Outbound IP for services that don't have a external port defined

One of my apps calls out to an API that is rate-limited to 5 calls / second / IP address. I’ve been trying to find out what the outgoing / outbound IP of the app is as this is a worker that doesn’t expose an external port to reduce attack surface.

In the case of a app that doesn’t expose any public ports (and as such isn’t assigned an inbound IP address), does the app still use a single IP address? Or is the outbound traffic spread across multiple IPs? I checked here but couldn’t find anything on this specific point.

My goal ideally is to maximise the rate-limit, so if there’s a way I can attach 2 or even 3 IPs to an app, I can write the app to load-balance the calls to the API across those 3 IPs and get higher throughput.

Hey! When your applications make independent outbound connections, they’re mapped to a shared pool (worker-specific) of addresses.

Give me a bit to explore options for this (or let other people on the team chime in) that are simpler than just running a shared-cpu instance in another region, which would be my brute-force way of addressing this problem but is probably not the best.

1 Like

Pinging this thread.
I have an app on Fly (currently in one region) that can take incoming requests on public ports and has a static IP (v4 and v6 actually), and this app needs to interact with a remote, rate-limited service.

I’d also like to know: can I purchase 2 more IPs and attach to this app in this region, so to be able to use the 3 IPs for outbound requests with the objective to not run into that remote server’s rate limit?

For my app it’s fine to have the behaviour that the app sends the outbound request from the same IP that it received the incoming request to the app.

1 Like