Frequently Asked Questions
General
How is Lunar Gateway different from API Gateways?
While both Lunar.dev and traditional API gateways serve as intermediaries in managing API traffic, they cater to different types of traffic and functionalities. API gateways primarily handle ingress traffic, which involves incoming requests directed to various backend services. They offer features like load balancing, error handling, throttling, caching, authentication, authorization, access control, and monitoring. In contrast, Lunar.dev is specifically designed to manage egress traffic, which is the outgoing API requests from your infrastructure to external services. The Egress API-Gateway by Lunar.dev focuses on optimizing, monitoring, and securing these outbound requests. It allows clients to manage API integrations without requiring code changes, thanks to its distributed architecture that uses micro-proxies and interceptors. Lunar.dev provides full visibility into egress traffic, including encrypted traffic, by intercepting it before encryption and securing it with up-to-date TLS versions. This approach contrasts with the centralized architecture of traditional API gateways, making Lunar.dev an innovative solution for managing external API consumption effectively.
How do Lunar Interceptors work?
Lunar Interceptors capture outgoing HTTP/S API requests from your application before they are encrypted. Here’s a brief overview of how they work and the significance of "before encryption":
- 1. Installation: Available as an SDK for seamless integration into your codebase or in Direct Mode, which routes requests through the Lunar Gateway without installation.
- 2. Configuration: Interceptors can be configured to handle specific API calls or all outgoing traffic, providing tailored control over API interactions.
- 3. Capture and Redirection: The interceptor captures API requests at the application layer and forwards them to the Lunar Gateway before they are encrypted.
- 4. Before Encryption: Capturing requests before encryption allows Lunar to analyze and optimize traffic. The Lunar Gateway then encrypts the traffic with up-to-date TLS versions before it leaves your infrastructure.
- 5. Routing: The Lunar Gateway processes the requests and sends them to their original destinations if needed, ensuring optimal routing and handling.
- 6. Fail-Safe Mechanism: If the Lunar Gateway fails, the interceptor reverts requests to their original state, ensuring continuity.
How is data protected from exposure in Lunar.dev?
Lunar.dev takes multiple steps to ensure data protection: Data Protection: Lunar ensures that no individual API requests, responses, or sensitive Personally Identifiable Information (PII) are routed to our SaaS infrastructure. All data processing happens within your cloud environment, protecting your sensitive information from exposure. Security of the Lunar Control Plane: The Lunar Control Plane collects summary information such as the number of API requests, error rates, and total API calls for monitoring and analysis. This information helps in understanding usage patterns, bug identification, and troubleshooting while ensuring that no sensitive data is collected. Metadata, policy configurations, and system telemetry are securely transmitted to Lunar.dev's backend for support and debugging purposes. Logs of Activity: Lunar does not collect logs of individual requests and responses or their content. Instead, we collect logs from the Lunar Gateway, such as error logs, system metrics, and configuration metadata, to help with monitoring and troubleshooting. This approach ensures that detailed activity logs containing sensitive data are not stored or processed by Lunar.
What is the traffic capacity of each Lunar Gateway?
Lunar Gateways demonstrate impressive handling of substantial workloads, achieving high requests per second (RPS) depending on the concurrency and core limits. Here are the benchmark results for different scenarios: With 32 concurrent connections and 1 core: 9,050.42 RPS for 2,500,000 total requests. With 64 concurrent connections and 2 cores: 16,550.48 RPS for 5,000,000 total requests. With 128 concurrent connections and 4 cores: 35,896.17 RPS for 10,000,000 total requests. With 256 concurrent connections and 8 cores: 84,867.79 RPS for 20,000,000 total requests. These results indicate that Lunar Gateways can efficiently manage high traffic volumes, scaling effectively with increased concurrency and core allocation.
Is Lunar Gateway built on an external solution?
Yes, the Lunar Gateway is built on an external solution, specifically, HAProxy Project serves as the foundation for the Lunar Gateway. The Lunar Gateway enhances this foundation using Golang for best performance, providing sophisticated API intermediation, policy enforcement, and optimization for interactions with external API providers.
How much latency does Lunar Gateway introduce?
The Lunar Gateway introduces a latency impact of up to 4ms at the 95th percentile and up to 9 ms at the 99th percentile. This minimal latency is considered negligible, especially when balanced against the benefits of using Lunar's Gateway for API calls.
What happens if we cannot access Lunar Gateway? Will the API calls still go through?
