.flycast vs .internal

guyot · March 15, 2025, 4:46pm

Hi all, been exploring Fly recently and so far I’m very excited about what I’m seeing. I’m planning to proceed with migrating an initial small application (a few microservices, one exposed to public and others only private) over to Fly.

I’ve noticed private networking is exposed through both .flycast and .internal addresses. I’m trying to determine which of these I should use for my internal networking. So far I see the following pros/cons (I know both do a lot more, but I’m specifically thinking of what I want for my pretty straightforward use case here):

.flycast:

Pros:
- Handles autostart/stop so internal services can also autoscale to 0 when not in use.
- Handles load balancing between groups of Fly Machines, including giving preference to geographically closer machines.
Cons:
- Potentially slightly increased latency due to an added proxy layer between my requests.
- Have to manually allocate one for each internal app.

.internal:

Pros:
- Connection occurs directly from machine-to-machine, presumably meaning less latency for internal requests.
- Built in for every app, so no need to do the extra allocation step.
Cons:
- My internal machines must be running at all times to accept .internal requests, so no autoscale to 0 support.
- Does not automatically handle load balancing between machines, meaning it’s left up to me (or whatever DNS library I’m using) to manage the intricacies of multiple IPs being returned, as well as managing prioritization of geographical closeness.
  - The geographical part may be mitigated via the top<number>.nearest.of.<appname>.internal address formatting, but that’s still some degree of management (choosing the <number> field) that I think .flycast addresses handle for me.

Looking at this list, it seems like .flycast is almost an explicitly superior option as long as I’m okay with an extra proxy layer between my internal services (I am). Does that ring true to others? Is the happy path for most users to just allocate a Flycast address for every internal app and only use that, or am I missing a gotcha here? (And if that is the happy path, why are Flycast addresses not allocated by default?)

Thanks for any insight!

guyot · March 15, 2025, 4:57pm

Ah, I thought I’d made it through all my open tabs before asking this but I had missed this very important one: Run private applications with Flycast

Reading through that, it sounds like I am generally correct that the core difference between whether you should use .flycast or .internal is whether your private fly app should be allowed to scale to 0 or not.

I’m still very interested if anyone has further nuance or insight beyond that key point.

lillian · March 15, 2025, 5:22pm

that’s about right! .flycast gets you the power of fly-proxy, same as for publicly exposed apps; .internal gives you direct connections to each machine to do with as you wish.

one point in favour of .internal may be that flycast only supports TCP and not UDP.
on the other hand, .flycast lets you assign IPs in a different network or organization than the target app, allowing one-way communication between different environments without making the app public to the entire internet.

system · March 22, 2025, 5:22pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Process Groups and Internal Networking Questions / Help	6	750	December 1, 2022
New Feature: Application Private IPs	11	1949	December 22, 2023
exposing service publicly and internally Questions / Help wishlist , autoscaling , proxy	4	79	January 9, 2025
looking for some general guidelines for app deployment on fly	6	471	June 17, 2023
"Fly-Region" on internal-to-internal http request Questions / Help wishlist	1	537	October 12, 2022

.flycast vs .internal

Related topics