Konnect Architecture

The Kong Konnect platform provides several hosted control plane options to manage all service configurations. You can use one or more of the following control plane options:

• Kong Gateway
• Kong Ingress Controller
• Kong Mesh

The control plane propagates those configurations to the data plane group, which is composed of data plane nodes (and in the case of Kong Mesh proxies). The individual nodes can be running either on-premise, in cloud-hosted environments, or fully managed by Kong Konnect with Dedicated Cloud Gateways. Each data plane node retains the configuration in-memory, ensuring efficient and reliable service management across deployment models.

Figure 1: Diagram of Konnect modules.

Data plane nodes listen for traffic on the proxy port 443 by default. The Konnect data plane evaluates incoming client API requests and routes them to the appropriate backend APIs. While routing requests and providing responses, policies can be applied with plugins as necessary.

For example, before routing a request, the client might be required to authenticate. This delivers several benefits, including:

• The Gateway service doesn’t need its own authentication logic since the data plane is handling authentication.
• The Gateway service only receives valid requests and therefore cycles are not wasted processing invalid requests.
• All requests are logged for central visibility of traffic.

Try it for yourself! Get started with Konnect for free today.