Shulou(Shulou.com)06/02 Report--

Reprint this article need to indicate the source: Wechat official account EAWorld, violators will be prosecuted.

Introduction:

As an independent module, Puyuan EOS 8 API Gateway can manage the whole life cycle of API, such as creation, release, maintenance, monitoring and so on.

Table of contents:

First, why the introduction of EOS8 gateway

II. The technical framework of EOS 8 gateway

III. Examples of API access and monitoring

First, why the introduction of EOS8 gateway

With the increasing popularity of micro-services, the development of online commerce and the expansion of people's demand, there are many kinds of business services in enterprises, and there are a large number of business services. Upgrading, management and maintenance of services of this scale, the cost of time and resources is self-evident. The value of API Gateway is revealed. At the same time, the choice of API Gateway is also particularly important.

Unified API management, full-cycle asynchronization of high concurrent requests, and flexible API adaptation are the advantages of EOS 8 API Gateway.

How does API Gateway operate between modules?

The figure above shows the process view between EOS 8 API Gateway modules, which makes it easy for us to understand the entire business execution process.

First, you need to register the gateway and the back-end application with Eureka (this step can be ignored if the back-end service is not a micro-service).

Then, create the API that needs to be published in the governor interface, and configure the corresponding ip authentication and flow control configuration, all of which will be synchronized to the Gateway Server cache.

Finally, the service consumer system needs to subscribe to API on Governor to obtain the token credentials issued by the gateway to the caller (the later version will add IAM authorization). The consumer system gets the token credentials to access the published API,Gateway Server from the Redis read cache for ip and flow control verification, reads token information from its own cache (later version authentication is completed by IAM), API configuration for request and API adaptation, and after each EventHeadler is completed Applications that are routed by Ribbon to Eureka registration (if the back-end service is not registered with Eureka, it is picked up by asynchronous NioClient).

II. The technical framework of EOS 8 gateway

EOS8 Gateway deployment Topology Architecture

There are two deployment modes for EOS 8 API Gateway.

EOS 8 API Gateway can be deployed separately without relying on registries and configuration centers in the microservice architecture. The functions of API authentication, ip authentication, flow control, configuration management, protocol data conversion and call log monitoring are still available throughout the life cycle. However, the functions of relying on the service routing of the registry, the unified configuration of the API of the configuration center, and the back-end service monitoring of the monitoring / logging center will be missing.

As an important member of micro-service governance, EOS 8 API Gateway can rely on registry, configuration center and monitoring / logging center for micro-service governance.

Register API Gateway and backend applications in the registry. When configuring the API to be managed, you can select the application of the registry or enter the backend service address manually.

B. The gateway API can be configured uniformly in the configuration center, such as unified configuration request header response header, unified request parameters response parameters, and so on.

C, the monitoring / logging center can monitor back-end service calls and resource usage registered with the registry.

Management Portal (Governor) is a portal for service governance and asset management in EOS 8 micro-service architecture. It is operated by the administrator page for API configuration release, API grouping management, blacklist configuration, flow control configuration, system / application registration, unified configuration and other operations. However, the interfaces of the above functions have detailed swagger documents and can be expanded according to your needs.

API_Gateway_Monitor is the log parsing component that comes with the gateway. The gateway now supports Mysql, Oracle and PG databases, and Redis stores flow control data.

Main Technologies of EOS8 Gateway deployment Topology Architecture

The registry uses Spring Cloud Eureka and the configuration center uses Ctrip Apollo.

The main technical framework of the gateway:

The gateway uses Oauth3 authentication technology (later works with IAM for permission verification).

In the environment of java8 and Spring4, Spring Boot increases the efficiency of development.

The embedded Jetty container makes the gateway lighter and keeps the system performance in an acceptable state.

The Netty framework based on the transport layer is used to provide an asynchronous and event-driven network application framework, which lays the foundation for our core framework of phased message asynchronous processing architecture.

Phased message asynchronous processing

You can think of a request for Api Gateway and a response from API Gateway as the entire process.

Logical segmentation. The whole process is divided into four service Stage: request access / response access, proxy service processing, business service processing, request access / response access.

