Cost drop by 50% | Alibaba Cloud releases cloud native gateway, opening a new process for next-generation gateways

Author/

Do traffic gateways and microservices gateways have to be constructed separately?

In the cloud-native era dominated by container technology and K8s, new answers to this proposition are emerging.

More economical: Combining the traffic gateway and the microservice gateway into one, the user resource cost is reduced by 50%

Traffic gateway (such as Nignx) refers to the provision of global policies that have nothing to do with back-end business applications, such as HTTPS certificate uninstallation, Web firewall, global traffic monitoring, etc.; microservice gateway (such as Spring Cloud Gateway) refers to tightly coupled with business , Provide a single business domain-level strategy, such as service governance, identity authentication, etc.

Under the microservice architecture in the virtualization era, the business usually adopts a two-tier architecture of traffic gateway + microservice gateway. The traffic gateway is responsible for north-south traffic scheduling and security protection, and the microservice gateway is responsible for east-west traffic scheduling and service governance. In the cloud-native era dominated by K8s, Ingress has become the gateway standard for the K8s ecosystem, giving the gateway a new mission, making it possible to combine the traffic gateway + microservice gateway into one.

The cloud-native gateway released by Alibaba Cloud MSE this time changes the two-layer gateway into one layer without any discount on the capabilities, which not only saves 50% of resource costs, but also reduces operation and maintenance and usage costs. The schematic diagram of the deployment structure is as follows, the left is the traditional gateway mode, and the right is the next-generation cloud native gateway mode.

Cloud native gateway deployment diagram

More secure: Provides a wealth of authentication and authentication capabilities to reduce the cost of secure access for customers

Authentication authentication is the rigid demand of customers for the gateway. The MSE cloud native gateway not only provides regular JWT authentication, but also provides OIDC authentication based on the authorized open network standard OAuth 2.0. At the same time, the MSE cloud native gateway naturally supports Alibaba Cloud’s application identity service IDaaS, helping customers realize the three-party authentication login of Alipay, Taobao, Tmall, etc., and supports the extension of authentication and authentication functions through plug-ins to reduce the security of customers. Cost. The existing authentication functions are as follows:

Authentication and authorization function diagram

More unified: the gateway is directly connected to the back-end service, opens up multiple service sources of Nacos/Eureka/K8s, and is the first to support the Apache Dubbo3.0 protocol

Open source has become one of the driving forces to promote software development, and community-oriented, open commercial products have more vitality.

Envoy is one of the most popular Ingress implementations in the K8s community, and it is becoming the standard technical solution for traffic portals in the cloud-native era. The MSE cloud native gateway is built on Envoy and Istio to achieve a unified control plane control, and is directly connected to back-end services, supports Dubbo3.0 and Nacos, opens up Alibaba Cloud Container Service ACK, and automatically synchronizes service registration information. MSE Cloud Native Gateway's support for Dubbo 3.0 and Nacos has been launched in Dingding business first. The following figure shows the deployment diagram of Dingding Dubbo 3.0 as follows:

Dingding business landing sketch

More stable: The technology has been accumulated for a long time, and it has passed the test of 2020 Double 11, carrying hundreds of thousands of requests per second

Commercial products are not overnight.

The MSE cloud native gateway has already experienced thousands of trials within Alibaba. It has been used in Ali’s business systems such as Alipay, Dingding, Taobao, Tmall, Youku, Fliggy, Word of Mouth, and has passed the test of the massive number of requests on Double 11 in 2020. The big promotion day can easily carry 100,000 requests per second. The daily request volume has reached the level of tens of billions.

Schematic diagram of Alibaba's internal cloud native gateway business landing

After commercialization, MSE Cloud Native Gateway provides two payment modes: post-payment and monthly subscription, supporting 4 regions of Hangzhou, Shanghai, Beijing, and Shenzhen, and will gradually open other regions. New users can enjoy a limited time discount for the first purchase, which can be nailed. Ding search group number 34754806 or Ding Ding scan the QR code below to join the user group communication.

Related introduction URL:
IDaaS：https://help.aliyun.com/document_detail/112323.html

Click the link ( https://www.aliyun.com/product/aliware/mse ) to read the original text for more details~