APISIX Boosts Lenovo to Build Lightweight and Decentralized Gateway

This blog comes from a speech of Leon Yang, a Senior IT Architect at Lenovo, who has been dedicated to promoting the reuse of software engineering components and building a sharing technology ecosystem.

Overview

About Lenovo

Lenovo Group Limited, which was founded on November 1, 1984, as Legend and is commonly referred to as Lenovo, is an American-Chinese multinational technology company specializing in designing, manufacturing, and marketing consumer electronics, personal computers, software, business solutions, and related services.

Challenges

• A large number of scattered and poorly managed API interfaces, as well as improper use of APIs within the enterprise, leads to high IT operational costs.

• A centralized API Gateway architecture can cause a single point of failure and hinder the scalability and availability of the system, potentially leading to downtime and disruptions in the services provided.

• Deploying too many API scenarios and routes in a single gateway node can cause latency issues and overwhelm the system while installing an etcd/ZK for each API gateway can make the architecture too heavy.

• Heterogeneous system architectures with multiple API authorizations from various providers can add complexity to API usage, making it harder to manage and maintain.

Results

• The gateway performance can be improved to more than 20,000 TPS with proper tuning.

• Over 100 low-code business applications have leveraged this lightweight API gateway component architecture, which has enhanced their performance and resilience.

• Efficiently manage the full API lifecycle in a unified manner for all gateways.

• Saved great time and effort for developers by providing a unified API management marketplace.

• Established comprehensive API analysis and monitoring

Background

Nowadays, businesses are becoming more and more complex. Technologies are changing with each passing day, which has had a huge impact on software development. Lenovo has been looking for a more efficient way for project delivery at a lower cost, that is reusing original system resources by componentization.

The first step is to build an out-of-the-box reusable internal API ecosystem with a large number of components. Therefore, our team can reuse existing software assets by componentizing technical functions and standardizing the architecture.

It is an effective way for enterprises, enabling developers no longer need to face a variety of technology selections.

Consequently, Lenovo started developing its internal applications based on component-based patterns, reducing engineering application development costs, and improving software delivery quality and efficiency. Meantime, Yang's team established a high-quality enterprise API service ecosystem for fully reusing the capabilities of internal systems and external partners, thus constructing powerful business solutions.

Why Lenovo Opted for APISIX

Lenovo chose Apache APISIX mainly because APISIX has merits in the below aspects.

• Built with NGINX and LuaJIT, APISIX has high performance, rich OpenResty library, and is easy for customization. In the past, Lenovo adopted multiple commercial API gateway products that were positioned in the leading quadrant of Gartner. However, these products posed challenges in meeting the unique needs of enterprises, such as customizing authorization flows and dashboards.

• APISIX Provides lightweight deployment architecture. Lenovo needs a lightweight gateway that can function as a component embedded within an application. However, most commercial or open-source API gateway products are too heavy for our system.

• Dynamic hot reloading allows for publishing APIs without the need to restart systems, reducing downtime and improving business system operation SLA.

• Flexible plugin customization enables developers to create personalized processes that meet the unique needs of the enterprise.

• With the strong support of an active community and ecosystem with a wide range of high-quality plugins like kafka-logger and authz-keycloak, Lenovo benefits from enhanced functionality and extensive customization options.

• The enabled Web Application Firewall (WAF) provides essential security measures and traffic control features to enhance the overall protection and performance of Lenovo's system.

• Friendly open-source license: Apache License 2.0. Lenovo only considers using two protocols, Apache License 2.0 and MIT in terms of security compliance.

Decentralized Gateway and Centralized Dev Portal based on APISIX

Lenovo adopted several measures to integrate its architecture with APISIX.

Firstly, Lenovo established its Centralized API Dev Portal to improve the efficiency and quality of API management and use of API. Then, it set up a Centralized Registry Center (etcd) for gateway health-check and API subscription synchronization to deploy multiple registry centers.

Furthermore, Lenovo provided a lightweight gateway delegated in business applications or domains that provides secure access to applications and services without a centralized gateway. This approach allows more granular control over access and authentication, improves scalability and performance, and reduces the risk of a single point of failure.

Lastly, by offloading the authorization of API provision services and delegating the authorization of API consumers to the business applications or domains, Lenovo can better manage its API security and improve the developer experience.

