/plushcap/analysis/fly-io/jit-wireguard-peers

JIT WireGuard

What's this blog post about?

Fly.io uses containers transformed into VMs with the help of Firecracker alchemy, running them worldwide. They extensively use WireGuard in their customer API. The company has made recent improvements to make WireGuard faster and more scalable for its users. One issue they faced was NATS not guaranteeing delivery, leading to unreliable gateways. Another problem was the accumulation of stale peer connections on the gateways, slowing down kernel operations. To solve these issues, Fly.io implemented a system where peers are only added to the kernel when clients want to connect and can be removed easily. This has led to faster connection setups and reduced state held by gateways.

Company
Fly.io

Date published
March 12, 2024

Author(s)
Lillian Berry

Word count
1681

Language
English

Hacker News points
485


By Matt Makai. 2021-2024.