How do Regional IPs function?

I see that these are available from Regional IP address available yet? - General -, but I assume they are still not self-service.

How do these function? Does an app get one global AnyCast address and then regional addresses for each region we request, or doe the regional addresses completely replace the global address?

I’m trying to implement a distributed webrtc system. It works well on fly, but one issue I have is pointing to specific nodes in the cluster for ICE candidate offers. The way I’m getting around this at the moment is multiple apps, one per region, and then one additional app that I run haproxy on. haproxy sends the signaling to the separate app instances who can then respond with “unique” IPs that webrtc clients then connect to directly w/ UDP.

Ideally I’d be able to offer a unique IP per actual instance, but per-region would probably be plenty for the foreseeable future. I’d still like to have a global anycast address that would assist with routing the connections to the nearest location for signaling, though.


Regional IPs work through the API, but we haven’t added support to flyctl yet. If you feel like playing around you can check out the allocateIpAddress mutation on GraphQL Playground

Apps can have one or more IPs, you add regional ones alongside the global one (or remove the global ones, it doesn’t really matter). The regional IPs are only routed in specific regions, but otherwise work exactly the same.

You can use these the way you’re suggesting! The only issue is, these IPs can hit VMs in other regions if the VM in the same region is loaded up or failing health checks.


Great! I got that working.

Is there an easy way to query for these addresses from a node? Like dig <region>.<app-name> I’d like to be able to set it dynamically at runtime of a node.

Is there a way to add certificates for regional IPs? For example, I want to have: → global IP → sea regional ip → lhr regional ip

Right now, the global IP is working fine, but the regional hostnames are stuck in Awaiting configuration, so I assume it isn’t happy with the DNS being set to the specific regional IP.

1 Like

You’ll need to add a regional IPv6 and add an AAAA record to get certificates to validate. We only validate against IPv6 because we can ensure no one else ever gets the same IP.

Ah! That makes perfect sense. Thanks!

Is there any chance more regions are coming with regional IP support? Or, better yet, an option for linking an IP directly to an instance?