[Sandbox] Higress #445
Description
Project summary
An AI-native, high-performance API Gateway built on Envoy that unifies Ingress/Gateway capabilities and serves as a secure, Wasm-based successor to Nginx Ingress.
Project description
What it does:
Higress is a next-generation cloud-native & AI-native API gateway built on the Istio and Envoy core. It unifies traffic gateway (Ingress), microservice gateway, and AI gateway(LLM/MCP/Inference gateway) into a single control plane, reducing operational complexity.
Born from Alibaba’s internal massive-scale production (processing hundreds of thousands of RPS), Higress brings enterprise-grade stability, and Wasm extensibility (Go/Rust/C++) to the CNCF landscape.
Why it's needed:
-
The Safe Successor to Nginx Ingress: With Nginx Ingress entering "feature freeze" and facing retirement in 2026, the ecosystem needs a secure drop-in replacement. Higress is compatible with over 80% of Nginx Ingress annotations (e.g., rewrite, canary), allowing users to migrate without rewriting definitions. Crucially, it replaces Nginx's vulnerable configuration-injection model (snippets) with a secure, structured xDS control plane and Wasm sandbox, eliminating entire classes of CVEs (like CVE-2025-1974) inherent to legacy architectures.
-
AI-Native Infrastructure: Higress treats AI traffic as a first-class citizen. It natively supports the Model Context Protocol (MCP), enabling AI agents to securely call APIs. It introduces novel features like "Token-Bucket" rate limiting (limiting cost, not just QPS) and multi-model fallback/unification, standardizing how cloud-native apps consume LLMs.
Org repo URL (provide if all repos under the org are in scope of the application)
https://github.com/higress-group
Project repo URL in scope of application
https://github.com/alibaba/higress
Additional repos in scope of the application
- https://github.com/higress-group/higress-console (Visual Console)
- https://github.com/higress-group/wasm-go (Go SDK for Wasm Plugins)
- https://github.com/higress-group/higress-group.github.io (Website)
Website URL
Roadmap
https://higress.cn/en/docs/latest/overview/roadmap
Roadmap context
The roadmap is driven by two strategic pillars: "Safe Migration" and "AI Evolution".
- Present: Strengthening Gateway API support and Nginx Ingress compatibility to facilitate seamless migration for users affected by the Nginx Ingress retirement. Stabilizing the AI Gateway features.
- Future: Deepening support for the Model Context Protocol (MCP) to make Higress the standard entry point for AI Agents. Introduction of "Higress Agent" for autonomous traffic governance. Supports webRTC protocol to meet the real-time communication needs of AI scenarios
The project enforces strict version alignment between Open Source and Enterprise editions (feature parity in minor versions) to prevent "open core" lock-in.
Contributing guide
https://github.com/alibaba/higress/blob/main/CONTRIBUTING_EN.md
Code of Conduct (CoC)
https://github.com/alibaba/higress/blob/main/CODE_OF_CONDUCT.md
Adopters
https://github.com/alibaba/higress/blob/main/ADOPTERS.md
Maintainers file
Security policy file
https://github.com/alibaba/higress/blob/main/SECURITY.md
Standard or specification?
- Kubernetes Ingress API: Fully compliant implementation.
- Kubernetes Gateway API: Fully compliant implementation.
- xDS Protocol: Uses Envoy's standard dynamic configuration protocol.
- Proxy-Wasm ABI: Standard interface for Wasm extensions.
Business product or service to project separation
Higress is the upstream open-source core for Alibaba Cloud API Gateway.
- Separation: The open-source project contains the full feature set (AI Gateway, Nginx compatibility, Wasm engine, Console) and is fully functional for self-managed use. The commercial product adds value purely through managed operations (SLA, HA, multi-AZ) and cloud-specific integration, not by withholding core features.
- Governance: We follow an "upstream first" development model. Maintainers include engineers from multiple companies (Trip.com, NVIDIA) beyond Alibaba, ensuring the roadmap serves the broader community.
Why CNCF?
We are applying to the CNCF to provide a neutral, standardized home for critical infrastructure that solves two pressing ecosystem needs:
- The Nginx Ingress Vacuum: With Nginx Ingress retiring, the community needs a vendor-neutral, CNCF-governed replacement that is secure by design. Higress fits this role perfectly.
- Standardizing AI Traffic: We want to help define the "AI Gateway" pattern within CNCF, standardizing how cloud-native apps interface with LLMs and Agents (via MCP).
CNCF stewardship will assure global adopters of the project's neutrality and longevity, independent of any single vendor.
