网关设计规划

2019-09-26  本文已影响0人  飞天的龙王

Architecture upgrade:


1. Segregate codes into three different module:

    a. logic codes : which could be changed rapidly by requirement changed. e.g. API composite、API error handlers、business validation

    b. control codes: which could be complicated and more abstract but less rarely changed. e.g. sync、async、concurrent orchestration、networking flow

    c. operation codes: which could be tedious but can offer important info about service. e.g. logging,、metrics、healthy checks

2. Split codes vertically into three layer:

    a. access layer:provide edge functionality such as : version control、black/white list、authentication/authorization、flow control、traffic shaping、fuzing and degradation、caching、encryption/decryption

    Can be implemented to pluggable pipeline filter.

    b. API layer:providing features like: API composite、API error handlers

    c. base common layer:providing common functionality


Codes upgrade:

1. define a unified code naming and package 

2. pluggable interceptor mechanism 

3. domain self-contained logic and data,not coupled with dependency(API was stable but backend was variable)

4. simple and expressive payload 

5. general invoking


Security upgrade:

1. common networking security check: implement check to protect such as xss、ddos、xsrf、relay attack

2. authentication and authorization check(4A): integration with Authentication/Authorization service to auth/auth request.(Spring security/Shiro/Oauth2)

3. data desensitization and data encryption

4. invalid request attack

5. black/white list

6. tenant resource validation:validate resource operation is only to specified tenant (can use unified resource_id to match with tenant_id)

7. other customized process:implement  customized process


Performance upgrade:

1. remove db sore:

    a. query by cache: multilayer cache: local cache(query frequently、small size) → middleware cache(redis data cache) 

    b. persist directly in cache( cache provider as persistent store( redis AOF) ): request → middleware store(redis persistent data) 

    c. async transmit data to db: middleware store(redis) →  message service → DB

    d. other cache data flow: db →  message service → middleware cache

2. reactive communication: spring webflux monos to support async IO transmit and non-blocking IO integrated with event based functional programming

3. async invoking: use netty to do async invoking with backend service (directly use netty or other tech like spring cloud gateway extension to do integration)

4. concurrent orchestration:use mono to implement concurrent orchestration

5. serialization/deserialization: use more sufficient mechanism such as protobuffer、avro

6. data/cache pre-processing: pre construct static data/cache or half data

7. aggregate query:use batch query when big traffic with same kind of query request(need backend service support)


Stability upgrade:

1. limitation:rate limitation、fuzing and degradation、dynamic timeout mechanism

2. segregation:API、 API group、API module segregation with different in-service mechanism like semaphore、thread pool or alone service segregation

3. queued processing:queued data to post process and notified to front end

4. fail-fast mechanism style:use fail-fast mechanism style to avoid more unused traffic transmitted to backend service

5. retry/timeout mechanism:refactor retry/timeout mechanism to implement auto adjust retry policy/timeout value based on (a. config  b. avg timeout rate statistics) which avoid high latency backend service traffic

6. cache penetration:use different methods to protect penetration such as bloom filter、empty data caching


Operation upgrade:

1. health check: customized health check mechanism integration with Service discovery system and Load balancer

2. metrics :integration with Metric monitor system /Alarm system like Prometheus

3. tracing:integration with Distributed Tracing system like Zipkin、Cat

4. logging:integration with logging aggregation center like ELK

5. dynamic configuration/switch: integration with config center like Spring Config Server

6. exception:integration with exception management system like Sentry to do alarm or other error process

7. auditing:implement auditing functionality

上一篇下一篇

猜你喜欢

热点阅读