undefined | Better HN

0 pointssudhirj4y ago0 comments

For the most part, yes, everything makes sense. There are some things worth noting though:

> On ocassion, it breaks UDP protocols that are "connection oriented" (like QUIC and WireGuard, though both have built-in capabilities to recover).

Yes, and no, in that QUIC and WireGuard do work consistently, it's not that they break. But Fly doesn't currently offer UDP flow hashing or sessions or pinning.

> There is no way to pin traffic to VMs (route / client affinities) or shape traffic.

No, but the system is built to obviate the need for this — you can choose which regions your app runs in and Fly will balance them for you based on the strategy you choose. I'm not sure what benefit is being missed out on by not having it — if there is a clear benefit that's not achievable under the current design we can make a case for building it.

> 100+ locations with GA, and two Anycast IPs (in two distinct "zones").

Fly lets you allocate and buy more IPs under Anycast, so more than two should be possible. Regarding the 100+ locations, that's technically true but irrelevant — GA doesn't serve requests, so they still need to hit apps deployed on one of the AWS regions (usually provisioned and managed separately). With Fly your app is running on the edge regions pretty much automatically.

The closest alternative to Fly on AWS would be (1) Global Accelerator pointing at (20) Application Load Balancers in every region, each backed with (1+) Fargate containers maybe? Would also need Lambda triggers to turn off traffic to a region if it wasn't worth running containers there, and turn them back on again.

0 comments

rstupek4y ago

Could one run caddy and serve their own TLS termination?

sudhirjOP4y ago

Yes, it’s possible to ask for the raw connection to be passed to the application and self-manage TLS.