If access to the Lunar Gateway is not possible, the API calls will still go through. The Lunar Gateway includes a configurable fail-safe mechanism that ensures uninterrupted traffic flow. If the Gateway fails or exceeds timeouts, Lunar Interceptor will directly make the API call to the API provider, thereby preventing any data loss. This fail-safe mechanism includes a cooldown period after a set number of failed connection attempts, during which all traffic is directed to the original provider. This process ensures that there is no downtime or single point of failure and efficiently managing high traffic volumes, scaling effectively with increased concurrency and core allocation.
Why are some of Lunar features not functioning correctly?
If you're experiencing issues with Lunar features, it's important to check the Lunar logs for error messages or warnings. These logs can provide valuable insights into what might be causing the problem. One common step to diagnose issues is to adjust the log level.
Here's how you can do it:
- 2. Look for the relevant environment variable:
LOG_LEVEL
.- 3. Configure the log level as needed. The log level can be set to one of the following values:
DEBUG, INFO, WARN, ERROR
.Customize & Configure
How can I customize and activate Lunar plugins?
The policies.yaml file serves as the central configuration hub for Lunar, allowing users to define policies and customize diagnose, export and remedy plugins. Located in the
/etc/lunar-proxy
directory, it can easily be updated by running the apply_policies
command or by restarting Lunar.What happens if no plugins are defined in the policies.yaml file?
If no plugins are defined, Lunar Proxy will act as a regular API proxy, forwarding requests to the upstream server and returning the corresponding responses.
Can Lunar plugins be applied globally to all endpoints?
Yes, Lunar plugins can be defined in the
global
section of the policies.yaml file to apply them globally to all endpoints.Diagnose & Export Plugins
Does Lunar provide managed instances of Grafana or Prometheus?
No, Lunar does not offer managed instances of Grafana or Prometheus at the moment. It is assumed that users already have Grafana and Prometheus set up as a prerequisite for the Prometheus data exporter to work properly
What should I check if the obfuscation capabilities are not working?
Review the configuration in the policies.yaml file. Make sure the `obfuscate` parameter is correctly placed under the
Here's an example:har_exporter
configuration.diagnosis:
- name: "Export Obfuscated HAR Logs to S3"
enabled: true
config:
har_exporter:
transaction_max_size: 5000
obfuscate:
enabled: true
export: s3
Remedy Plugins
How can I identify if Lunar generated a response for a transaction?
To identify if Lunar generated the response for a certain transaction, you can check for the presence of the
x-lunar-generated-response: true
header in the response. If this header is included in the response, it indicates that Lunar processed the request and generated the response instead of forwarding it to the original API provider.What should I do if a remedy plugin is not working as expected?
If a remedy plugin is not working as expected, there are a few things you can check:Ensure that the remedy policy for the plugin is properly configured and associated with the relevant endpoints. Ensure that the endpoint URLs in the Verify that the parameter Check for any error messages or warnings in the Lunar logs that might indicate issues with the remedy plugin's configuration or execution. More information can be found on the Configuration page. If the issue persists, consider reviewing the Lunar documentation or seeking assistance from the Lunar support team to troubleshoot the problem further.
policies.yaml
file follow the correct structure. When defining URL patterns for remedies, consider using wildcards and path parameters appropriately to match the intended API traffic. enabled
for the remedy plugin is set to true
. If it's set to false
, the plugin will not be active and will not apply any modifications or actions.discover
command
Are there any additional configurations required to make the discover command work?
No, there are no additional configurations needed to obtain the metrics recorded during the discovery process. The metrics are presented via printed JSON and written into a local file for your convenience. Nevertheless, you must ensure your Lunar interceptor is working as expected.
The presented JSON is empty, what should I do?
If the presented JSON is empty, it means that no metrics were recorded during the discovery process. Ensure that Lunar Interceptor is properly integrated and traffic is being redirected to Lunar Proxy. Refer to the validation section for more information. Check for any error messages or warnings in the Lunar logs that might indicate issues with the remedy plugin's configuration or execution. More information can be found on the Configuration page. If the issue persists, consider reviewing the Lunar documentation or seeking assistance from the Lunar support team to troubleshoot the problem further.
In such cases, you can take the following steps:
Why do I see some old entries in the presented JSON?
The presence of old entries in the presented JSON could be due to the fact that the Lunar Proxy retains historical data until it is reset. In order to clear the old history from the JSON file, you need to reset the Lunar Proxy.