Segments communicate based on queues / messages. Each business Stage has its own independent business processing Event Handler, Event Queue and thread pool, and there is no dependency between each stage. The current Stage event processing is completed, encapsulated in Message, and then dispatched to the Event Queue of other Stage until the entire Stage processing is completed with Nio Client or Ribbon Client picking up. When Event queue absorbs excessive load, the limited thread pool maintains concurrency.

The Stage controller is responsible for the allocation and scheduling of resources, and controls the number and order of events sent to Event Handler. Event Handler may discard, filter, and reorder events internally.

The phased message asynchronous processing architecture realizes the full-cycle asynchronization of high concurrent requests in EOS 8 gateway.

API Gateway provides unified API management

EOS 8 API Gateway provides unified API management at the functional level.

First of all, it has multi-protocol access and connection, such as HTTP protocol, REST protocol, WS protocol and so on. The released API can be used by internal systems, third-party application systems and front-end R & D personnel.

Secondly, in the service access layer, authority authentication, IP authentication and user name and password authentication are realized, coupled with a reliable flow control mechanism to ensure the security of transmission through the gateway.

Finally, the Api Gateway Server services engine has the following contents:

Api Gateway Server implements protocol extension and message transformation internally, which can be configured on the Governor management page according to the requirements.

The connection of the Server end is realized by Ribbon Client and can be routed according to the application registered by Eureka.

Flow control data are stored in Redis, which gives priority to ensure the transmission efficiency under the limited JVM resources.

The API Gateway Monitor independently developed by Puyuan with server can easily parse the log files of tens of millions of concurrent calls, and present effective API call details and trends for governor.

API Gateway can scale out using F5 or Nginx to cope with larger invocation requirements.

The circuit breaker mechanism can effectively protect the main thread of JVM and provide guarantee for transmission security.

Rich service engine makes API management more perfect.

III. Examples of API access and monitoring

How do I use the EOS 8 gateway? How do I register and publish an API with an EOS 8 gateway? How does the service consumer system invoke the published gateway according to token?

API registration

Create a backend application

If you need API Gateway to dynamically route to the back-end application, you need to register the application service with Eureka and then register with Governor. Be prepared when selecting a back-end service for API registration.

The first step in creating an API (configure basic information)

The first step in creating an API is to configure the basic configuration information, defining the grouping, protocol and name of the API that needs to be registered.

Step 2 of creating API (configuring API access [Protocol / data conversion])

The second step in creating the API is to configure the API access, which is involved when the external system calls the API published by the gateway.

There are four basic configurations:

"request Path" is the URI of API.

"HTTP Method" is the method of the http request.

There are two kinds of "input mode": penetration and transformation. The difference between penetration and transformation is that the former gateway only does proxy forwarding in the service invocation life cycle, while the latter can adapt and transform the request message.

The data types of "message type" request messages are: JSON, XML, FORM forms by default. If you have other requirements, you can expand them in the data dictionary.

This example is http traversal. The path parameter "num1" is added to the parameter list. All the parameters defined in the parameter list can be used in Path, Header and Body of the backend service.

In the process of system docking, the common API is equipped with json to json, xml to json, json to xml.

In EOS8 API Gateway, no matter what the format of the requester's message is, as long as the message data needed by the back-end service request can be extracted from the Path, Header or Body of the request, the back-end service request message can be reconstructed.

As shown in the figure, in the input parameter definition, when extracting the HTTP message body, the "parameter path" is selected according to the message type. When the request message is in JSON format, the parameter is extracted with "$. *" JSONPath, and when the message is in XML format, the parameter is extracted with "/ * / *" XPath.

The key data of the request message is extracted and saved in the parameter list, which can be used by the back-end service configuration.

Step 3 of creating API (configuring API backend service)

The third step in creating an API is to configure the API backend service.

There are six basic configurations:

The "back-end protocol" is a network protocol that requests back-end services (the HTTPS protocol will be added in the next version).

"Service address" is the address of the back-end service. If the gateway is deployed independently in the deployment architecture, you can select "manually enter" to configure the back-end service. If you deploy the EOS8 micro-service architecture, you can select "Application" for dynamic routing.

