About Solo Enterprise for agentgateway BETA
Solo Enterprise for agentgateway is an enterprise-grade, highly available, highly scalable data plane that provides secure AI connectivity for agents, tools, LLMs, and inference workloads in your cloud-native environment. Designed and engineered to meet the unique requirement of AI and agentic workloads, Solo Enterprise for agentgateway provides context-aware networking capabilities in Kubernetes. Solo Enterprise for agentgateway is based on the agentgateway open source project.
Solo Enterprise for agentgateway requires a separate license and is not included in the Gloo Gateway license. To obtain a license, contact your account representative.
Solo Enterprise for agentgateway is a beta feature. For more information, see Alpha and beta release process.
Why Solo Enterprise for agentgateway?
To understand the benefits of Solo Enterprise for agentgateway and why you should use it, let’s dive into how agentic AI environments work, the challenges they come with, and why traditional gateways fall short of solving these challenges.
About MCP and A2A
With agentic artificial intelligence (AI) changing the way organizations build and deliver applications, organizations face the challenge of rapidly adopting new technologies and interoperability protocols to connect agents and tools in fragmented environments. Because AI agents and tools can be built with different frameworks, and access different APIs and data sources, standardizing the way agents and tools communicate with each other is essential to further accelerate agent development.
Model Context Protocol (MCP) and Agent-to-Agent (A2A) are the leading protocols for enabling communication between agents and tools. MCP helps to retrieve and exchange context with Large Language Models (LLMs) and connect LLMs to tools. On the other hand, A2A solves for long-running tasks and state management across multiple agents. MCP and A2A are both JSON-RPC protocols that define the structure of how an agent describes what it wants to do, how it calls tools, and how it hands off tasks to other agents.
Challenges with MCP and A2A
While MCP and A2A define the RPC communication protocol for agents and tools, they currently do not address real-world, enterprise-level concerns.
Agents typically do not operate in isolation. Instead, they interact with each other (agent-to-agent), with internal systems (agent-to-tool), and external or foundational models (agent-to-LLM). These interactions are often dynamic, multi-modal, and span organizational and data boundaries.
Such long-lived interactivity creates new vectors for risk and complexity, including:
- Security: How to handle authentication, authorization, and auditing of agent interactions across tools and services?
- Governance: How to enforce policies across autonomous workflows, such as data residency or access control?
- Observability: How to gain visibility into what agents are doing, when, and why?
- Scalability and performance: How to ensure low latency while securely handling retries, timeouts, and failures?
Solo Enterprise for agentgateway is designed to tackle these challenges at its core with built-in security, governance, and observability for all MCP and A2A communication between agents, tools, and LLMs.
Traditional gateways vs. agentgateway
Traditional API gateways, reverse proxies and AI gateways, such as Envoy, were built and optimized for RESTful microservices architectures where the gateway receives short-lived HTTP requests from a client, decides on a backend, and forwards the request to that backend. Typically, no session context or ongoing connection state is required in these cases.
MCP, by contrast, is a stateful protocol based on JSON-RPC with its own semantics for how to retrieve and exchange context with LLMs. MCP clients and servers must maintain long-lived sessions where requests and responses are sent constantly. Every request and response must be tied to the same session context. In addition, MCP servers can initiate messages back to the client asynchronously, which makes keeping track of all stateful sessions challenging.
A single client request, such as to list all available tools, might require the proxy to access multiple backend MCP servers, aggregate the responses, and return a single coherent result. In addition, clients might not have access to all the tools that are available on the server. The proxy must be capable to dynamically adjust its responses on a per-session basis and map each client session to the backend servers it is allowed to access.
Traditional gateways were not designed and built to support the session and message awareness that is required to properly handle stateful, session-based, and bidirectional communications. In addition, these communication patterns are very resource intensive and can quickly overwhelm traditional gateways leading to performance impacts or even failure. Without major re-architecture, traditional gateways cannot support the rise of agentic AI use cases.
In contrast, Solo Enterprise for agentgateway provides secure, scalable, and stateful connections between AI agents, MCP servers and tools, and LLM providers. You get enterprise-grade security, observability, resiliency, reliability, and multi-tenancy features. This way, Solo Enterprise for agentgateway addresses common gaps with traditional gateway proxies or protocols like MCP and A2A. With Solo Enterprise for agentgateway, you can quickly adopt and scale your agentic AI environments.
Differences from open source
Solo Enterprise for agentgateway is a hardened, production-ready version of the agentgateway open source project with enterprise-grade features and support. Features related to A2A, MCP, and LLM areas are marked with the corresponding badge.
