Leverage Amazon for Apache APISIX's Ecosystem and Growth

October 26, 2022

Ecosystem

Author Chao Zhang is an Apache APISIX PMC member as well as a technical expert in API7.ai. He is the product lead of API7 Cloud and an open-source enthusiast. This article collated Chao's shared contents from "AWS Summit Greater China 2022".

Apache APISIX

In 2019, two software engineers rented a tiny office, created an API gateway project from 0 to 1, open-sourced it, and donated it to the Apache Software Foundation. The project, APISIX, has later become a top-level Apache project and the most popular open-source API gateway project with an active community and rapid growth. The two engineers, who founded API7.ai, are now joined by many like-minded people from all over the world, continuing to contribute to Apache APISIX, making it a shining star in the field of api management.

Ultimate Performance & Rich Extensions

APISIX has had a high-performance demand as a cloud-native API gateway since its birth. Therefore, when using Apache APISIX, users' most direct expressions are its high performance and low latency. Meanwhile, in terms of features, APISIX has an extensive ability to handle traffic. Therefore, APISIX is often used for canary release and blue-green deployment. Besides that, APISIX also has an identity authentication function regards API security, and it supports different authentication methods, such as JWT Auth, HMAC Auth, Open ID Connect protocol, etc.

Also, APISIX is friendly to developers who work on extensions and custom development. Except that APISIX itself could support Lua, you could also leverage APISIX Plugin Runner to use high-level languages to extend APISIX, such as Java, Go, Python and WebAssembly. With the support of multi-language plugins, you can make custom developments without any extra learning expense.

Diverse Ecosystem & Active Open-source Community

APISIX has many actions regarding the ecosystem and has made integrated developments based on many different types of projects. The main repository of APISIX has owned more than 70 different plugins.

You can achieve rapid integration and deployment with platforms like AWS by using these plugins, and they could also help reduce users' extra development expenses during usage.

Meanwhile, the number of APISIX community's monthly contributors usually maintains at about 30, which is a very active number. In the APISIX's Github repositories, you could also see a lot of community users help answer and resolve issues, PRs, and questions in the Discussion. The positive community environment also helps fasten product upgrades and enrich the ecosystem.

Therefore, APISIX has started having enterprise clients worldwide, such as Airwallex, Sina Weibo, European Factory Platform, NASA and Nayuki, etc. Furthermore, thanks to more and more enterprises' usages and contributions, APISIX has become more well-known to the public. Currently, APISIX's contributors have exceeded 300, and the whole APISIX-related open-source projects' contributors over time have exceeded 500.

github_contributors.PNG

Architecture Upgrade

Back to the product's architecture level, APISIX's architecture uses data plane + control plane mode like the following image.

apisix_architecture.PNG

The left-hand side is APISIX itself, which is also the data plane of the whole API gateway, and it mainly handles and processes users' business traffic. In addition, APISIX provides service management functions such as rate limiting, load balancing, etc. The right-hand side is the API gateway's control plane, which controls APISIX's operating components, including logging components related to observability to collect operating status data. Meanwhile, with etcd and Admin API, APISIX could help users configure related rules so that APISIX could operate as intended.

multi_language_plugin_architecture.PNG

As mentioned above, multi-language plugins could be embedded into the data plane's architecture on the left-hand side. For example, it allows users to use programming languages like C++ or Rust to extend APISIX through the wasm plugin module inside APISIX. Meanwhile, the right-hand side demonstrates how to extend APISIX based on Plugin Runner by using multiple languages. It would call language-specific Plugin Runner (such as Java Plugin Runner) to receive requests from APISIX through traditional Unix domain socket in an RPC way and helps APISIX to handle this traffic.

APISIX's Exploration On Amazon

Currently, APISIX has some explorations regarding products and performance based on Amazon.

Amazon Marketplace

apisix_amazon_market.PNG Note: API7.ai is also known as Zhiliu Technology

If you search APISIX in the Amazon Marketplace, you will see the above results. It has been listed on the platform since 2021. Using the above software, you could rapidly deploy APISIX to all Amazon EC2 instances. Also, this software is free, so you only need to pay EC2 instance fees.

This software would run an APISIX and an etcd instance in the EC2 instance. Therefore, it is more suitable for existing Amazon users when you want to directly use APISIX, or use POC(Proof of Concept) to justify whether APISIX meets the requirements of your target scenarios.

CDK APISIX

CDK is an open-source software development framework provided by Amazon that aims to help users to manipulate the cloud infrastructure through coding.

APISIX community's committer, Pahud Hsieh developed cdk-apisix based on CDK. This project allows users to create APISIX instances through coding and automation ways. Unlike what we mentioned above, it could directly deploy APISIX on AWS Fargate. Therefore, we could achieve automatic deployment and destruction in some scenarios that need event triggers. The whole process doesn't need any manual operation and becomes more responsive as well.

aws-cdk.PNG

Based on the above architecture, the client's traffic will be directed to APISIX through cloud ELB, and APISIX will do some basic processing afterward, such as authentication, rate limiting, etc. Then, finally, the traffic will be sent to the actual application instances at the backend.

By using the CDK method, users could deploy Apache APISIX by using their familiar coding languages, and it could leverage these high-level languages' attributes to deploy APISIX on Amazon more conveniently. Meanwhile, in the aspect of usage, when you accomplish a template configuration of deployment, it could be copied and customized. Therefore, you can directly use this template configuration whenever you need it in the future so that you can ease the deployment process.