"HTTP Method" is the way to request a back-end service.

The "timeout" is the circuit break time for the response of the back-end service.

The "backend request Path" is the URI of the backend service request.

The message type is the request message type that requests the back-end service.

Among the backend service parameters, you can configure the parameter path according to the parameter location. For example, in the "backend request Path" / json/library/book/ {library} "path, library can be used as a parameter path variable, and the corresponding parameter can be found in the parameter list for assignment.

For the reconstruction of the back-end service message, according to the known format of the back-end service request message, the VTL language is used to reconstruct, and the parameters in the parameter list are used to assign the value of the reconstructed message. An example of a message reconstructed by VTL:

{

"id": "$ReqBody_Did.asText ()"

"name": "$ReqBody_Dname.asText ()"

"isbn": "$ReqBody_Disbn.asText ()"

"author": "$ReqBody_Dauthor.asText ()"

"price": $ReqBody_Dprice.asText ()

}

For more information on VTL scripting language, please refer to http://t.cn/EGsgPrP)

Create the fourth step of API (respond to the result configuration)

The fourth step in creating the API is to respond to the resulting configuration.

"return ContentType" configures the message type of the response of the backend service.

The error Code definition allows you to customize the abnormal response of the back-end service.

At this point, a complete API that has implemented message conversion has been registered successfully, and then we will introduce how to add policy configuration to the newly registered API.

API policy configuration

Ip configuration

First, create a blacklist and whitelist policy. "Control type" can select blacklist or whitelist, "IP list" can be defined by regular expression, and then bind API to the whitelist policy you just created. If the binding is successful, the whitelist policy takes effect.

Number of calls configuration

First, create a call number control policy, configure the number of times API is called per unit time and the number of calls per unit time, and then bind API to the newly created call number policy. If the binding is successful, the call number policy takes effect.

Let's start with how to call API.

Call API

API release

API can only be called if it is in the published state.

Create a caller system

First create the caller system.

The caller system subscribes to API

The caller system then subscribes to the API.

Get the credential token issued by the gateway to the caller's system

After the subscription is completed, the gateway will issue a token that the calling system needs to pass to authenticate if it wants to call the API just subscribed.

Call the API after the system calls the subscription

Request the published API, put the token you just obtained into the "access_token" request header, and the call is successful within the scope of the IP policy and the number of calls policy.

After several more calls, monitor the details of the call.

API call monitoring

After the call just now, API Gateway Server will generate log files, and API_Gateway_Monitor will generate monitoring data after automatically parsing the logs, as shown in the figure above.

Summary:

EOS 8 API Gateway has many of these advantages, and more importantly, the two deployment models can meet the different needs of a wide range of users. Its message asynchronous processing mechanism and unified API management and other functions will attract a wide range of user experience and get their favor. The rich service engine will also make the API management more perfect and give users the best development experience.

Selected questions:

Q1: how can the high availability and scalability of the gateway be guaranteed?

A: when highly concurrent calls are made, the EOS8 gateway can be deployed in the container cloud and scaled out through tools such as F5 or Nginx. The flow control mechanism can limit the current of API and callers and reduce the occurrence of concurrency problems. The business server has a circuit breaker mechanism to ensure the high availability of threads. When you pick up, you can configure the number of reconnection times for the backend service timeout, and handle the call exception accordingly.

What is the mode of 2:api authorization?

A: the authorization adopts the API publish and subscribe mode. When the API is in the "published" state, the consumer system can subscribe to the API to obtain the token issued by the gateway. When the destination API of the gateway is called, the gateway will verify whether the call is legal according to the token.

Q3: how much concurrency does a single-node deployment support?

A: when the concurrency of 1K messages is 1000, the TPS of the gateway is 2362. With the increase of messages, the TPS will decrease.

About the author: Li Gong, Puyuan java development engineer, responsible for the maintenance of ESB/BIIP/DSB, participated in the development of Puyuan EOS 8 gateway, and carried out the research and development of ESB 6.7 upgrade at this stage.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.