Benefit to the landscape
- Solving the Ingress Security Crisis: Higress provides a secure migration path for the thousands of users affected by the Nginx Ingress feature freeze/retirement. Unlike Nginx, which relies on vulnerable configuration snippets and Lua (shared memory risks), Higress uses WebAssembly (Wasm) for extension. This ensures memory safety and sandboxing, eliminating the class of "configuration injection" vulnerabilities that plagued Nginx Ingress.
- Filling the "AI Gateway" Gap: Existing gateways lack native abstractions for LLM traffic (tokens, model fallback, MCP). Higress adds these capabilities natively, preventing fragmentation where every user builds their own ad-hoc AI proxy.
- Advancing Wasm: By providing mature Go/Rust SDKs for gateway plugins, Higress lowers the barrier to entry for Wasm in the networking layer.
Cloud native 'fit'
Higress exemplifies cloud-native principles through:
- Declarative Config: Fully managed via K8s CRDs and Ingress/Gateway API.
- Immutability: Configuration updates via xDS (eventual consistency) without process reloads, solving the "traffic jitter" issue of traditional Nginx reloads.
- Observability: Native OpenTelemetry and Prometheus integration.
- Security: Adopts a "Zero Trust" architecture for extensions via Wasm sandboxing.
Cloud native 'integration'
- Kubernetes: The primary operating environment.
- Envoy & Istio: Higress is built on these cores, contributing performance fixes upstream.
- OpenTelemetry: Used for tracing AI and API traffic.
- WasmEdge/WasmCloud: Aligns with the CNCF's Wasm initiatives by using Wasm for data-plane extensibility.
Cloud native overlap
-
Ingress-NGINX: Higress serves as a functional successor. It differentiates by replacing the Nginx architecture (prone to reload jitter) with Envoy (hot-restart capable) and replacing the insecure Lua/Snippet extension model with a memory-safe WebAssembly (Wasm) architecture. This directly addresses the class of security vulnerabilities (e.g., configuration injection) that led to the Ingress-NGINX feature freeze.
-
Solo.io kgateway & agentgateway: While both ecosystems cover API and AI gateway use cases, they diverge in architectural philosophy. Solo.io splits the domain into two distinct data planes: kgateway (Envoy-based) for general traffic and agentgateway (Rust-based) for AI traffic. Higress differentiates by implementing a "Unified Data Plane" strategy. It handles Ingress, Microservices, and AI traffic within a single Envoy core, implementing AI capabilities (like MCP and Token-limiting) via high-performance Wasm plugins. This offers a simpler, single-stack operational model compared to managing dual data planes.
-
Envoy Gateway & Envoy AI Gateway: All share the Envoy foundation. Higress differentiates via its mature "Triple Gateway" scope—unifying K8s Ingress with non-K8s microservice registries (Nacos, Dubbo) which are critical for enterprise legacy migration. Unlike Envoy AI Gateway which is primarily a reference implementation, Higress is a battle-tested product powering massive-scale AI applications (like Tongyi/Qwen), featuring a complete administrative Console and a mature "Wasm-first" plugin marketplace.
-
Emissary/Contour: Functional overlap as Kubernetes Ingress controllers.
Similar projects
- Envoy Gateway (CNCF)
- kgateway (CNCF Sandbox)
- agentgateway (Linux Foundation)
- Apache APISIX (Apache)
- Kong (Linux Foundation)
Landscape
Yes, under API Gateway.
Trademark and accounts
- If the project is accepted, I agree to donate all project trademarks and accounts to the CNCF
IP policy
- If the project is accepted, I agree the project will follow the CNCF IP Policy
Will the project require a license exception?
N/A
Project "Domain Technical Review"
Not yet. We have presented the project to CNCF Executive Director Jonathan Bryce and received positive feedback.
Application contact email(s)
zty98751@alibaba-inc.com,huxing.zhx@alibaba-inc.com,tunan.wr@alibaba-inc.com
Contributing or sponsoring entity signatory information
| Name | Address | Type (e.g., Delaware corporation) | Signatory name and title | Email address |
|---|---|---|---|---|
| Alibaba Cloud | 969 West Wen Yi Road Yu Hang District, Hangzhou Zhejiang Province, China | Corporation | Xiangwen Liu(Vice President) | vicki.liuxw@alibaba-inc.com |
CNCF contacts
Jonathan Bryce
Additional information
- In addition to the official website higress.cn, Higress also has two other official domain names, higress.io and higress.ai, which we will donate to the foundation and unify the official website content (currently, higress.ai mainly contains AI gateway content, while higress.cn and higress.io mainly contain traditional API gateway content).
- After the application is approved, we will immediately transfer the main project repository from https://github.com/alibaba/higress to https://github.com/higress-group/higress.