Hi folks, In both v1 and v2 versions of APISIX, the same port (9080) is reused for both the DP and CP sides.
Although the deployment architecture diagram of APISIX clearly distinguishes the respective responsibilities of DP and CP. However, many open source users are not aware of the API gateway architecture and network security knowledge and use the APISIX default behavior - DP and CP share the same port. Since these users never realize the importance of the separate deployment of DP and CP in their usage, when the DP side and CP side share the same security policy, such as both facing the public network, this will lead to increased security risk on the CP side. Recall that several APISIX-related CVEs are related to the exposure of the CP side. So here I would like to propose a breaking change: change the default behavior of APISIX so that the DP side and CP side no longer share the same port by default; the DP side will continue to use port 9080 by default, and the CP side will use port 9180 by default. Would love to hear from you. *ZhengSong Tu* My GitHub: https://github.com/tzssangglass Apache APISIX: https://github.com/apache/apisix
