This topic describes the differences between Microservices Engine (MSE) cloud-native gateways and self-managed gateways in terms of cost, stability, security, ease of use, and scalability.
Item | MSE cloud-native gateway | Self-managed NGINX Ingress gateway | Self-managed Spring Cloud gateway | |
Cost | Resource cost |
| Resource O&M is required. You must provide CPU and memory resources. Resource costs are high. | Resource O&M is required. You must provide CPU and memory resources. Resource costs are high. |
System development cost |
|
|
| |
Stability | High availability | Gateways are deployed across multiple zones and failures are automatically detected and fixed. A service-level agreement (SLA) of up to 99.95% is provided. | You must develop a high-availability system that may deliver a low SLA. | You must develop a high-availability system that may deliver a low SLA. |
Performance |
| Manual performance tuning is required. | Manual performance tuning is required. | |
Monitoring and alerting | MSE cloud-native gateways are deeply integrated with Prometheus Service, Log Service, and Tracing Analysis. MSE cloud-native gateways provide various dashboards, display metric data at the service level, and send alert notifications by using DingTalk messages, phone calls, and text messages. MSE cloud-native gateways also allow you to create custom alert rules. This helps locate abnormal gateways. | You must develop a monitoring and alerting system. | You must develop a monitoring and alerting system. | |
Security | Web application firewall (WAF) protection | A built-in WAF is provided to decrease the request processing duration and response time. Route-level protection is used instead of instance-level protection. | A separate WAF is used and security protection is time-consuming. | A separate WAF is used and security protection is time-consuming. |
Authentication | Multiple authentication methods such as JSON Web Token (JWT) and OAuth are used. Route-level blacklists and whitelists are provided. Security plug-ins are supported. | You must manually configure complex security and authorization settings. | You must manually configure complex security and authorization settings. | |
Ease of use | Protocol conversion | HTTP-to-Dubbo conversion is supported. | Manual operations are required. | Manual operations are required. |
End-to-end canary release | Cloud-native gateways can work with Microservices Governance to implement an end-to-end canary release without requiring you to modify business code. | Manual operations are required. | Manual operations are required. | |
Throttling and degradation | By default, cloud-native gateways are integrated with Sentinel to provide routing-level fine-grained throttling and degradation policies. You can implement throttling and degradation without the need to modify business code. | Route-level throttling policies are not supported. | Throttling and degradation are supported. | |
Service discovery capabilities | The following service sources can be used for service discovery: Kubernetes clusters, Nacos instances, ZooKeeper instances, DNS, fixed IP addresses, Alibaba Cloud Enterprise Distributed Application Service (EDAS), and Serverless App Engine (SAE). | Kubernetes clusters can be used for service discovery. | Nacos instances and ZooKeeper instances can be used for service discovery. | |
Routing |
|
|
| |
Scalability | Plug-in marketplace | WebAssembly plug-ins are supported. You can use Lua scripts that are written in non-Java programming languages to perform rolling updates of plug-ins. The updates take effect in milliseconds. | Lua scripts are supported. Process reloading is required for plug-in updates. | Java filter extension is supported. |