Do you really understand API Gateway? This article explains the differences and integration between microservice gateway and enterprise application gateway

Software architecture is always evolving and iterating. In the 1990s, C/S architecture was very popular, and business system architecture was also a monolithic architecture. There was very little data interaction between systems. As the number of business systems in an enterprise increased, this would lead to data island problems. At this time, the demand for data interconnection and interoperability was very urgent. Remote transmission protocol formats based on HTTP and XML were widely adopted. The concept of SOA was first proposed by IBM in 2000, and it did solve the integration problems of many heterogeneous systems in enterprises.

[[283780]]

In the Internet era, many companies have gradually adopted HTTP and JSON-based architecture styles to adapt to the flexible and ever-changing business needs of business systems. The centralized deployment problems of SOA architecture have been exposed, and microservice-based distributed architecture has become popular. As the core component of microservice architecture, API gateway serves as the unified entrance for all traffic. Upstream business systems do not need to worry about security and flow control, but only need to focus on business implementation.

API gateway plays a key role in the overall enterprise architecture. It mainly enhances, guarantees, and controls the calls to backend microservices. It is transparent to all upstream business calls. API gateway needs to ensure that service calls are safe, efficient, and accurate. API gateways are mainly divided into two categories: one is the microservice gateway, which is closer to the business, and the other is the enterprise-level application gateway, which focuses on the flow control and security protection of service calls.

The differences between them are mainly in the following aspects:

1. Different deployment locations

The microservice gateway is mainly deployed in the intranet as a communication channel for the microservice internal API.

Enterprise-level application gateways are generally deployed in the DMZ area or hidden behind a load balancer.

2. Different functional focuses

The main functions of the microservice gateway are: service diversion, service automatic discovery and routing, service orchestration, customized development of business rules, service circuit breaking, and service grayscale release.

The main functions of the enterprise-level application gateway are: global flow control, unified security authentication, performance support, load balancing, IP blacklist and whitelist, and security protection.

3. Different performance requirements

The performance of the microservice gateway only needs to meet the concurrency requirements of the service.

The performance of enterprise-level application gateways needs to focus on global traffic and concurrency support.

4. Different usage scenarios

Microservice Gateway: Mainly focuses on the gateway call scenarios within microservices.

Enterprise-level application gateway: It is mainly the entrance for north-south traffic. WeChat applets, cloud application calls, mobile APP calls, iPad platforms, and third-party partners all call services from the external network to the internal network.

5. Different architecture

The microservice gateway is a basic component of the microservice architecture. Most Internet companies use Zuul's open source products. The architecture in the figure below uses Kong, which has better performance and stability, as the API gateway for microservices.

The architecture is as follows:

The enterprise-level application gateway is mainly a unified entrance for external traffic. It is generally deployed in a centralized manner and is also divided according to region and business field based on customer requirements to form an enterprise-level application gateway cluster.

The architecture is as follows:

Enterprise-level application gateways generally have very large concurrency, and require the product to be independent, not dependent on third parties, and have good performance. Many Internet-oriented industries choose Kong's open source products. The Kong community is active, with more than 20,000 stars on GitHub. Other products in the API gateway in CNCF are also very good. Domestic products include OpenResty, Orange, and the latest APISIX products, all of which have excellent performance, but stability remains to be verified.

There are many products for microservice gateways, which are generally related to business needs and seamlessly integrated with registration service discovery products. The most commonly used products in the industry are Zuul and Spring Cloud Gateway. Since they are pure Java products, their performance is not as good as Kong products, so many Internet companies have carried out secondary transformation, such as games, e-commerce, lottery, etc. In order to meet the needs of high concurrency and large traffic, they will also transform Kong to meet the functions of microservice gateways.

In the future, microservice gateways and enterprise-level application gateways will tend to merge, and integrated solutions will also bring many benefits.

• Unified configuration, clear logic, intuitive operation
• Integrated management, especially link tracking and service quality management, brings higher management efficiency
• Transition application deployment from a technical perspective to a business perspective, avoiding the confusion caused by fragmented deployment in the past
• Unified technology stack, reducing costs and maintenance complexity
• The overall control of traffic, capacity expansion and disaster recovery are simpler

There is no silver bullet in the software industry, and no architecture can cure all ills. However, ensuring the high availability and scalability of the API gateway requires more technical investment and technical support at the infrastructure level, so that technical personnel can better focus on realizing the integrated process of automated testing and building, continuous integration and delivery.