API Gateway Showdown: Compare Top Solutions & Our Traefik‑Based Custom Build

Hello, I am Su San. Microservices have become very popular in recent years, bringing a rich ecosystem that includes API gateways, Docker, Kubernetes, and more.

I started working with microservice gateways in 2019, focusing on the backend side, and later studied the frontend implementation to grasp the overall design.

Below is a concise summary of common API gateways and a deep dive into our own Traefik‑based solution.

Common API gateway comparison and selection, plus an introduction to our self‑developed microservice gateway – packed with practical insights!

API Gateway Basics

What is an API Gateway

API gateway is a server that serves as the single entry point of a system. From an object‑oriented design perspective it resembles the Facade pattern.

It encapsulates internal architecture, provides customized APIs to each client, and may also handle authentication, monitoring, load balancing, caching, protocol conversion, rate limiting, circuit breaking, and static response processing.

The core idea is that all clients access microservices through a unified gateway, handling all non‑business functions at the gateway layer. Typically the gateway exposes REST/HTTP APIs.

Main Functions of a Gateway

The microservice gateway acts as a unified entry point, managing backend services via a data plane and a control plane:

Data plane: processes incoming HTTP requests, aggregates split microservices, provides routing, filtering, protocol conversion, authentication, circuit breaking, gray release, logging, traffic monitoring, etc.

Control plane: offers unified management and configuration, such as elastic scaling, centralized config distribution, tagging, and Swagger integration for API documentation, improving efficiency and reducing communication cost.

Key Capabilities

Routing : core ability to forward requests to target microservices, often using service discovery.

Load Balancing : integrates with Eureka, Consul, etc., using round‑robin, weight, IP‑hash, etc.

Unified Authentication : central SSO reduces duplicated authentication logic in services.

Protocol Conversion : bridges heterogeneous systems (REST, AMQP, Dubbo, etc.) for web, mobile, and open platforms.

Metrics Monitoring : counts requests, tracks latency, and can use dashboards like Hystrix.

Rate Limiting & Circuit Breaking : throttles traffic and protects downstream services.

Black/White List : filters malicious requests and mitigates DDoS attacks.

Gray Release : traffic shaping based on request tags for gradual rollout.

Traffic Tagging : colors requests for downstream tracing and analysis.

Documentation Center : integrates Swagger to expose unified API specs.

Log Auditing : captures request/response logs at URL granularity.

API Gateway Selection

Common Open‑Source Gateways

Brief overview of popular solutions:

Nginx

Nginx is a high‑performance HTTP server and reverse proxy. It can serve static files and, with Lua scripts, provide flexible custom logic. It uses an asynchronous, non‑blocking architecture with a master‑worker process model.

Zuul

Netflix’s open‑source API gateway, integrates with Eureka, Ribbon, Hystrix, and fits into the Spring Cloud ecosystem. It relies on filter chains for authentication, routing, load balancing, monitoring, and multi‑region resilience. Zuul 1 is servlet‑based (blocking), while Zuul 2 runs on an asynchronous, non‑blocking framework with one thread per CPU core.

Spring Cloud Gateway

A modern replacement for Zuul 1, built on Spring 5, Spring Boot 2, and WebFlux (Netty). It offers higher performance, supports routing, load balancing, circuit breaking, authentication, path rewriting, logging, and built‑in rate‑limiting.

Kong

Open‑source gateway based on OpenResty (Nginx + Lua). It stores configuration in Cassandra or PostgreSQL, provides a RESTful admin API, supports plugins for authentication, CORS, logging, rate limiting, etc., and scales horizontally.

Traefik

A lightweight Go‑written reverse proxy and load balancer that integrates with Docker, Swarm, Kubernetes, Consul, etc. It features automatic configuration, hot‑reloading, built‑in circuit breaking, and a clean UI for metrics.

Comparison

Focus on Kong, Traefik, and Zuul. Community activity favors Kong and Traefik; maturity is strong for Kong, Tyk, and Traefik; performance leads with Kong; extensibility via plugins is rich in Kong and Tyk, while Zuul requires more custom development.

Our Custom Microservice Gateway Based on Traefik

Technology Stack

Traefik : open‑source reverse proxy with dynamic configuration.

Etcd : distributed key‑value store for configuration sharing and service discovery.

Go : high‑performance language with strong concurrency.

Gateway Architecture

The system consists of three parts:

Gateway Backend (hal‑fe & hal‑admin) : manages applications, services, and plugins, publishing configuration to Etcd.

Traefik : reads Etcd config, performs routing, delegates authentication to hal‑agent, forwards HTTP or passes gRPC/Thrift to the proxy module.

Protocol Conversion Module (hal‑proxy) : converts gRPC and Thrift protocols, discovers downstream instances, applies load balancing, and forwards transformed data.

Backend Management

Three core entities:

Application : name, domain, path prefix, group, status.

Service : name, registration method, protocol type, group, status.

Plugin : name, type, configuration (e.g., path rewrite, authentication).

Each application binds to one service but may have multiple plugins. Configurations are compiled into files following Traefik’s strict format and stored in Etcd.

Protocol Conversion Details

The hal‑proxy module contains a Resolver that resolves service names to IPs and ports, caches them, and updates periodically. Protocol modules initialize clients per endpoint and perform data transformation before forwarding. A lock‑free circular queue replaces a mutex‑protected pool, boosting concurrency.

Blindly believing a book is worse than having none; errors are inevitable, feedback is welcome.