Shulou(Shulou.com)06/03 Report--

This article mainly explains "what is the reason why micro-services must have gateways". The explanation in this article is simple, clear and easy to learn and understand. let's study and learn "what is the reason why micro-services must have gateways"!

What is a service gateway

Service Gateway = Route forwarding + filter

1. Routing and forwarding: receive all external requests and forward them to the back-end micro-service

2. Filter: a series of crosscutting functions can be completed in the service gateway, such as permission verification, current restriction and monitoring, which can be done through the filter (in fact, routing forwarding is also achieved through the filter).

Second, why do you need a service gateway

The crosscutting function mentioned above (take permission verification as an example) can be written in three locations:

Each service is implemented by itself.

Write to a public service, and then all other services depend on that service

Write to the pre-filter of the service gateway, and all requests come for permission verification

First, the shortcomings are so obvious that they are basically useless.

Second, code development is much better than the first, and code development is not redundant, but it has two disadvantages:

Because each service introduces this common service, it is equivalent to introducing the same permission verification code in each service, which increases the jar package size of each service for no reason, especially for scenarios where docker images are used for deployment, the smaller the jar, the better.

Since each service introduces this public service, it may be difficult for us to upgrade this service later, and the more functions of the public service, the more difficult it is to upgrade, and suppose we change the way we check the permissions in the public services. if we want all services to use the new permission verification method, we need to re-import all the previous services, compile and deploy them.

The service gateway can just solve this problem:

Write the logic of permission verification in the filter of the gateway, and the back-end service does not need to pay attention to the code of permission verification, so the logic of permission verification will not be introduced into the jar package of the service, and the size of the jar package will not be increased.

If you want to modify the logic of permission verification, you only need to modify the permission verification filter in the gateway without upgrading all existing microservices.

Therefore, we need a service gateway!

III. Technical selection of service gateway

The micro-service architecture after the introduction of service gateway is as above, which consists of three parts: service gateway, open-service and service.

1. Overall process

Service gateways, open-service, and service are registered with the registry at startup

When the user requests, the gateway directly requests the gateway, and the gateway does intelligent routing forwarding (including service discovery, load balancing) to open-service, which includes operations such as permission verification, monitoring, current restriction, etc.

Open-service aggregates the internal service response and returns it to the gateway, which then returns it to the user

2. Introduce the attention points of the gateway

With the addition of the gateway and the addition of one more layer of forwarding (originally the user can request direct access to the open-service), the performance will decrease a little (but not much. Usually, the performance of the gateway machine will be very good, and the access between the gateway and the open-service is usually accessed through the private network, which is very fast.)

Single point of gateway: in the whole process of network call, there must be a single point, which may be gateway, nginx, dns server, and so on. To prevent a single point of gateway, you can hang another nginx,nginx in front of the gateway layer with very high performance and basically will not hang up. After that, the gateway service can continue to add machines. But such a request is forwarded twice, so the best way is for the gateway single point service to be deployed on a powerful machine (using pressure testing to estimate the configuration of the machine). And the performance comparison between nginx and zuul, according to an experiment done by a friend abroad, there is actually little difference. Zuul is an open source framework used as a gateway by netflix.

The gateway should be as light as possible.

3. Basic functions of service gateway

Intelligent routing: receives all external requests and forwards them to the external service open-service at the back end

Note: we only forward external requests, and requests between services do not go through the gateway, which means full-link tracking, internal service API monitoring, fault tolerance between internal services, and intelligent routing cannot be done at the gateway. Of course, all service calls can be done through the gateway, so almost all functions can be integrated into the gateway, but in this case, the pressure on the gateway will be very heavy.

Permission verification: only validates the user's request to the open-service service, not the request within the service. Is it necessary to verify requests within the service?

API monitoring: only monitor requests passing through the gateway, as well as some performance metrics of the gateway itself (for example, gc, etc.)

Current limiting: cooperate with monitoring to carry out current limiting operation

Unified collection of API logs: similar to an aspect section, recording the entry and exit logs of the interface

. . . Follow-up supplement

The above functions are the basic functions of the gateway, and the gateway can also implement the following functions:

A | B test: a | B test is a relatively large thing, including background experimental configuration, data burying point (depending on the conversion rate) and the shunting engine. In the service gateway, the shunting engine can be implemented, but in fact, the shunting engine will call the internal service, so if you follow the architecture shown in the above figure, the shunting engine should be done in the open-service, not in the service gateway.

4. Technology selection

The author is going to build a lightweight service gateway. The technical options are as follows:

Development language: the advantage of java + groovy,groovy is that the gateway service can dynamically add filter to implement some functions without restarting.

Micro-service infrastructure: springboot

Gateway basic component: netflix zuul

Service registry: consul

Permission check: jwt

API monitoring: prometheus + grafana

API Unified Log Collection: logback + ELK

Stress test: Jmeter

Thank you for your reading. the above is the content of "the reason why micro-services must have gateways". After the study of this article, I believe you have a deeper understanding of the reason why micro-services must have gateways. Specific use also needs to be verified by practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.