2. 2
1. API management vs API gateway
2. API gateway deployment
patterns
3. Selecting the right deployment
pattern for my application
Agenda
Jay Desai
Technical Solutions
Architect
j.desai@f5.com
is now a part of
3. But first … brief History of APIs
Sales Force Automation
• February 7th, 2000 Salesforce.com
officially launched at the IDG Demo 2000
conference.
eBay API
• November 20, 2000, eBay launched the
eBay Application Program Interface (API),
along with the eBay Developers Program.
3
4. Three Common Patterns
4
Monolithic Hybrid Microservices
Application modernization
>60%
Core, legacy
business apps
~30%
Legacy with micro-
services add-ons
~10%
Modern apps
optimized for digital
Statistics from 2018 NGINX Brand Survey
5. Monolithic Application
Architecture
• Feature sets coded into the application.
• Adapters complicated to interact with.
• Rest API available but is an application
in itself.
• Complicated change management.
• Broken code = Broken Application.
20. Edge Gateway
20
API
A
API
B
API
C
D
E
F
G
H
• TLS termination
• Client authentication
• Authorization
• Request routing
• Rate limiting
• Load balancing
• Request/response manipulation
• Façade routing
21. Two-Tier Gateway
21
API
A
API
B
API
C
D
E
F G
HSecurity Gateway
• TLS termination
• Client authentication
• Centralized logging
• Tracing injection
Routing Gateway
• Authorization
• Service discovery
• Load balancing
• Rate Limiting
25. F
E
Sidecar Gateway
25
E
E
F
F
D
D
D
• Outbound load balancing
• Service discovery integration
• Authentication
• Authorization?
Edge / Security Gateway
• TLS termination
• Client authentication
• Centralized logging
• Tracing injection
28. Data Plane
Control Plane
<scripts>
<API’s>
Request Response
Data Plane
Control
Plane
Request Response
Manages and
Monitors all of
your API’s
Routes
Incoming
API Calls
Traditional API Management Modern API Management
Manages and
Monitors all of
your API’s
Routes
Incoming
API Calls
A B C
29. Picking the Right Gateway Pattern for
my Application
Edge Gateway + Monoliths with centralized governance
- Frequent changes, DevOps team-owned microservices
Two-Tier
Gateway
+ Flexibility, independent scaling of functions
- Distributed control
Microgateway + DevOps teams, high-frequency updates
- Hard to achieve consistency, authorization minefield
Sidecar
Gateway
+ Policy-based E/W, strict authentication requirements
- Control plane complexity