Architecture upgrade:

1. Segregate codes into three different module:

    a. logic codes : which could be changed rapidly by requirement changed. e.g. API composite、API error handlers、business validation

    b. control codes: which could be complicated and more abstract but less rarely changed. e.g. sync、async、concurrent orchestration、networking flow

    c. operation codes: which could be tedious but can offer important info about service. e.g. logging,、metrics、healthy checks

2. Split codes vertically into three layer：

    a. access layer：provide edge functionality such as ： version control、black/white list、authentication/authorization、flow control、traffic shaping、fuzing and degradation、caching、encryption/decryption

    Can be implemented to pluggable pipeline filter.

    b. API layer：providing features like: API composite、API error handlers

    c. base common layer：providing common functionality

Codes upgrade:

1. define a unified code naming and package 

2. pluggable interceptor mechanism 

3. domain self-contained logic and data，not coupled with dependency（API was stable but backend was variable）

4. simple and expressive payload 

5. general invoking

Security upgrade:

1. common networking security check: implement check to protect such as xss、ddos、xsrf、relay attack

2. authentication and authorization check(4A): integration with Authentication/Authorization service to auth/auth request.(Spring security/Shiro/Oauth2)

3. data desensitization and data encryption

4. invalid request attack

5. black/white list

6. tenant resource validation：validate resource operation is only to specified tenant （can use unified resource_id to match with tenant_id）

7. other customized process：implement  customized process

Performance upgrade:

1. remove db sore:

    a. query by cache: multilayer cache: local cache(query frequently、small size) → middleware cache(redis data cache) 

    b. persist directly in cache( cache provider as persistent store( redis AOF) ): request → middleware store(redis persistent data) 

    c. async transmit data to db: middleware store(redis) →  message service → DB

    d. other cache data flow: db →  message service → middleware cache

2. reactive communication: spring webflux monos to support async IO transmit and non-blocking IO integrated with event based functional programming

3. async invoking: use netty to do async invoking with backend service (directly use netty or other tech like spring cloud gateway extension to do integration)

4. concurrent orchestration：use mono to implement concurrent orchestration

5. serialization/deserialization: use more sufficient mechanism such as protobuffer、avro

6. data/cache pre-processing: pre construct static data/cache or half data

7. aggregate query：use batch query when big traffic with same kind of query request（need backend service support）

Stability upgrade:

1. limitation：rate limitation、fuzing and degradation、dynamic timeout mechanism

2. segregation：API、 API group、API module segregation with different in-service mechanism like semaphore、thread pool or alone service segregation

3. queued processing：queued data to post process and notified to front end

4. fail-fast mechanism style：use fail-fast mechanism style to avoid more unused traffic transmitted to backend service

5. retry/timeout mechanism：refactor retry/timeout mechanism to implement auto adjust retry policy/timeout value based on (a. config  b. avg timeout rate statistics) which avoid high latency backend service traffic

6. cache penetration：use different methods to protect penetration such as bloom filter、empty data caching

Operation upgrade:

1. health check: customized health check mechanism integration with Service discovery system and Load balancer

2. metrics ：integration with Metric monitor system /Alarm system like Prometheus

3. tracing：integration with Distributed Tracing system like Zipkin、Cat

4. logging：integration with logging aggregation center like ELK

5. dynamic configuration/switch: integration with config center like Spring Config Server

6. exception：integration with exception management system like Sentry to do alarm or other error process

7. auditing：implement auditing functionality