Mastering API Gateways: Fundamentals, Comparison, and a Traefik‑Based Custom Solution

API Gateway Basics

What is an API Gateway

API gateway is a server that serves as the single entry point of a system. From an object‑oriented perspective it resembles the Facade pattern.

It encapsulates internal architecture and provides each client with a customized API, often handling authentication, monitoring, load balancing, caching, protocol conversion, rate limiting, circuit breaking, and static response processing.

Main Functions

Microservice gateways act as a unified entry for backend services and are divided into a data plane and a control plane.

Data plane : receives HTTP requests, aggregates split microservices, performs routing, filtering, protocol conversion, security authentication, circuit breaking, gray release, logging, traffic monitoring, etc.

Control plane : manages configuration, scaling, tag assignment, and can expose API contracts via Swagger for documentation.

Key capabilities include routing, load balancing, unified authentication (SSO), protocol conversion, metrics monitoring, rate limiting, black/white list filtering, gray release, traffic coloring, documentation center (Swagger), and log auditing.

API Gateway Selection

Common Gateways

Nginx – high‑performance HTTP server and reverse proxy; can be extended with Lua for dynamic routing.

Zuul – Netflix open‑source gateway integrated with Eureka, Ribbon, Hystrix; available as Zuul 1 (Servlet‑based) and Zuul 2 (asynchronous, non‑blocking).

Spring Cloud Gateway – built on Spring 5, Spring Boot 2, and WebFlux; offers routing, load balancing, circuit breaking, authentication, path rewriting, logging, and built‑in rate limiting.

Kong – open‑source gateway based on OpenResty (NGINX + Lua); stores configuration in Cassandra or PostgreSQL and provides plugins for authentication, CORS, logging, rate limiting, etc.

Traefik – modern HTTP reverse proxy and load balancer written in Go; supports dynamic configuration from many backends (Docker, Kubernetes, Consul, etc.) and offers hot‑reloading, health checks, and a clean UI.

Comparison Highlights

Community activity favors Kong and Traefik; maturity also leans toward Kong, Tyk, and Traefik; performance leads with Kong; architectural extensibility is strong in Kong and Tyk, while Zuul requires more custom development but integrates tightly with Spring Cloud.

Custom Traefik‑Based Microservice Gateway

Technology Stack

Traefik – lightweight reverse proxy with automatic dynamic configuration.

Etcd – distributed, highly available key‑value store for configuration and service discovery.

Go – high‑performance language with strong concurrency support.

Gateway Framework

Gateway Backend (hal‑fe, hal‑admin): manages applications, services, and plugins, publishing configuration to Etcd.

Traefik : reads Etcd configuration, performs routing, and delegates authentication to hal‑agent; forwards HTTP requests directly and forwards gRPC/Thrift via the protocol conversion module.

Protocol Conversion Module : reads Etcd config, converts gRPC/Thrift protocols, discovers downstream instances, and uses load balancing to forward converted traffic.

Gateway Backend Details

Application : name, domain, path prefix, group, status.

Service : name, registration method, protocol type, group, status.

Plugin : name, type, configuration (e.g., path rewrite, authentication).

Each application can bind to one service but multiple plugins.

Protocol Conversion Module (hal‑proxy)

The resolver module discovers service instances (IP and port) via various internal sources and caches them in memory with periodic updates.

Protocol modules initialize a client for each target service and perform data conversion before forwarding.

The connection pool originally used Go's sync pool with locks; it was replaced by a lock‑free ring buffer using atomic operations, greatly improving concurrency performance.