Traditional gateway classification and deployment mode
In the industry, gateways are usually divided into two categories: traffic gateways and business gateways. Traffic gateways mainly provide global policy configuration that has nothing to do with back-end services. For example, Ali’s internal unified access gateway Tengine is a typical traffic gateway. ; Service gateway, as the name suggests, mainly provides independent service domain level, tightly coupled with back-end business strategy configuration, as the application architecture model evolves from a single to the current distributed microservices, the service gateway also has a new name-microservice gateway ( The illustration is as follows). In the current cloud-native era dominated by container technology and K8s, is the next-generation gateway model still the same?
Product portrait of next-generation gateway
Just like the question in the above figure: In the cloud-native era dominated by container technology and K8s, will the next-generation gateway model still be the traditional two-tier architecture of traffic gateway and microservice gateway? With this problem and combined with the gateway technology and operation and maintenance experience accumulated in Alibaba, we tried to make a product portrait for the next-generation gateway products, as follows:
As a next-generation gateway product, we will explain some of the core elements:
- Cloud native: To support the standard K8s Ingress, K8s Gateway API, and K8s service discovery, K8s has become a cloud OS in the cloud native era, and the network inside and outside the K8s native cluster is isolated. The normative definition responsible for external traffic entering the K8s cluster is K8s Ingress, K8s Gateway API is a further evolution of K8s Ingress. Based on this, it is necessary to support this feature as a next-generation gateway.
- Embrace open source: We must build a gateway based on the open source ecosystem, and help open source with the help of open source. I believe everyone should be familiar with this.
- High scalability: It is impossible for any gateway's capabilities to cover all user demands. It must have scalability. For example, the prosperous development of K8s and its open expansion capabilities are indispensable.
- Service governance: As the application architecture evolves to distributed microservices, the gateway itself provides traffic scheduling capabilities for back-end services, and its ability to support basic service governance is natural.
- Abundant observability: While the distributed micro-service architecture brings benefits such as improved collaboration efficiency, it also brings greater challenges to troubleshooting and operation and maintenance. As a traffic bridgehead, the gateway needs to have abundant observable data to help users. Location problem.
The birth of a cloud native gateway
Based on the above-mentioned understanding of the next-generation gateway, we took the lead in launching a cloud-native gateway inside Alibaba. It was successfully deployed in multiple services and passed the test of the Double 11 promotion. The cloud-native gateway is illustrated as follows:
Product advantages of cloud native gateways
More economical: Combining the traffic gateway and the microservice gateway into one, the user resource cost is reduced by 50%
Under the microservice architecture in the virtualization era, the business usually adopts a two-tier architecture of traffic gateway + microservice gateway. The traffic gateway is responsible for north-south traffic scheduling and security protection, and the microservice gateway is responsible for east-west traffic scheduling and service governance. In the cloud-native era dominated by K8s, Ingress has become the gateway standard for the K8s ecosystem, giving the gateway a new mission, making it possible to combine the traffic gateway + microservice gateway into one.
The cloud-native gateway released by Alibaba Cloud MSE this time changes the two-layer gateway into one layer without any discount on the capabilities, which not only saves 50% of resource costs, but also reduces operation and maintenance and usage costs. The schematic diagram of the deployment structure is as follows, the left is the traditional gateway mode, and the right is the next-generation cloud native gateway mode.
In the context of microservices, rich observable capabilities are also the basic core demands of users. Based on this, the cloud native gateway integrates the Alibaba Cloud application real-time monitoring service ARMS by default, providing rich observable data, and this function is free for users.
More secure: Provides a wealth of authentication and authentication capabilities to reduce the cost of secure access for customers
Authentication authentication is the rigid demand of customers for the gateway. The MSE cloud native gateway not only provides regular JWT authentication, but also provides OIDC authentication based on the authorized open network standard OAuth 2.0. At the same time, the MSE cloud native gateway naturally supports Alibaba Cloud’s application identity service IDaaS, helping customers realize the three-party authentication login of Alipay, Taobao, Tmall, etc., and supports the extension of authentication and authentication functions through plug-ins, so as to reduce the security of customers. Cost. The existing authentication functions are as follows:
More unified: the gateway is directly connected to the back-end service, opens up multiple service sources of Nacos/Eureka/K8s, and is the first to support the Apache Dubbo3.0 protocol
Open source has become one of the driving forces to promote software development, and community-oriented, open commercial products have more vitality.
Envoy is one of the most popular Ingress implementations in the K8s community, and it is becoming the standard technical solution for traffic portals in the cloud-native era. The MSE cloud native gateway is built on Envoy and Istio to achieve a unified control plane control, and is directly connected to back-end services, supports Dubbo3.0 and Nacos, opens up Alibaba Cloud Container Service ACK, and automatically synchronizes service registration information. MSE Cloud Native Gateway's support for Dubbo 3.0 and Nacos has been launched in Dingding business first. The following figure shows the deployment diagram of Dingding Dubbo 3.0 as follows:
More stable: The technology has been accumulated for a long time, and it has passed the test of 2020 Double 11, carrying hundreds of thousands of requests per second
Commercial products are not overnight.
The MSE cloud native gateway has already experienced thousands of trials within Alibaba. At present, it has been used in Alipay, Dingding, Taobao, Tmall, Youku, Fliggy, Word of Mouth and other Ali business systems, and has passed the test of the massive number of requests on the 2020 Double 11, and the big promotion day can easily carry hundreds of thousands of requests per second , The daily request volume has reached the level of tens of billions.
Cloud Native Gateway Applicable Scenarios
The cloud native gateway can currently cover all business scenarios in north-south and east-west directions, that is, it can support traditional registration centers such as Nacos, it can also support K8s Service, and it can also support traditional ECS. The following diagram illustrates the following:
Write at the end
At present, the cloud native gateway has been officially commercialized, aiming to provide users with more reliable, lower cost, and more efficient enterprise-level gateway products that comply with the K8s Ingress standard. More release details will be moved to the live room to watch:
The cloud native gateway provides post-payment and monthly and monthly payment modes. It supports 4 regions of Hangzhou, Shanghai, Beijing, and Shenzhen, and will gradually open up other regions. The cloud native gateway discount period is 10% off. The purchase link is at the end of the article. middle.
Dingding scan the QR code below or search the group number 34754806 to join the user group to communicate and answer questions.
Click to read the original text at the end of the article to learn more about the product.
1) Introduction to IDaaS:
2) Cloud native gateway purchase link: