Higress enters the CNCF Sandbox as an API gateway with the aim of consolidating multiple layers of traffic. The key question is whether this reduces complexity or merely shifts it elsewhere.
Systems begin to degrade when the traffic management layer becomes fragmented. Ingress operates separately, the gateway for microservices operates separately, and solutions for AI workloads operate separately. Each layer adds its own configuration, security policy, and lifecycle. As a result, operational overhead increases, and the likelihood of desynchronization rises. The original text explicitly states that Higress aims to address this issue—consolidating several types of gateways into a single management model.
The chosen approach is a unified control plane over Envoy and Istio. This is a pragmatic choice: both components are already widely used and cover basic routing and service mesh tasks. Higress adds an abstraction layer above them that conceptually unifies:
- traffic gateway
- microservices gateway
- AI gateway
The trade-off here is evident. On one hand, the number of disparate components is reduced. On the other hand, a more complex centralized layer emerges, which becomes a critical point of the system. Such a layer must be resilient to increased load and configuration changes.
The implementation relies on WebAssembly (Wasm) as an extensibility mechanism. This allows for the introduction of custom logic without altering the core of the proxy. In the context of a gateway, this is important: policies, filters, and AI request processing can evolve rapidly. It is also noted that the system has been tested in production environments with high loads, but specific metrics (latency, throughput, error rate) are absent from the original text. This limits the ability to assess the actual effectiveness of the architecture.
A separate aspect is the use of Higress as an AI gateway. The text mentions its application for AI Agents and MCP services, as well as the emergence of projects built on top of it. This indicates an attempt to integrate AI traffic into the existing API infrastructure rather than building a separate stack. This approach reduces duplication but requires careful resource management and traffic prioritization.
As a result, Higress appears to be an evolutionary extension of the classic API gateway towards AI workloads. Entry into the CNCF Sandbox is an early stage. There is no data on performance or comparisons with alternatives. The main value at this point lies in the architectural idea: to consolidate disparate gateway patterns into a unified model and manage them through a common control plane.