Fly.io + RDS & Elasticache

Questions / Help
5

I was able to follow the wireguard guides along with rds-connector/main.tf at main · fly-apps/rds-connector · GitHub to set up an EC2 (t2.micro, but I’m unsure how big it needs to be) with HA Proxy on it.

I’ve got connectivity working, but this is adding about 40ms of latency to all database queries.

My wireguard connection name is aws-us-east-1 and I have Rails using aws-us-east-1._peer.internal:5432 as the database server host. My Fly wireguard and Fly app is in iad and my AWS environment is in us-east-1.

Here’s my HA Proxy config (with exact domains anonymized). The top few sections were default. I added the listen sections.

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    tcp
        option  tcplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000


listen redis-noeviction
  mode tcp
  bind :::6379 v4v6
  server r1 my-redis.use1.cache.amazonaws.com:6379

listen redis-lfu
  mode tcp
  bind :::6380 v4v6
  server r1 my-redis-lfu.use1.cache.amazonaws.com:6379

listen elasticsearch
  mode http
  bind :::9200 v4v6
  server e1 my-elasticsearch.us-east-1.es.amazonaws.com
  option httplog

listen postgres
  mode tcp
  bind :::5432 v4v6
  server pg1 my-postgres.us-east-1.rds.amazonaws.com:5432

@jsierles had helped me debug the HA Proxy script, which I mistakenly didn’t have using IP v6 before.

This comment from @kurt made me think that I should expect like 1ms of latency, not 40ms.

Is there something I’m doing wrong that’s causing 40ms of latency? That’s a lot for a database connection.

@ryansch what kind of latency do you experience? And what regions are you in (Fly and AWS)?

1 Like