search

API gateway

hashtag
Overall flowchart

hashtag
Gateway architecture

hashtag
Revolution history

hashtag
Initial architecture

  • Only need to support web browser

Keepalived deployment

hashtag
BFF (Backend for frontEnd) layer

  • BFF layer exists to perform the following:

    • Security logic: If internal services are directly exposed on the web, there will be security risks. BFF layer could hide these internal services

    • Aggregation/Filter logic: Wireless service will typically need to perform filter (e.g. Cutting images due to the device size) / fit (client's customized requirements). BFF layer could perform these operations

  • However, BFF contains both business and cross-cutting logic over time.

Keepalived deployment

hashtag
Gateway layer and Cluster BFF Layer

  • BFF contains too many cross-cutting logic such as

    • Rate limiting

    • Auth

    • Monitor

  • Gateway is introduced to deal with these cross cutting concerns.

Keepalived deployment

hashtag
Clustered BFF and Gateway layer

  • Cluster implementation is introduced to remove single point of failure.

Keepalived deployment

hashtag
Gateway vs reverse proxy

  1. Web Age: Reverse proxy (e.g. HA Proxy/Nginx) has existed since the web age

    • However, in microservice age, quick iteration requires dynamic configuration

  2. MicroService Age: Gateway is introduce to support dynamic configuration

    • However, in cloud native age, gateway also needs to support dynamic programming such as green-blue deployment

  3. Cloud native Age: Service mesh and envoy are proposed because of this.

Keepalived deployment

hashtag
Reverse Proxy (Nginx)

Use cases

  • Use distributed cache while skipping application servers: Use Lua scripts on top of Nginx so Redis could be directly served from Nginx instead of from web app (Java service applications whose optimization will be complicated such as JVM/multithreading)

  • Provides high availability for backend services

    • Failover config: proxy_next_upstream. Failure type could be customized, such as Http status code 5XX, 4XX, ...

    • Avoid failover avalanche config: proxy_next_upstream_tries limit number. Number of times to fail over

hashtag
Gateway internals

Keepalived deployment

hashtag
Gateway comparison

Keepalived deployment

hashtag
Service discovery

hashtag
Approach - Hardcode service provider addresses

  • Pros:

    • Update will be much faster

  • Cons:

    • Load balancer is easy to become the single point of failure

    • Load balancing strategy is inflexible in microservice scenarios. TODO: Details to be added.

    • All traffic volume needs to pass through load balancer, results in some performance cost.

hashtag
Approach - Service registration center

hashtag
How to detect failure

  • Heatbeat messages: Tcp connect, HTTP, HTTPS

  • Detecting failure should not only rely on the heartbeat msg, but also include the application's health. There is a chance that the node is still sending heartbeat msg but application is not responding for some reason. (Psedo-dead)

hashtag
Detect failure

hashtag
How to gracefully shutdown

  • Problem: Two RPC calls are involved in the process

    1. Service provider notifies registration center about offline plan for certain nodes

    2. Registration center notifies clients to remove certain nodes clients' copy of service registration list

hashtag
How to gracefully start

  • Problem: If a service provider node receives large volume of traffic without prewarm, it is easy to cause failures. How to make sure a newly started node won't receive large volume of traffic?

hashtag
Future readings

PreviousTimeoutNextRateLimiter

Last updated

Was this helpful?