Skip to content

lsk569937453/silverwind

Repository files navigation

Silverwind-The Next Generation High-Performance Proxy

build License

English 简体中文

The Silverwind is a high-performance reverse proxy/load balancer. And it could be also used as the ingress controller in the k8s.

Silverwind-Dashboard

Start the Silverwind-Dashboard over docker-compose.
The docker-compose.yaml is like following:

version: "3.9"
services:
  silverwind-dashboard:
    image: lsk569937453/silverwind-dashboard:0.0.7
    container_name: silverwind-dashboard
    ports:
      - "4486:4486"

  silverwind:
      image: lsk569937453/silverwind:0.0.7
      container_name: silverwind
      ports:
        - "6980:6980"
      environment:
        ADMIN_PORT: 6980

You could check the main page for Silverwind -Dashboard after you execute the docker-compose up command.

Why we chose Silverwind

Benchmarks

We do the performance testing between several popular proxies including NGINX, Envoy, and Caddy. The benchmarks show here.

The test results show that under the same machine configuration (4 cores 8G), in some indicators (requests per second, average response time), the data of Silverwind is almost the same as the NGINX and Envoy. In terms of request latency, Silverwind is better than NGINX and Envoy.

All basic functions are developed in native language - fast

Silverwind is not only a reverse proxy/load balancer, but also an API gateway. As an API gateway, Silverwind will cover all basic functions (black and white list/authorization/fuse limit/gray release , blue-green publishing/monitoring/caching/protocol conversion).

Compared with other gateways, Silverwind has the advantage of covering all the basic services of the API gateway, and has high performance. Second, Silverwind's dynamic configuration is close to real-time. Every time the configuration is modified, it will take effect within 5 seconds (close to real-time).

Kong

The free Ratelimiting plugin for Kong is inaccurate. If we want to achieve more accurate Ratelimiting, we have to buy the enterprise version of Kong.

Envoy

Envoy does not have built-in ratelimiting. Envoy provides a ratelimiting interface for users to implement by themselves. Currently the most used is this project. The first disadvantage is that the project only supports fixed-window ratelimiting. The disadvantage of the fixed window ratelimiting is that it does not support burst traffic. The second disadvantage is that every time Envoy is requested, it will use grpc to request the ratelimiting cluster. Compared with the built-in current limiting algorithm, this actually adds an additional network hop.

Dynamic Configuration

You could change the configuration over the rest API. And the new configuration will have an effect in 5 seconds.

Compile or Download the release

Install the openssl

Mac & Linux

https://docs.rs/openssl/latest/openssl/

Windows

Install openssl as following:

> git clone https://github.com/microsoft/vcpkg
> .\vcpkg\bootstrap-vcpkg.bat
> .\vcpkg.exe install openssl

Install strawberryperl from https://strawberryperl.com/.

Compile

You have to install the rust first.

cd rust-proxy
cargo build --release

You could get the release in the target/release.

Download the release

Download the release from the website.

Config Introduction

Silverwind as the http proxy

- listen_port: 9969
  service_config:
    server_type: HTTP
    routes:
    - matcher:
        prefix: /
        prefix_rewrite: ssss
      route_cluster:
        type: RandomRoute
        routes:
        - base_route:
            endpoint: http://localhost:8888/
            try_file: null
        - base_route:
            endpoint: http://localhost:9999/
            try_file: null
        - base_route:
            endpoint: http://localhost:7777/
            try_file: null

The proxy will listen the 9969 port and forward the traffic to the http://localhost:8888/,http://localhost:9999/.http://localhost:7777/.

Silverwind as the tcp proxy

- listen_port: 4486
  service_config:
    server_type: TCP
    routes:
    - matcher:
        prefix: "/"
        prefix_rewrite: ssss
      route_cluster:
        type: RandomRoute
        routes:
        - base_route:
            endpoint: httpbin.org:443
            try_file: null

Setup:

Windows Startup

$env:CONFIG_FILE_PATH='D:\code\app_config.yaml'; .\rust-proxy.exe

Or you could start without the config file like the following:

.\rust-proxy.exe

Rest Api

Create the routes

POST /appConfig HTTP/1.1
Host: 127.0.0.1:8870
Content-Type: application/json
Content-Length: 1752

{
    "listen_port": 3001,
    "service_config": {
        "server_type": "Http",
        "routes": [
            {
                "matcher": {
                    "prefix": "/",
                    "prefix_rewrite": "/"
                },
                "route_cluster": {
                    "type": "PollRoute",
                    "routes": [
                        {
                            "base_route": {
                                "endpoint": "https://httpbin.org/get"
                            }
                        }
                    ]
                }
            }
        ]
    }
}

Get the appConfig

GET /appConfig HTTP/1.1
Host: 127.0.0.1:8870

Update the routes

PUT /route HTTP/1.1
Host: 127.0.0.1:8870
Content-Type: application/json
Content-Length: 629

{
    "route_id": "90c66439-5c87-4902-aebb-1c2c9443c154",
    "host_name": null,
    "matcher": {
        "prefix": "/",
        "prefix_rewrite": "ssss"
    },
    "allow_deny_list": null,
    "authentication": null,
    "anomaly_detection": null,
    "liveness_config": null,
    "health_check": null,
    "ratelimit": null,
    "route_cluster": {
        "type": "RandomRoute",
        "routes": [
            {
                "base_route": {
                    "endpoint": "http://127.0.0.1:10000",
                    "try_file": null,
                    "is_alive": null
                }
            }
        ]
    }
}

Delete the route

DELETE /route/90c66439-5c87-4902-aebb-1c2c9443c154 HTTP/1.1
Host: 127.0.0.1:8870

The Base Function in Api Gateway

alt tag

Silverwind has implemented the following functions:

  • IP Allow-and-Deny list
  • Authentication(Basic Auth,ApiKey Auth)
  • Rate limiting(Token Bucket,Fixed Window)
  • Routing
  • Load Balancing(Poll,Random,Weight,Header Based)
  • HealthCheck&AnomalyDetection
  • Free Https Certificate
  • Dynamic Configuration(Rest Api)
  • Dashboard For Silverwind
  • Monitoring(Prometheus)

Future

  • Protocol Translation
  • Caching