Apache APISIX Fuels WPS Office to Handle Millions of QPS with Ease

Preview

About Kingsoft and WPS Office

Kingsoft Office is one subsidiary of Kingsoft, a leading software and Internet services company based in China listed on the stock exchange of Hong Kong. The flagship product — WPS Office is an all-in-one office suite that includes Writer, Spreadsheet, Presentation, and PDF for managing office tasks. By 2022, WPS Office reached a number of more than 494 million monthly active users and over 1.2 billion installations.

Initially, Kingsoft used NGINX as an API gateway to tackle operational challenges. The original version only has essential functionalities like dynamic upstream, blacklist functionality, and web application firewall (WAF). However, as the requirements expanded, Kingsoft Office embarked on a quest to explore alternative API gateway solutions that could better cater to their evolving needs.

Challenges

• The previous system had limitations in meeting fundamental operational and maintenance needs, lacking the ability to scale dynamically.
• The system handles a substantial amount of traffic and necessitates a robust API gateway for optimal performance.
• It lacked the capability to dynamically load changes, requiring reloading for modifications to take effect.

Results

• Implemented a solution that delivers high-performance and low-latency dynamic updates, enabling seamless customization and extension.
• Significantly increased the system's capacity to effortlessly handle millions of queries per second (QPS), ensuring unwavering business stability.
• Successfully established high availability measures and enhanced the system's security to safeguard critical operations.

Background

In the early stages, Kingsoft Office employed an API gateway to address operational issues, and they developed their own solution based on OpenResty and Lua. This solution enabled features of dynamic upstream management, blacklist functionality, and web application firewall (WAF). However, there were some drawbacks in the 1.0 phase.

For example,

• Only upstream was dynamic
• Reloading was required to update and reflect new domain names, which burdens the team to change new domains and routes daily
• The underlying architecture was designed for efficient management and operation, which was simplistic with limited features and scalability

Simultaneously, as their business grew, Kingsoft faced an increasing number of requirements for the API gateway's functionality. As a result, they began seeking a new API gateway solution.

Why Kingsoft Office Opted for APISIX?

In late 2019, when Kingsoft Office began researching API gateway products, there were many popular choices. However, subsequent testing revealed that the performance of the API gateways they evaluated fell short of meeting their requirements.

Seeking a more robust solution, Kingsoft Office delved further into their research, and that's when they discovered Apache APISIX.

Some other API gateways relied on PostgreSQL as the configuration center, which meant that updating routes could only be achieved through non-event-driven methods, necessitating the reloading of routes on each node.

Kingsoft Office chose APISIX based on three key considerations: performance, technical architecture, and the community.

1. Ultra-High Performance

Apache APISIX delivers the best performance among other API gateways with a single-core QPS of 18,000 with an average delay of 0.2 ms. Rigorous testing and benchmarking within Kingsoft Office consistently confirmed APISIX's superior performance, ensuring that Kingsoft Office could handle high loads and deliver optimal user experiences.

2. Scalable, Resilient, and High-Available Architecture

APISIX, taking etcd as its configuration center, allows for efficient and dynamic management of routes, plugins, and other critical components. This distributed key-value store enhanced APISIX's flexibility, enabling seamless updates and reducing the operational overhead associated with manual configuration changes. With Apache APISIX, Kingsoft Office could take advantage of the event-driven approach, eliminating the need for manual route reloading on individual nodes.

3. Active and Supportive Community

Kingsoft Office recognized the value of a vibrant and supportive community in driving innovation and providing resources. APISIX boasted an active and engaged community that contributed to its development, shared best practices, and offered assistance. This community-driven environment fostered innovation and collaboration, aligning perfectly with Kingsoft Office's commitment to staying at the forefront of technology advancements.

Optimized etcd Architecture at Kingsoft Office

Due to numerous NGINX static configurations in the original architecture at Kingsoft Office, the team opted not to utilize APISIX's CLI for auto-generating configurations. Instead, they employed Apache APISIX as a fallback and gradually migrated configurations to APISIX, ensuring a smooth transition.