Amazon-Lambda Plugin

When you use Lambda or Serverless to deploy applications, there is an extremely cheap way to run the related projects, and it can achieve instant scaling as well as some other business scenarios. Using this way to deploy applications, we usually need an event trigger so that the API gateway can turn into a pathway for the event trigger.

When the user configures the APISIX's amazon-lambda plugin in the routing, it can redirect the entire traffic to the Lambda function addresses configured by the user. The Lambda function will handle these requests and send back the results to the client via APISIX.

This plugin also supports Amazon IAM identification and Key AUth. In that case, the Lambda function deployed at the backend could better integrate with APISIX without sacrificing security.

In May 2022, the AWS Graviton 3 processors were officially released. Thanks to DDR5 memory, Gravition3 processors provide up to 25% better compute performance, up to 2x higher floating-point performance, and 50% more memory bandwidth compared to AWS Graviton2 processors; Graviton3-based instances use up to 60% less energy for the same performance than comparable EC2 instances.

Shortly after the release of AWS Graviton3 processors, APISIX did a complete regression test based on the AWS Graviton3 processors, which means users can confidently use APISIX on the Graviton3 EC2 instances. There won't be any compatibility issues. Meanwhile, we also did performance tests on the family of AWS Graviton processors. Referring to the following two scenarios, we performed the performance tests on AWS Graviton2 and AWS Graviton3 processors.

  • Single upstream: We only use single upstream in this scenario (without any plugins), and we mainly test the performance of APISIX under the pure back-to-source proxy mode.
  • Single upstream + multiple plugins: We use a single upstream and two plugins in this scenario, and we mainly test the performance of APISIX when we enable limit-count and prometheus , which are two core performance-consuming plugins.

aws-graviton.PNG aws-graviton-plugin.PNG

From the above images, we could find that APISIX has a killing performance regardless of stability or traffic handling capability. AWS Graviton3 processors provide up to 76% better performance in IO-intensive compute scenarios like API gateway and reduce up to 38% latency. This data has an even better performance than the above-mentioned official data provided by AWS (25% performance boost).

performance-comparison.PNG

In general, its performance is remarkably outstanding in using APISIX on Grafana 3. Based on high-performance processors like AWS Graviton3, APISIX could help boost efficiency and reduce resources and costs in the actual business.

How does API7 Cloud leverage Amazon to achieve rapid product growth?

With the rapid growth of Cloud Native, more and more enterprises have moved their business to the cloud (they usually choose multiple public cloud platforms). Therefore, how to efficiently manage and deploy cloud APIs has become an urgent problem.

API7 Cloud is a SaaS service based on APISIX and helps users connect all SaaS products deployed on any cloud platform. API7 Cloud was first released in March 2022 and provides users with an easy-to-use API management function, flexible and rich observability metrics, and API security, which allows API connection to become more efficient, more secure, and more reliable.

This product charges users on the number of API calls, and currently, it supports two ways to deploy the data plane. The first one is self-host, which means users prepare their infrastructure and deploy APISIX to the infrastructure so that APISIX can communicate with API7 Cloud. The other way is called semi-managed, also called semi-hosted. First, users must authorize API7 Cloud to manage their cloud account (such as an Amazon account). Then they could deploy APISIX to all its infrastructures under their accounts with a single click on the API7 Cloud configuration panel.

Currently, the entire API7 Cloud components are hosted on AWS and using AWS services; the product architecture is shown below: api7_cloud.png

From the above image, the data plane with APISIX could be deployed on different cloud platforms, and it could even be deployed on the user's infrastructure or data center. On the API7 Cloud side, it mainly provides vital attributes like observability, basic API management, and securities.

By leveraging Amazon's services, API7 Cloud has a better product performance.

First of all, APISIX relies on the Amazon EKS service. As a brand new SaaS product, API7 Cloud was deployed on K8s from the very beginning. Therefore, we deploy all the components on the EKS clusters; thus, we could use some capabilities provided by the cloud. Meanwhile, each user would have different components, and any individual component could run inside the cluster. Thus, we did some network isolation by using the tenant isolation method developed on NetworkPolicy, to ensure these tenants' namespaces won't be able to access each other. In this service, we also use APISIX Ingress Controller as the gateway to smoothly run the entire operation.

APISIX Ingress Controller is an implementation of the Ingress controller, which allows users to convert configured rules to APISIX rules so that APISIX can handle actual traffic.

Second, as the most critical component in the product, API7 Cloud chooses the Amazon RDS(Postgre SQL) as the database. We store users' metadata in the RDS, such as API's source data and user actions. As a SaaS product, we need to know how a user uses our product and determine whether we have issues with the layout and developers' user experiences to determine our product's future direction.

We also use the Amazon ElasticCache component in API7 Cloud and choose Redis with master-slave mode. Redis is mainly used to store the data plane's instances' status, which is the status data periodically sent to Cloud when APISIX connects with API7 Cloud. Since the data is neither sensitive nor vital, and the data plane needs to communicate frequently with the control plane, thus we didn't choose a relational database here.

Apart from that, this component has another important usage: it could be considered a message queue. Redis 5.0 introduces the Stream data structure, so we could use it as a super lightweight message queue to help users create, manipulate and destroy data more quickly.

Conclusion

This article shares the user experiences from the perspective of APISIX-related projects. With the support of Amazon's services and ecosystem, APISIX further explored its ecosystem. We wish APISIX and Amazon could have more interesting integrations and altogether develop a better ecosystem.

Topics:
AWSApache APISIXAmazon-Lambdapluginperformance