Achievements after Using APISIX

After implementing APISIX, a significant number of changes were made within Lenovo.

Improved Performance with Flexible Configuration

APISIX's remarkable scalability offers Lenovo the necessary flexibility for customization. With APISIX, Lenovo's decentralized gateway architecture provides high-performance and highly scalable enterprise-level API gateway solutions, effectively eliminating the bottleneck caused by centralization.

Previously, the system resources constrain the number of APIs that can be deployed in a single cluster to less than 1,000. The gateway performance is bottlenecked by some resource-intensive APIs, resulting in an average throughput of less than 4,000 TPS. Furthermore, any API failure will degrade the overall API routing performance and affect all clients.

However, by leveraging APISIX, Lenovo's decentralized gateway architecture enables the efficient deployment of gateway nodes and APIs based on specific business scenarios. Each gateway node can be configured and optimized independently according to its system resources and workload. Consequently, there is no longer a limit on the total number of APIs that can be deployed across the network. Moreover, with proper tuning, the gateway performance can be significantly improved to exceed 20,000 TPS.

Inreased Security and Scalability

Deploying a lightweight gateway as a component of an application or business domain improved the application security, as well as greatly enhanced the flexibility of deploying API by scenarios.

Each business scenario can benefit from independent API routing and customized security policies, which provide complete isolation between different scenarios. This enables each business scenario to perform API changes and start-stop operations according to specific plans.

So far, more than 100 low-code business applications have leveraged this lightweight API gateway component architecture, which has enhanced their performance and resilience without being hampered by the unified gateway operation and maintenance challenges. This lightweight API gateway component architecture is projected to encompass most of the business scenarios in the next 2 to 3 years.

Realized Full API Lifecycle Management

Centralized API Dev Portal enables API providers to efficiently manage the full API lifecycle in a unified manner for all gateways.

Utilizing an API Dev Portal to manage API information can effectively prevent various business teams from duplicating their API admin tools. Additionally, it enables the possibility of establishing unified API technical standards, documentation standards, and security standards. To integrate complex heterogeneous systems or legacy systems from different business domains, the API Dev Portal also provides various authorization processes extended from the APISIX plugin for the backend services of APIs, such as basic-auth, OAuth2, Customized Header, and so on. So far, 100+ developers are using the API Dev Portal for API management.

Provided Unified API Management Marketplace

API Marketplaces, such as the one facilitated by APISIX, play a vital role in simplifying the process of finding the required APIs for developers. These marketplaces also facilitate efficient sharing and discovery of API information across departments in large enterprises, thereby reducing the time spent on searching for APIs.

Currently, the API market is already being leveraged by over 1000 developers from various business domains to search and access the necessary API information. It has proven to be an indispensable tool for streamlining the development process and ensuring access to the most up-to-date and accurate API information.

As APISIX continues to expand its functionality and coverage within the API market, more developers are expected to rely on it as a valuable resource for their development needs. APISIX provides developers with a centralized platform to search for and access the APIs they require, significantly saving them time and effort during the development process. Furthermore, the API market powered by APISIX offers developers a collaborative environment to share their own APIs, fostering innovation and collaboration within the development community.

Achieved Enhanced Monitoring

API Analytics and Monitoring provides businesses with valuable insights into the performance of their APIs. APISIX plays a crucial role in assisting Lenovo in monitoring its platforms, enabling developers to optimize APIs for enhanced performance, scalability, and reliability. Additionally, it aids in the early detection of potential risks, such as errors and latency, preventing them from becoming significant problems.

Summary

Leon highlights that the combination of a high-performance tech stack and a flexible open-source architecture empowers Lenovo to create robust and efficient solutions. This powerful combination provides organizations with the tools and capabilities they need to tackle complex challenges and deliver exceptional outcomes.

In light of these capabilities, Lenovo places great confidence in APISIX and its vibrant community. With the unwavering support of APISIX, Lenovo is well-positioned to achieve remarkable milestones and remain at the forefront of technological advancements in the industry. By leveraging the strengths of APISIX, Lenovo can drive innovation, foster growth, and continue to lead the way in delivering cutting-edge solutions to meet the evolving needs of the market.