1000 request/s is $0.05/s. 86400s/day * 30 days * $0.05 -> $129.6K/30d. 1k req/s is not that uncommon either. And that's before 'paid middleware'!
APIs and sites that'd truly benefit from this are immediately priced out.
I see why you priced it the way you did (gotta start somewhere with such a large upfront investment if you're not using cloud capacity), but you aren't exactly going to get any large customers with numbers like that. Project it to when you have ~500k req/s going through your service (778M ARR!): you cannot expect to still be making $0.05/1000 requests.
To put it into perspective, costs to call S3 are 10x-100x cheaper (GETs are 0.004/10000, PUT/POST/LIST/COPY is 0.005/1000) and S3 arguably does a lot more per request.
I really want to like it. The service sounds _awesome_, don't get me wrong. I'm a huge nerd for smart loadbalancing. I've written more loadbalancing code than I care to admit, but the economics just aren't there for me to even consider adopting your service. It's a lot cheaper for me to keep a pool of nginx servers in AWS regions around the globe with pre-established TLS connections back to the home DCs for much of the benefit fly.io brings.
Can we tweak the wording to clarify what we mean? We'll add examples, too. I really hate opaque pricing and wanted to make this as simple to understand as possible.
1000 req/s * 86400s * 30d / 1000 * 0.05 = 129600
It's only $129/mo if it's 0.05c and not $0.05, which is not what the website says.
This is not meant to slander Fly, and I'm sure the devs have all the best intentions in the world, but the internet will only become more brittle the more services like this or CloudFlare become the arbiters of vast swaths of TCP packets.
Unfortunately, setting servers up across the world is really complicated and expensive. There's a definite trade off — we want to make this kind of power accessible to every developer, and running shared infrastructure is the only way we've found to do it.
I do think apps are more secure by default running through fly than most load balancer services. Traffic between visitors and our edges is SSL (unless a customer opts out, at which point we nag them), application processes establish a secure tunnel back to our edge nodes to handle traffic. There are no network hops between fly and customer apps that happen in the clear.
Replicating this with a normal load balancer setup means handling SSL termination for visitors and terminating SSL with client cert verification between load balancers and app servers. It's a pain, and most people don't get it right because it's too finicky.
But I don't want to disregard your concern either. It's definitely something we think about a lot. We would like to figure out a way to offer all of this power easily, cheaply (for developers), and in a way that is entirely opaque to us. As soon as we figure out how, we will.
On the other hand I've also built Cachoid ( https://www.cachoid.com/ ), which is somewhat federated like Fly's but for website acceleration and performance for WordPress, Drupal, landing pages etc. We do have the option to spin a dedicated routing layer with Cachoid, which sort of addresses the shared/neighbor bleeding issue CF suffered from.
But I still don't think decentralized is the ultimate answer to security. Although I realize that the impact could be minimized greatly.
We've been shipping apps for many years now, and every time around we're frustrated by a rudimentary routing layer. We think a proxy/CDN can do a lot for devs, and Fly is an early look at the power a smarter routing layer can give to developers.
Fly connects visitors directly to apps, handles all the chores, and provides edge-level middleware to help devs ship features faster. It's designed to run in place of local load balancers like nginx and haproxy, and works as both a load balancer and CDN for dynamic apps (we have servers in 6 datacenters, more soon).
For me, the most interesting part is the middleware, and this is what we expect to really matter long term. You're probably familiar with local app middleware to provide auth, modify content, do analytics, etc, etc. Most of these can actually run at the edge, and Fly currently has middleware for:
* Server side Google analytics
* Identity Aware Proxy (require auth to even load an app)
* Geo data / connection speed information as headers
* Session cookie knowledge
* Routing rules
You can mix and match these. If your app is getting DDoS'ed from a botnet in China, for example, you can use the geo data middleware + a routing rule to send all traffic from China to a higher capacity. backend. Or, you can extract a user_id from session cookie and send it to Google analytics. Or, send authenticated users to one backend (like your app) and anonymous users to another (like a static site hosted in GH pages).
This is something we've wanted for a really long time, we've worked on Ars Technica, Compose, and even a bunch of low volume apps that would have been better with a service like this. Traffic routing is really powerful if applied properly, and we're hoping to give any developer the same flexibility as they'd have at one of the big 3 tech companies (who tend to build all this themselves).
The simple SSL cert setup seems novel, though the routing/middle stuff reminds me of Fastly: https://www.fastly.com
Can you go into more detail on how you are running this on k8s? A bunch of federated clusters around the world? SSH tunnels in sidecars?
Our apps are all k8s deployments. We have a user facing dashboard, a marketing app, and a backend administrative dashboard. Sidecar pods would work fine for our agents, but we actually bundle them with the apps ... this lets our edges detect release version, branch info, etc (that stuff is easy to read from git, hard to detect from a sidecar). Those agents connect to the nearest edge to setup a tunnel, then we use very fast backhaul between edges to connect users back to apps.
We actually started by running the edges as k8s nodes, and even toyed around with federated clusters. It was a bit unwieldy and had a few too many layers of indirection between visitors and our proxies so we simplified.
Our site is a good example: the static docs are hosted on Github Pages, the landing page is a middleware + Rack app, and our dashboard is a Rails app hosted on Kubernetes. All of these are mounted under https://fly.io. The edges are aware of the session cookies Rails uses and we have routing rules to send people to the right backends if they're logged in.
It's early, but the middleware is already super powerful.
