Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about why micro services should have gateways, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

What is Service Gateway Service Gateway = Route forwarding + filter

1. Routing and forwarding: receive all external requests and forward them to the back-end micro-service

2. Filter: a series of crosscutting functions can be completed in the service gateway, such as permission verification, current restriction and monitoring, which can be done through the filter (in fact, routing forwarding is also achieved through the filter).

Second, why do you need a service gateway

The crosscutting function mentioned above (take permission verification as an example) can be written in three locations:

Each service is implemented by itself and written to a common service, and then all other services rely on this service to write to the pre-filter of the service gateway, and all requests come to verify permissions.

First, the shortcomings are too obvious to use; second, compared to the first point, code development is not redundant, but there are two disadvantages:

Because each service introduces this common service, it is equivalent to introducing the same permission verification code in each service, which increases the jar package size of each service for no reason, especially for scenarios where docker images are used for deployment, the smaller the jar, the better. Since each service introduces this public service, it may be difficult for us to upgrade this service later, and the more functions of the public service, the more difficult it is to upgrade, and suppose we change the way we check the permissions in the public services. if we want all services to use the new permission verification method, we need to re-import all the previous services, compile and deploy them.

The service gateway can just solve this problem:

Write the logic of permission verification in the filter of the gateway. The back-end service does not need to pay attention to the code of permission verification, so the logic of permission verification will not be introduced into the jar package of the service and will not increase the size of the jar package. If you want to modify the logic of permission verification, you only need to modify the permission verification filter in the gateway without upgrading all existing micro services.

Therefore, we need a service gateway!

III. Technical selection of service gateway

The micro-service architecture after the introduction of service gateway is as above, which consists of three parts: service gateway, open-service and service.

1. The overall process service gateway, open-service and service are registered with the registry when they are started When the user requests, the gateway directly requests the gateway, and the gateway does intelligent route forwarding (including service discovery and load balancing) to the open-service, which includes operations such as permission verification, monitoring and current restriction. Open-service aggregates the internal service response and returns it to the gateway. The gateway is returned to user 2. The attention point of the gateway is added with one more layer of forwarding (the original user request can directly access the open-service) The performance will degrade a little (but not much, usually, the performance of the gateway machine will be very good, and the access between the gateway and open-service is usually private network access, which is very fast) Single point of gateway: in the whole process of network call, there must be a single point, which may be gateway, nginx, dns server, and so on. To prevent a single point of gateway, you can hang another nginx,nginx in front of the gateway layer with very high performance and basically will not hang up. After that, the gateway service can continue to add machines. But such a request is forwarded twice, so the best way is for the gateway single point service to be deployed on a powerful machine (to estimate the configuration of the machine through pressure testing), and the performance comparison between nginx and zuul, according to an experiment done by a friend abroad, there is actually little difference. Zuul is an open source framework used by netflix as an open source gateway; the gateway should be as light as possible. 3. Basic functions of service gateway

Intelligent routing: receiving

External

All requests are forwarded to the external service open-service at the back end

Note: we only forward external requests, and requests between services do not go through the gateway, which means full-link tracking, internal service API monitoring, fault tolerance between internal services, and intelligent routing cannot be done at the gateway. Of course, all service calls can be done through the gateway, so almost all functions can be integrated into the gateway, but in this case, the pressure on the gateway will be very heavy.

Permission verification: only validates the user's request to the open-service service, not the request within the service. Is it necessary to verify requests within the service?

API monitoring: only monitor requests passing through the gateway, as well as some performance metrics of the gateway itself (for example, gc, etc.)

Current limiting: cooperate with monitoring to carry out current limiting operation

Unified collection of API logs: similar to an aspect section, recording the entry and exit logs of the interface

. . . Follow-up supplement

The above functions are the basic functions of the gateway, and the gateway can also implement the following functions:

A | B test: a | B test is a relatively large thing, including background experimental configuration, data burying point (depending on the conversion rate) and a shunting engine. In the service gateway, the shunting engine can be implemented, but in fact, the shunting engine will call the internal service, so if you follow the architecture of the above figure, the shunting engine had better be done in the open-service, not in the service gateway. Follow-up supplement 4. Technical selection

The author is going to build a lightweight service gateway. The technical options are as follows:

Development language: the advantage of java + groovy,groovy is that the gateway service does not need to restart to dynamically add filter to achieve some functions; micro services infrastructure: springboot; gateway basic components: netflix zuul; service registry: consul; authority verification: jwt;API monitoring: prometheus + grafana;API unified log collection: logback + ELK; stress test: Jmeter; after reading the above, do you have any further understanding of why micro services need a gateway? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.