https://api7.ai/blog/apisix-vs-kong-3-0 API7.ai Logo --------------------------------------------------------------------- API Gateway Trends behind Features: Apache APISIX 3.0 vs. Kong 3.0 October 16, 2022 Technology & Products On September 28, 2022, Kong released the new Kong Gateway 3.0, which achieved some new functions and performance improvements. On September 21, Apache APISIX, the top-level project of the Apache Software Foundation, also released the preview version of Apache APISIX 3.0, introducing ten highlights in terms of ecosystem and features. Let's take a closer look at Version 3.0 of these two popular open-source API Gateway projects and figure out the development trend behind these updates. Let's first look at the eight highlights of Kong Gateway 3.0. Eight Highlights of Kong Gateway 3.0 Highlights OSS/ Type Target User Improvement If APISIX Notes Enterprise supports North American FIPS 140-2 Enterprise Compliance financial Compliance No Inapplicable version corporations and governments APISIX supports HashiCorp Vault OSS: since Dec, 2021 in environment OSS: feat(vault): variables vault lua module, integration with Secrets both Compliance Financial Enterprise: Yes jwt-auth Management corporations AWS Secrets authentication Manager and plugin HashiCorp Vault Kong Feb, 2022: feat(vaults) adds vaults beta support to kong APISIX June, 2022: feat: allows users Large and Increase to specify plugin Plugin Enterprise medium-sized business execution priority Ordering version Usability enterprises flexibility Yes with complex with plugins Kong July, 2022: scenarios feat(plugins) add support for ordering Medium and large Manage APIs Kong Manager Enterprise Usability enterprises better for Yes Inapplicable 3.0 version without many enterprise technical users teams Kong Dec, 2016: feat(proxy) supports websockets Verify Enterprise websocket APISIX supports Deep Enterprise users who scheme and Yes, websocket request Websocket version Function deeply use limit partially proxy, and can be Support websocket websocket used with plugins frame size such as limit-conn on Jan, 2020: feature: upstream support websocket enable Kong June, 2022: Large and feat(plugins) medium-sized opentelemetry enterprises Improve plugin OpenTelemetry both Function with complex observability Yes business APISIX Jan, 2022: call chains feat: add opentelemetry plugin Apache APISIX has Cloud been outperforming Performance vendors, Reduce server other API gateways Improvements both Performance fast-growing costs Yes in performance SaaS vendors since it was open-sourced in 2019. Kong July, 2022: feat(router) new Solve DSL based router Cloud performance support and tests New Routing vendors, issues with a fix Engine both Performance fast-growing large number Yes SaaS vendors of APIs and APISIX August, reduce server 2019: feature: costs supported to use router lua-resty-radixtree We can analyze three trends from the highlights of Kong Gateway 3.0: 1. Kong's investment in security and compliance in the financial sector is relatively large, which can be analyzed in terms of compliance with FIPS 140-2 and Secrets management. * Compliance with FIPS 140-2: FIPS 140-2 is a computer security standard used by North American financial companies and governments to approve encryption modules. Kong Gateway 3.0 Enterprise Version is built based on BoringSSL and will adapt plugins to be compatible with the requirements of the standard. Kong's support for FIPS 140-2 reflects Kong's development phase: after seven years of iteration, Kong has gradually focused on paying users, tending to meet the needs of financial companies and governments. * Secrets Management: The target users of this function are also financial enterprises. Kong Gateway 3.0 allows users to securely store sensitive information in AWS Secrets Manager and HashiCorp Vault, which Kong can access at runtime. In this way, a higher level of security protection is achieved. 2. From the PR links of each highlight, we can know that most of the eight highlights of Kong Gateway 3.0 are earlier implemented by Apache APISIX. 3. Kong Gateway 3.0 has a relatively significant improvement in performance for two reasons: * Kong adds a layer of cache on routing, greatly improving the performance for the benchmark. However, the problem is that the cache becomes invalid when the URL address changes. For details, check the code link below: atc.lua * Kong uses Rust to implement a brand-new routing engine, using DSL to increase the expressiveness of the routing layer. When receiving and sending HTTP requests, you can write expressions like this: net.protocol == "https" && (http.method == "GET" || http.method = = "POST") In scenarios where the requested route matches a specific host, the following expression can be written: (http.host == "example.com" && http.headers.x_example_version == "v2" ) || (http.host == "store.example.com" && http.headers.x_store_version == "v1") We can take Apache APISIX for comparison. Apache APISIX implemented a similar routing expression function using Lua-resty-radixtree in August 2019. APISIX's expressions support arbitrary NGINX variables and have more abundant operators. In addition to common numeric and string comparisons, regular expressions, arrays, and IP targeting are also supported. Most of these eight highlights in the Kong Gateway 3.0 version are biased toward the enterprise version. The following two figures can reflect the technological development trend of Kong more intuitively. The ratio of OSS and Enterprise version in Kong Gateway 3,0's 8 highlights Highlights supported by Apache APISIX in Kong Gateway 3.0 The features released in Kong Gateway 3.0 focus on the government, financial industry, and large enterprises that are more concerned about security compliance. Analysis of Eight Highlights of Apache APISIX 3.0 The open-source API Gateway Apache APISIX released a preview of version 3.0, which involves ten highlights of the 3.0 version of Apache APISIX. The author selected the most critical eight points for analysis. These eight highlights are all for open-source versions, focusing on ecosystem and technological improvements. Highlights Type Target User Improvement If Kong supports Companies Full Support Ecosystem migrating to Reduce server Yes, of ARM64 the cloud at costs partially scale Optimization gRPC Client Performance requirements Optimization No of APISIX Enhanced Businesses Service Ecosystem, relying on No Discovery Function microservices Support xRPC Framework Ecosystem, Internet Reduce server No Function companies costs Large and medium-sized Observability Function enterprises Enhance No on L4 with complex observability business functions Support Internet Manage APIs Gateway API Ecosystem companies better for Yes enterprise users More Plugins: Environment OpenFunction, variables for ClickHouse, Ecosystem, Internet OSS, AWS Secrets No Elasticsearch, Function companies Manager, and SAML, CAS HashiCorp Vault for Enterprise Performance Internet issues with a AI Plane Intelligence companies large number of No APIs and reduced server costs Another information we can get from the above table is that Apache APISIX improves in ecosystem and functional aspects. Among these highlights, there are two main points as below. * AI plane: In addition to the data plane and control plane, Apache APISIX adds an AI plane in the 3.0 version, which relieves application and ops developers from the pressure of use and O&M (operation and maintenance) through learning and analysis of API traffic and configuration. For example, the following two scenarios can be automatically optimized by the AI plane: 1. Discover APIs without authentication and send managers risk warnings. 2. Speed up processing by skipping unnecessary stages for APIs that are only configured with plug-ins in the access stage, such as identity authentication. The AI plane brings new possibilities to traffic processing. In the future, an automatic warm-up of upstream services and security threat detection can all be processed through the AI plane. * Full support for ARM64: ARM64 has become a very mainstream server architecture for cloud vendors. Various cloud vendors have begun rolling out servers based on Arm architecture like AWS Graviton and GCP Tau T2A. Apache APISIX has done a comprehensive CI regression test on ARM64 to ensure smoothness when users run Apache APISIX under the Arm architecture. Users care a lot about this. The performance comparison of ARM architecture with GCP and AWS has received nearly 100 comments on Hacker News. Conclusion Kong Gateway 3.0 has made new progress in compliance, usability, functions, and performance, focusing more on enterprise security compliance. All the functions introduced by Apache APISIX 3.0 are open-source while paying more attention to ecosystem and new technology exploration. Let's wait and see how Kong and Apache APISIX will iterate and develop in the future! Share Related Posts What Is gRPC? How to Work With APISIX? Ecosystem September 28, 2022 What Is gRPC? How to Work With APISIX? How Does NGINX Reload Work? Why Is NGINX Not Hot-Reloading? Technology & Products September 30, 2022 How Does NGINX Reload Work? Why Is NGINX Not Hot-Reloading? API7.ai Logo API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh. [ ]Subscribe to Newsletter Product API7 Cloud API7 Enterprise Commercial Support Open Source Apache APISIX K8s Ingress Controller wasm-nginx-module Contributor Graph Resources Blog NGINX + Lua Apache APISIX Summit Apache APISIX Quickstart Company About Contact Careers Handbook Terms & Privacy --------------------------------------------------------------------- Copyright (c) HONG KONG APISEVEN LIMITED. 2019 - 2022. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation