Introduction to a next-generation gateway that integrates traffic gateways and microservices gateways—cloud native gateways are here! Full of advantages!
Do traffic gateways and microservices gateways have to be constructed separately?
In the cloud-native era dominated by container technology and K8s, new answers to this proposition are emerging.
more economical: Combining the traffic gateway and the microservice gateway into one, the user resource cost is reduced by 50%
Traffic gateway (such as Nignx) refers to the provision of global policies that have nothing to do with back-end business applications, such as HTTPS certificate uninstallation, Web firewall, global traffic monitoring, etc.; microservice gateway (such as Spring Cloud Gateway) refers to tightly coupled with business , Provide a single business domain-level strategy, such as service governance, identity authentication, etc.
Under the microservice architecture in the virtualization era, the business usually adopts a two-tier architecture of traffic gateway + microservice gateway. The traffic gateway is responsible for north-south traffic scheduling and security protection, and the microservice gateway is responsible for east-west traffic scheduling and service governance. In the cloud-native era dominated by K8s, Ingress has become the gateway standard for the K8s ecosystem, giving the gateway a new mission, making it possible to combine the traffic gateway + microservice gateway into one.
The cloud native gateway released by Alibaba Cloud MSE this time, without a discount on capabilities, changes the two-layer gateway into one layer, which not only saves 50% of resource costs, but also reduces operation and maintenance and usage costs . The schematic diagram of the deployment structure is as follows, the left is the traditional gateway mode, and the right is the next-generation cloud native gateway mode.
Cloud native gateway deployment diagram
more secure: Provides rich authentication and authorization capabilities, reducing the cost of customers’ secure access
Authentication authentication is the rigid demand of customers for the gateway. The MSE cloud native gateway not only provides regular JWT authentication, but also provides OIDC authentication based on the authorized open network standard OAuth 2.0. At the same time, the MSE cloud native gateway naturally supports Alibaba Cloud’s application identity service IDaaS, helping customers achieve three-party authentication logins for Alipay, Taobao, Tmall, etc., and supports plug-ins to extend the authentication and authentication functions to reduce customer’s The cost of secure access. The existing authentication functions are as follows:
Authentication and authorization function diagram
more unified : The gateway is directly connected to back-end services, opens up Nacos/Eureka/K8s multiple service sources, and is the first to support Apache Dubbo3.0 protocol
Open source has become one of the driving forces to promote software development, and community-oriented, open commercial products have more vitality.
Envoy is one of the most popular Ingress implementations in the K8s community, and it is becoming the standard technical solution for traffic portals in the cloud-native era. MSE cloud native gateway is built on Envoy and Istio to achieve unified control plane management and direct connection to back-end services, supports Dubbo3.0 and Nacos, opens up Alibaba Cloud Container Service ACK, and automatically synchronizes service registration information . MSE Cloud Native Gateway's support for Dubbo 3.0 and Nacos has been launched in Dingding business first. The following figure shows the deployment diagram of Dingding Dubbo 3.0 as follows:
Dingding business landing sketch
more stable: the technology has been accumulated for a long time, and it has passed the test of 2020 Double 11, carrying hundreds of thousands of requests per second
Commercial products are not overnight.
MSE cloud native gateway has already been tempered within Alibaba. At present, it has been used in Alipay, Dingding, Taobao, Tmall, Youku, Fliggy, Word of Mouth, and other Ali business systems. has passed the test of the massive number of requests on the 2020 Double 11, and the big promotion day can easily carry 100,000 requests per second. , The daily request volume reaches tens of billions of .
Schematic diagram of Alibaba's internal cloud native gateway business landing
After commercialization, MSE Cloud Native Gateway provides two payment modes: post-payment and monthly subscription, supporting 4 regions of Hangzhou, Shanghai, Beijing, and Shenzhen, and will gradually open other regions. New users will enjoy a limited time discount for the first purchase, which can be Dingding search group number 34754806 or Dingding scan the QR code below to join the user group exchange .
_Related introduction URL:
_IDaaS:https://help.aliyun.com/document\_detail/112323.html
Click the original link ( https://www.aliyun.com/product/aliware/mse ) for more details~
Copyright Notice: content of this article is contributed spontaneously by Alibaba Cloud real-name registered users. The copyright belongs to the original author. The Alibaba Cloud Developer Community does not own its copyright and does not assume corresponding legal responsibilities. For specific rules, please refer to the "Alibaba Cloud Developer Community User Service Agreement" and the "Alibaba Cloud Developer Community Intellectual Property Protection Guidelines". If you find suspected plagiarism in this community, fill in the infringement complaint form to report it. Once verified, the community will immediately delete the suspected infringing content.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。