Limitations of legacy API gateways
API gateways have enabled application and data access for many years. But the technology trends of the last 5 years are causing many companies to rethink their previous product and architectural decisions.
As organizations increase their usage of microservices and container-based architectures, the traffic management, security policy and observability limitations of legacy API Gateways products becomes abundantly clear.
The Evolution of API Gateways
Products for managing traffic at the edge have evolved over time, but can be broadly divided into the following groups.
Hardware Load Balancers
Hardware load balancer or Application Delivery Controllers (offerings like F5 BigIP and Citrix ADC) are legacy data center technologies for traffic management at the perimeter. These legacy products are expensive, have no understanding of cloud native architectures, and introduce a single point of failure. In addition, their configuration is typically managed by a separate network team (not DevOps-friendly) and they have high operational costs. If you are embracing cloud computing, it is time to move on from this decade old technology.
NGINX-based API Gateways
While NGINIX can provide the proxy foundation for an API gateway, significant additional functionality needs to be added to NGINX and a number of vendors have taken this architectural approach. One example is Kong Gateway, an API gateway that leverages NGINX, Lua (LuaJIT and LuaEngine), and a persistent data store. The primary issue with this approach is that it requires Lua expertise to implement and customize Kong Gateway. In addition, implementing API gateways with outdated scripting languages has significant drawbacks with tail latency, debugging, scaling, and highly dynamic environments. Kong Gateway also incorporates a persistent data store using PostgresSQL or Cassandra which increases operational complexity and expense. It can be run in a DB-less mode but that results in feature loss and degradation.
Web Server-based Load Balancer and Reverse Proxies
One of the most popular products in this category is NGINX, a load balancer and reverse proxy for HTTP and other protocols. These types of technologies are reliable for static content and ingress and egress, but they don’t provide a suitable API Gateway out of the box and require add-ons like NGINX+, NGINX Controller, NGINX App Protect and NGINX Amplify. Like many older technologies, it wasn’t built for highly dynamic environments and API management.
Full life-cycle API management products
Full life-cycle API management tools (like Apigee) emerged as the need to share APIs across organizations grew along with the need to better manage, document and even monetize API traffic. Most products in this category were developed during the time of monolithic application architectures and VMs and have been slow to support cloud architectures. In addition, they tend to suffer from performance and latency issues due to their use of Java-based architectures and other dated platform technologies. Finally, they have limited ability to integrate into DevOps/GitOps workflows and have high operational costs.
The Move to Modern, Cloud Native API Gateways
As applications are built using containers and microservices architectures, deployed onto Kubernetes and across multiple clouds, and planning for future web and mobile innovations, the need for a modern API Gateway becomes readily apparent.
Modern API Gateways have the following characteristics:
MODERN | Built on Envoy Proxy
Built to solve Internet-scale API challenges, Envoy Proxy is the foundation of next-generation of API Gateway architectures. Leveraging an open source community with 300+ companies making contributions, Envoy has emerged as the de-facto data plane for cloud-native applications and APIs. Envoy abstracts the network, providing infrastructure-as-code concepts, while delivering traffic management, security and observability features in a platform-agnostic manner. This foundation enables a modern API gateway to provide services including security, reliability, filtering, transformations, and routing. Working collectively, the API gateway can provide higher-level services such as federation, high availability, load balancing, failover, zero-trust security, tracing, and metrics gathering.
Unlike previous solutions built on hardware appliances, HAProxy, NGINX and other legacy technologies, Envoy Proxy is designed to easily integrate future innovations such as Web Assembly, GraphQL and many more.