New Feature: Application Private IPs

In your org’s private network, instances of your application communicate directly with each other. This traffic doesn’t benefit from load balancing, rate-limiting or other proxy features, because it doesn’t go through fly-proxy, our internal proxy. But as of now, you can route internal traffic via fly-proxy and get all that proxy goodness, by assigning private IPV6 addresses to your applications. We’ve even come up with a great name for them, Flycast IPs

The command in flyctl to allocate a Flycast IP is

flyctl ips allocate-v6 --private

Allocated application private IPs show up in flyctl ips list . Their type field will be set to private

v4       	public 	global	2022-07-05T21:44:44Z
v6     	2a09:8280:1::6:4fc4	public 	global	2022-07-05T21:44:54Z
v6     	fdaa:0:XXXX:0:1::2 	private	global  2022-06-21T08:45:56Z

Yes, we know it’s confusing that it doesn’t show in flyctl ips private. We’re working on improving the UX.

We’re planning on making improvements to this feature. At present, you cannot send traffic to Flycast IPs from your personal device when connected to WireGuard. We also don’t automatically generate DNS records for these IPs. However, you can do this yourself if you own a custom domain.

We’ll get those features out to you soon though! In the meantime, give it a try and let us know if you run into any issues.


Do the internal proxies have the same limitations as external proxies? e.g. timeouts

All traffic to fly applications over public IPs goes through the internal proxy. You can expect the same behaviour for your private traffic if you use flycast IPs. Speaking to timeouts specifically, we do have them. If no data is sent for 60 seconds, we close the connection.

Are there any plans to offer load balancers (even if its an extra cost) that don’t have the limitations of the fly proxy?

At the moment we don’t have any plans for that. Interested to hear what issues you’re running into caused by fly proxy?