Since the birth of Sunline API Gateway, it has been applied in dozens of financial customer projects such as Bank of Communications, Bohai Bank, Minsheng Bank’s Credit Card Business, etc. with numerous production tests, displaying high performance and high reliability.
With the development of microservices architecture, the legacy coarse-grained application is divided into many fine-grained microservices. With each service having its own API services and the demands between services have become intricate and complicated, issues such as unified API management, API security, traffic forwarding, and traffic management have become particularly prominent.
Breaking the game—introducing the API gateway
How to solve the problems associated with the development of microservices architecture, an extra layer needs to be introduced between the client and the services as a reverse proxy that initiates request routing from the client to the services which is similar to the appearance pattern in object-oriented design, providing a single entry-point for the API that encapsulates the underlying system architecture, the API gateway.
In short, the API gateway uses a single and unified API entry point to combine one or more internal APIs. The API gateway takes over all ingress traffic and forwards all user requests to the back-end server, uniformly managing the entire life cycle of the API.
The function of the gateway is not as simple as that. The API will also perform traffic governance such as authentication, current limiting, permissions, fuse, protocol conversion, error code uniformity, caching as well as traffic monitoring such as logs, monitoring, alarms, and security precautions such as protocol security, Access security, message security, etc. With the gateway unifying the services, the business side can focus more on the business logic and improve iteration efficiency. Hence, the importance of API gateway is evident.
The API gateway brings multiple values to the microservices architecture system:
• Isolates the external and internal to ensure the security of back-end services.
• Transforms external access control from the network level to the operation and maintenance level, reducing the change process and error costs.
• Reduces the coupling between client and services, enabling independent development of services through the mapping of gateway layers.
• Reduces the frequency of external access and improve access efficiency through gateway layer aggregation.
• Saves cost of back-end service development and reduces risk of going online.
• Provides simple solutions for service fusing, grayscale release and online testing.
• Facilitates application-level expansion.
As the entrance of traffic, the non-functional characteristics of the gateway such as high performance, high availability and scalability are crucial.
Sunline API Gateway relies on its good scalability to continuously improving and enriching its functions to dock with many internal and external systems, expand multiple access and access protocols. The gateway also supports multiple traffic management strategies and provide more comprehensive security defense control.
The following is a detailed analysis of the design practice of Sunline's API gateway from three aspects: the overall design of API gateway, API governance design, and API security.
The overall design of Sunline API Gateway:
1. Technical architecture design with maximum functional decoupling
At present, the maximum functional decoupling is not achieved. On this basis, Sunline has innovated comprehensively. The gateway service is divided into two parts: the control end and the operation end which are operated separately, so that the gateway operation service is separated. External dependence truly decouples the gateway to the maximum extent.
The API gateway adopts a front-end and back-end separation architecture model, is developed in Java language and uses the current mainstream technology stack Spring Boot and Spring Cloud systems.
• The main function of the control terminal is to manage gateway configuration, UI interaction, push data to the gateway running terminal, etc. The control terminal and the server side have a clear division of labor so that the gateway running terminal that is really responsible for processing the request will strive to maximize resources.
• The running end of the gateway is the gateway service. The core mechanism is the filter chain mechanism, the access and output mechanism. The gateway running end is docked with a variety of basic components including the monitoring center, Registration center, link center, log center, configuration center, etc. In order to ensure that the parameters configured by the user are lost in push, the gateway operation service will also regularly pull data from the gateway management and control service to achieve the effect of two-way data synchronization.
2. Highly expandable design provides more comprehensive expansion
The gateway running side adopts SPI mechanism which greatly increases the scalability of the gateway. In addition to the filter extension and management function extension that are supported on the market, Sunline can also provide access protocol extension, encryption and decryption. The expansion of multiple locations such as mode and message greatly increase the scalability points of the gateway.
• The filter extension function of the gateway belongs to a filter chain in the entire project. Filter of the gateway can be chosen through dynamic configuration of the page, for example the addition of a certain authentication mechanism to expand the filter chain.
• Access extension on the basis of the existing gateway multi-protocol to extend an access protocol, such as Dubbo, TSF, etc.
• Encryption and decryption extension extend new algorithms and rules such as encrypt and decrypt request, response messages and add signature verification.
• Gateway request response secondary extension supports the modification of the access request and the received response at the gateway level.
• Extended gateway response code and response information extension of the gateway response to the code and information is used to adapt to various response code response format requirements.
Except for the filter extension, the other extensions are for inbound and outbound.
