based on Netty, non-blocking IO model. Through the online search, we can see that some companies such as Yirendai in China are based on this scheme, which is a mature scheme.
- Based on Node.js solution. This solution applies the inherent non-blocking features of Node.js.
- Scheme based on java Servlet. zuul is based on this scheme, which is not very efficient, which is why zuul is always criticized.
Six, how companies choose API gateway
If you want to choose an existing API gateway, you need to consider the following aspects.
1. Performance and availability
Once the API gateway is adopted, the API gateway will serve as the core of the enterprise application, so performance and availability are required.
- From a performance point of view, the shorter the increased time consumption of the gateway, the better. Personally, I think it needs less than 10ms. The system needs to use non-blocking IO, such as epoll, NIO, etc. The interaction between the gateway and various dependencies also needs to be non-blocking, so as to ensure high availability of the overall system, such as: Node.js responsive programming and RxJava and Future based on Java.
- The gateway must support cluster deployment, and the crash of one server should not affect the availability of the overall system.
- Multiple sets of gateways should support the same management platform and the same monitoring center. For example, the OpenAPI gateway of an enterprise and the different microservice gateways of multiple system groups of internal applications can be monitored in the same monitoring center.
2. Scalability and maintainability
There is always a place where a product cannot meet the production needs. Therefore, it is necessary to think about how to carry out secondary development and maintenance of the product, and whether it is convenient for the company team to take over and maintain the product.
3. Demand matching
You need to evaluate whether each API gateway can meet the requirements. For example: if the OpenAPI platform needs to use the API gateway, then you need to look at the API gateway to consider the products on the core requirements of OpenAPI such as partner application access, partner portal integration, and access limit Whether it can meet the requirements.
If it is a microservices gateway, it is necessary to think about whether the product is powerful enough from the aspects of operation, maintenance, monitoring and management of microservices.
4. Is it open source? Does the company have the ability to develop itself?
Existing open source products such as kong, zuul, and orange all have the core functions of basic API gateways. Most of these open source products are far away from good use.
For example, there is no UI interface that provides management functions, the monitoring function is weak, it does not support the OpenAPI platform, and there is no company operation and operation and maintenance functions.
Of course, open source products can obtain source code. If the company has strong R & D capabilities and can hold these open source products, after secondary development, kong and zuul should still adapt to some companies, but the following points need to be noted:
- Kong is based on ngnix + lua, from the company's perspective it is more difficult to find people who can maintain this architecture product. Need to assess whether the current company has the ability to maintain this product.
- Zuul's performance is not high under high concurrency due to architectural reasons, and it also needs to integrate the open source adaptive Zulu monitoring and management system based on research.
- Since orange is not widely used, and it is a domestic individual who is open source, it is not rich in sustainability and community resources. It may not be easy to find someone to ask after a problem.
In addition, Kong provides an enterprise version of the API gateway, which of course is also based on ngnix + lua. The enterprise version can purchase their technical support, training and other services, as well as interface management and monitoring functions.
5. Public cloud or private cloud
Now Amazon, Alibaba, and Tencent Cloud are all providing basic public cloud API gateways. Of course, the basic functions of these gateways must be no problem, but secondary development, extended functions, and monitoring functions may not meet the customization needs of some users.
In addition, because of their own information security, many enterprises cannot use the API gateway service of the public network of the external network. In this way, only the private cloud solution is selected.
In terms of requirements, if an API gateway based on a public cloud can only be applied by internal personnel for applications from external networks, it cannot be a customized partner portal, which is not suitable for the needs of some enterprises.
If it is used as a microservice gateway, in most cases, it is hoped that the gateway server and the service provider server are on the internal network. In this case, only the API gateway of the private cloud can meet the demand.
Based on the above analysis, the basic public cloud API gateway only meets the needs of some simple customers. For many companies, the private cloud API gateway is the right choice.
Recommended reading: If you do n’t understand Spring, then the interviewer of the big factory will not understand why you dare to come to the interview?
