- Complex SDK authentication modules increase system complexity and security risks when the user center is accessed across regions due to the active-active architecture being only available in the market service module
- OpenResty lacks a robust monitoring system for observability and needs customized scripts to achieve scalability, resulting in higher development and operation costs
- An incomplete NGINX registry center with no heartbeat mechanism lowers availability and stability, making it unable to promptly handle system failures
Used the API gateway to uniformly manage the authentication. Snowball Finance replaced the original JWT authentication with APISIX's jwt-auth plugin and used the grpc-transcode plugin to handle the previous OAuth 2.0-related authentication.
Established multi-dimensional monitoring with APISIX's Prometheus plugin for the following metrics: NGINX connection status and inbound/outbound traffic, HTTP error status code rate, and APISIX request latency.
Used the APISIX official plugin apisix-seed to integrate ZooKeeper for service discovery.
Competitive Edge of Our Solution
Within Snowball Finance, its RPC calls reach around tens of billions per day, and the peak volume can reach 50,000 QPS, which can result in high latency. Our solution can ease such conditions easily. Built on top of NGINX and LuaJIT, our solution can handle traffic at a rate of up to 18,000 QPS per CPU core with a latency of just 0.2 ms.
No uniform authentication methods in the original architecture result in poor scalability and cumbersome processes. Snowball Finance expects the new gateway to have strong scalability. Our solution supports over 100 plugins, enabling quick adaptation to Snowball Finance's business changes.
Support for Multiple Protocols
The main technology stack inside Snowball Finance is related to gRPC, so it needs a new gateway to forward and call services at the gateway layer, and also supports protocol translation. Our solution can perform functions such as load balancing, rate limiting, and authentication, and it can also translate between protocols to support different types of clients.
Low Cost for Authentication
Snowball Finance hopes to realize authentication at the gateway layer, and requires that the cost of transformation is relatively low. Our solution supports a variety of authentication methods like Keycloak, OAuth and Okta, and the operation is simple and visualized, which effectively helps Snowball Finance reduce authentication costs.
Snowball Finance implemented the unified authentication, circuit breaking, and rate limiting at the gateway layer, reducing system coupling and improving service quality in dual data center scenarios
Snowball Finance established a unified monitoring solution from the gateway to the service layer leveraging the APISIX's Prometheus plugin and provided excellent support for global troubleshooting
Better Support for Protocol Translation
Our solution provided Snowball Finance an elegant implementation approach for gRPC protocol translation and service management.