Writing about WireGuard

Hello FlyFriends! I’m on the dev team here.

My workflow sort of oscillates between building stuff, having my brain overheat, and then taking a break to write a long blog post about the technology we’re using. The next thing I’ll be writing about is WireGuard.

I’m probably many days away from my brain overheating[1] to the point where I’ll be forced to start writing a blog post again, but if there are particular things y’all would like to know about the encrypted network mesh we use to relay edge traffic to your Firecracker VMs, I’m happy to add those things to my to-do list. If the to-do list gets interesting enough, I’ll probably start writing sooner than later.

[1] though: I am writing ioctl code in Rust right now, so I may be overestimating my cooling capacity

I’m super looking forward to this post. What are you folks using to manage wg keys across the fly fleet? Why use wireguard over nebula or some out of the box mesh? Is it wg to the internal network of the deployment POP or wg to the Firecracker VM itself per customer?

As for brain cooling… A bag of frozen peas helps. It did on my Intel P4 servers back in the day.

We do cinema content distribution worldwide, and one of our plans is to make wireguard networks of all our equipment in each theatre. They’d all need to pull movies from our central repository, and we should be able to see all of them, but the devices in one theatre shouldn’t be able to see or talk to those in other theatres.

Will be looking for forward to see how Fly is / can do app networks where the containers of an app can see and talk to each other and to the control plane without interfering with other apps. Lots of similarities there.