3. High-availability design-logical cluster division with easy management and maintenance
The gateway is divided into two services, the control end (data control) and the running end (API call), and they run separately. The running end uses local cache to store information without any read library operations. When the control end is Down, it can still continue. API call.
The gateway server adopts a stateless cluster architecture that can contain multiple gateway instances. The cluster can be classified as a logical instance with each instance corresponds to only one gateway control terminal to prevent data confusion. Compared to the physical cluster division that is commonly used on the market, this logical cluster division is better to manage and maintain.
The gateway control end will actively send heartbeat detection to the running end and the gateway running end will periodically synchronize data to the control end to prevent inconsistencies caused by abnormal data synchronization at the control end.
The client accesses the gateway instance through the load balancer. The load balancer can adopt soft load or hard load mode. The load balancer can use MS architecture to avoid single points of failure.
API governance design:
1. API current limit
Limits the number of times API is accessed, ensuring the service to run normally under pressure and prevent the service from crashing due to excessive traffic. Distributed current limiting is implemented by distributed cache Redis.
When a request enters the RateLimiter Filter, a set of keys will be constructed according to the current request, then judged whether Redis is available. If it is available, Redis will be used for cluster current.
2. Fuse downgrade
When the service fails, in order to prevent the failure of the entire system, a fuse downgrade strategy is adopted for the system. Fuse downgrade processing can be performed according to dimensions such as the average response time, the proportion of abnormalities in seconds and the number of abnormalities in minutes.
3. API routing
API routing refers to invoking routing to different back-end services. Gateways support routing based on client IP, ratio, caller and custom methods according to the invocation as well as also support priority configuration.
Four modes of API routing include IP mode, keyword mode, tenant mode and proportion mode.
1. Protocol security
In order to ensure the security issues in the process of accessing the API, the gateway has added support for https in the design and the access method of https can be used directly to access the API in the gateway.
2. Access security
In many cases, the API is directly exposed to the public network so it is likely to be accessed maliciously. What the gateway has to do is to prevent such malicious access from occurring. Through JTW authentication access, permission control, signature authentication, black and white lists as well as other means to reduce the risk of API will be maliciously accessed.
Compared to a single access security method, Sunline's access security is more comprehensive in addition to the existing access security as it can continue to expand other security methods:
• Through authority control interface authorized by the administrator, the client has authority to access. If it is not authorized, it will be intercepted at the gateway and the response will be given to the client without access rights.
• Through signature authentication, the request parameters are generated by the SHA256 algorithm | RSA | national secret and other operations to generate a signature value according to the rules. The gateway verifies the customer's signature and continues after the verification is successful, otherwise it will be directly intercepted.
• Black and white list verify configuration.
• Through JWT authentication, a token from the gateway is applied before accessing the API. Each time the API accesses the Token, the gateway will analyze the Token including Token validity period verification, access authority verification and visitor identity verification, proceeding and intercepting as necessary.
3. Message security
When the client calls the API, the security of the incoming message is very important. The gateway ensures the security of the message by encrypting/signing the message.
• Encryption of the message ensures the security of the message during the access process. In addition to the currently supported AES, DES, RSA and national encryption methods, other encryption and decryption methods can be extended through the SPI mechanism.
• Signing the message to ensure the integrity of the message during the access process in addition to the currently supported RSA, SHA256 and national secret methods. Other signing methods can also be extended through the SPI mechanism.
4. Traffic safety
As an entrance of all applications, the gateway carries the access of massive traffic and the pressure of malicious traffic attacks that may erupt at any time. Therefore, flow control is a necessary part of gateway security to ensure the normal operation of the service and prevent the service from crashing due to excessive traffic.
In the rich practice of financial customers, Sunline believes that as a portal for enterprise capabilities, API gateways not only have basic request forwarding, protocol conversion, routing, security control and other functions but also high performance and high stability. It needs to have good scalability to facilitate the continuous enhancement of gateway capabilities. During the implementation of the gateway, it is necessary to plan the interaction between the gateway layer and the service layer. The decoupling of the gateway layer and the service layer to facilitate the independence of the work of each team and at the same time, in the management of the API, it is necessary to provide the full life cycle of the API to support management functions such as publishing, configuration, authentication, flow control and monitoring.
Whether it is microservices, distributed architecture or grid service architecture, API gateway is an indispensable part. As the traffic changes between services show explosive growth, API gateway serves as the system entry, playing an increasingly important role in the performance and reliability improvement of the system.