Routing Outgoing Traffic through Specific IP Addresses

Hi All,

So if my understanding is correct your fly app has multiple IP addresses attached, using something simple like curl how can I send an outgoing request from a specific address?

I’m new to docker, sorry if this is the wrong place to ask.

–Thanks, Linden.

The IP addresses on Fly are more for incoming connections at this point, I don’t think believe it’s possible to control which IP address connections go out from.

Let me double check with the team and get back to you, but the default use of IP addresses on Fly is to route requests into your app. Your app might run on any one of the many Fly servers internally, so it’s harder to control that IP address.

From what I gather from answers given in this post by Thomas, UDP packets attempt to take the same route out from which they came in, and only in one exceptional case (where the app-worker loses routing state), are they DSRd (direct server return).

TCP (and http/1 | http/2) connections are statefully proxied e2e, so route-deviation isn’t possible unless the proxies themselves are truly distributed and capable of handling connection migrations (unlikely).

Hey @sudhir.j, any word from the team?

@Linden As of now we don’t have a way to choose which IP address a given connection is made from.

Replies to coming requests will return, regardless of protocol, on the Anycast address the request came in on (naturally).

But the question here seems to be about the source address attached to requests made from the instance — not proxied connections from our Anycast CDN.

For those requests, you don’t currently get any control over the source address, and it’ll be unrelated to any address assigned to your application.

2 Likes

I’ve also run into the same problem, where I need my outgoing IP to be predictable and for return traffic to be able to be initiated back into the application using its outgoing IP.

If there are any plans in the future to allow for outgoing traffic to use the application’s IP, I’d love to be included in a beta :grinning_face_with_smiling_eyes:.

@kurt Are there any plans to support control to choose the outgoing IP to be the applications incoming IP for those of us who need outgoing and incoming to be on the same IP?

What are you trying to do exactly?

The incoming IPs are load balancer IPs. There’s almost no way to connect out over a load balancer IP (this is true of most clouds). Do you need to connect out from the exact same IPs that receive traffic, or just connect out from IPs that don’t change?

I need to connect out from the exact same IPs that receive traffic, so that a peer that receives my connection on IP A, can connect back to me on IP A. The allowed_public_ports feature would work but unfortunately I need IPv4 support.

I was trying to stand up a Stellar validator across a few regions.

(Stellar is a blockchain, but the validator software is not a miner and receives no incentives from running.)

1 Like