During the implementation, the Kingsoft Office team made some customization based on APISIX, such as optimizing the etcd architecture. Generally speaking, multiple machines are involved in API gateway architecture within companies, sometimes numbering in the hundreds. Moreover, the number of workers burdens machine loads.

Consequently, when multiple machines monitor the same key, it puts significant pressure on etcd. Under such circumstances, for data consistency, etcd requires all events to be returned to the listening requests before processing new requests. When multiple machines are listening simultaneously, there are problems like etcd timing out and displaying overload errors.

To address this issue, Kingsoft Office developed an etcd proxy, as illustrated in the right part of the architecture diagram below. Working between Apache APISIX and etcd, the etcd proxy monitors keys and returns the results to Apache APISIX after receiving the results. Since the release of APISIX version 3.2, the number of connections is no longer affected by resources, significantly reducing the pressure on etcd.

Moreover, as the company scales up, the increase in the number of routes follows suit. When routes are frequently updated, the gateway experiences an increase in CPU usage and packet loss. The Kingsoft Office team fixed the issue with the inefficiency of using table.sort within Lua code environments. Apache APISIX also addressed this problem in its updated versions.

Benefits after Adopting APISIX

1. Supporting Millions of QPS at Ease

At the business level, Kingsoft Office operates a complex ecosystem comprising thousands of services meticulously containerized and deployed across an internal cloud-native platform. Within this dynamic environment, Apache APISIX plays a pivotal role as the central gateway, facilitating seamless communication and interaction between various services and users. Specifically tailored to meet the demands of the Middle Platform Department, APISIX efficiently manages the vast influx of requests, effortlessly handling millions of queries per second with remarkable precision and reliability.

2. Achieved Scalable and Flexible API Management

By embracing APISIX, Kingsoft Office transcended the limitations of its previous API management solutions, achieving scalability and flexibility that laid the foundation for future growth and innovation.

By migrating to APISIX, Kingsoft Office gained the ability to effortlessly scale its API infrastructure to meet the demands of a rapidly expanding user base and evolving business landscape. APISIX's modular architecture allowed for seamless integration with existing systems and services, enabling the company to extend its API management capabilities without disrupting ongoing operations.

Moreover, APISIX empowered Kingsoft Office with unparalleled flexibility in managing APIs, offering granular control over routing, traffic, and authentication policies. This newfound flexibility enabled the company to tailor its API management strategies to specific use cases, optimizing performance, and enhancing user experience.

3. Improved System High Availability and Security

Furthermore, Kingsoft Office has implemented several features to enhance the system's high availability and security, including proportional traffic distribution across multiple data centers and a one-click route-banning capability.

By configuring proportions, the distribution of traffic or requests across different data centers is optimized based on predefined ratios. This ensures efficient utilization of system resources and mitigates the impact of failures in a single data center, resulting in load balancing, improved system availability, and increased fault tolerance.

In the event of issues with a specific route or the need for temporary blocking, administrators can swiftly employ the one-click route-banning feature to instantly halt traffic transmission or access for that particular route. This safeguards the system against malicious activities while providing a seamless and convenient approach to managing network traffic and routes.

Conclusion

During practical application, the Kingsoft Office team discovered the exceptional flexibility and power of Apache APISIX. The stability and reliability of APISIX have garnered the trust of Kingsoft Office, while its ability to accommodate plugin modifications and custom compilation offers ample room for tailored customization.

The team diligently keeps track of APISIX's product changes, ensuring their version remains synchronized with the latest updates. With APISIX in place, Kingsoft Office effortlessly handles millions of queries per second, demonstrating the solution's robustness and its ability to meet the demands of a rapidly expanding user base. By adopting Apache APISIX, Kingsoft Office effectively addresses its evolving requirements, enhances operational efficiency, and positions itself for future growth in the dynamic networking products landscape.