| Feature | Enterprise | Open Source |
|---|---|---|
| AI-native gateway proxy | ✅ | ✅ |
| A2A protocol support | ✅ | ✅ |
| MCP federation and multiplexing | ✅ | ✅ |
| All MCP transports (stdio, streamable HTTP) supported | ✅ | ✅ |
| MCP authentication proxy | ✅ | ✅ |
| Secure connections to MCP servers over HTTPS | ✅ | ✅ |
| Expose OpenAPI endpoints as MCP servers | ✅ | ✅ |
| Support for all major LLM providers | ✅ | ✅ |
| Unified LLM API across all providers and models | ✅ | ✅ |
| Prompt guarding & enrichment | ✅ | ✅ |
| Centralized credential management | ✅ | ✅ |
| Cost control and attribution for LLM access | ✅ | ✅ |
| Support for OpenID Connect | ✅ | ✅ |
| Support for JWT-based authentication | ✅ | ✅ |
| Support for JWT claim-based authorization | ✅ | ✅ |
| Basic authentication, authorization and access controls | ✅ | ✅ |
| Local request- and token-based rate limiting for consumption controls | ✅ | ✅ |
| Traffic management such as request matching, header manipulation, external processing, and transformations | ✅ | ✅ |
| Grafana dashboard with insights into gateway performance, latency, and translation/reconciliation times | ✅ | ✅ |
| Built-in OTel pipeline for advanced observability and distributed tracing | ✅ | ✅ 1 |
| Deploy on Kubernetes or OpenShift | ✅ | ✅ 1 |
| Intelligent routing for self-hosted models with Inference Extension support | ✅ | ✅ 1 |
| Advanced authentication, authorization and access controls | ✅ | ❌ |
| On-behalf-of identity for secure agent-to-agent and agent-to-MCP tool communications | ✅ | ❌ |
| Support for secured MCP-to-backend communication using URL elicitation | ✅ | ❌ |
| Global request- and token-based rate limiting for consumption controls across requests | ✅ | ❌ |
| Sticky sessions | ✅ | ❌ |
| Advanced UI with networking resources, tracing, dashboard and playground | ✅ | ❌ |
| Ambient waypoint for east-west traffic and policy enforcement | ✅ | ❌ |
Specialty builds for n-3 LTS version support, security patches, FIPS, and compliance requirements | ✅ | ❌ |
| Dedicated enterprise Slack channel | ✅ | ❌ |
| 24x7 production support and one-hour Sev 1 response time availability | ✅ | ❌ |
Key features
Review common agentic AI use cases and how Solo Enterprise for agentgateway helps you to solve these.
LLM consumption
- Secure provider access: Solo Enterprise for agentgateway secures keys in centralized storage, integrates with enterprise IAM, and supports multiple auth protocols (API key, JWT, OAuth/OIDC) to secure access and implement fine-graned authorization.
- Prevent data leaks: Enforce inline protections on prompts and responses. Solo Enterprise for agentgateway allows you to integrate with moderation endpoints and to set up custom semantic guardrails.
- Context-specific telemetry: Monitor LLM performance, and audit LLM activity and cost in your environment with real-time logging, detailed consumption metrics, and end-to-end tracing.
- Control spending: Apply request and token-based rate limits to LLM requests so that you can prevent hitting provider limits or overrunning budget allocations.
- Model failover: Seamlessly transition between models and providers to optimize for performance, availability, and pricing.
To learn more, see the LLM consumption guides.
Inference
- Context-aware model routing: Solo Enterprise for agentgateway delivers context-aware model routing that understands request metadata and dynamically directs traffic to the right model, including fine-tuned model instances.
- Isolate fine-tuned models: Support intelligent routing to fine-tuned models and ensure that specific users and use cases are routed to the optimal model that can satisfy their request.
- Manage infrastructure cost: Route to defined inference pools that map to the underlying infrastructure. Solo Enterprise for agentgateway integrates with
llm-dto allow for smart routing across prefill and decode stages, isolating compute and memory-bound operations to extract maximum efficiency from GPUs. - Fast and responsive clients: Get access to real-time inference metrics so that you can dynamically route requests to modes with available capacity. This way, you can significantly reduce latency and time-to-first token while improving overall responsiveness.
- Priority scheduling: Set policies for each use case and model so that mission-critica requests are always served first.
To learn more, see the Inference routing guides.
Agent and MCP connectivity
- Comprehensive tool server security: Integrate with enterprise IAM to enforce tool server authentication, authorization, and sandboxing.
- Centralized registry: Federate tool servers into a central tools registry that is exposed as a single, virtualized MCP tool server to clients.
- Principle of least privilege: Solo Enterprise for agentgateway selectively exposes tools based on defined policies, dynamically adjusting discovery and access so agents only see the tools they’re authorized to use. This minimizes confusion while isolating tool servers for security and stability.
- Full visibility into agent and tool interactions: Solo Enterprise for agentgateway delivers centralized telemetry collection and reporting with deep metrics, logging, and tracing for every agent or tool interaction.
- OpenAPI integration: Automatically import and expose REST APIs as tools by using the OpenAPI integration. This way, agents get secure, observable, and governed access without additional coding.
To learn more, see the MCP and Agent connectivity guides.
More considerations
Review the following considerations for using Solo Enterprise for agentgateway.
Differences from the Gateway API:
- Attaching a TrafficPolicy to a particular route via the
ExtensionReffilter is not supported. Instead, use the HTTPRoute rule attachment option to apply a policy to an individual route, which requires the Kubernetes Gateway API experimental channel version 1.3.0 or later.
Differences from Envoy-based kgateway proxies:
- Envoy-specific filters for features such as health checks, TLS, or access logging in HTTPListenerPolicy and BackendConfigPolicy are not supported.
- External processing (extProc) in GlooTrafficPolicy is not supported.
- Dynamic Forward Proxy (DFP) is not supported.
- Header modifier filters in GlooTrafficPolicy are not supported. You can still use header modifier filters in the Gateway API-native HTTPRoutes.
- Retries and timeouts are not supported.
- Transformation policies are expressed in Common Expression Language (CEL), as opposed to Inja templates for Envoy-based kgateway proxies.
- In transformation policies, pseudo headers and response-based transformations are not supported. Also note that the
parseAsfield is not supported, but you can use thejson()function directly in CEL expressions instead.