api gateway: single point of failure or necessary evil?

hey everyone, im wrestlin with the decision of whether to implement an api gateway for our growing set of microservices. on one hand, it seems like a great way to handle cross-cutting concerns like auth, rate limiting, and routing. but on the other hand, if that gateway goes down, our entire system is toast, right? how are you all managing this potential single point of failure? are there strategies or architectures that mitigate this risk effectively