Skip to content

Revised edits for the new egress-ip (app scoped) feature #2326

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Lucais11 merged 3 commits into from
Dec 19, 2025
Merged

Revised edits for the new egress-ip (app scoped) feature #2326

Lucais11 merged 3 commits into from
Dec 19, 2025

Conversation

@Lucais11
Copy link
Contributor

@Lucais11 Lucais11 commented Dec 18, 2025

Summary of changes

  1. Fixed typo
  • "availble" → "available" in Overview section
  1. Added beta status
  • Section title updated to include "(Beta)"

Why- The live doc treated app-scoped egress IPs as GA, but they're in beta. This should help set the proper expectations about stability and potential behavior changes that customers might experience.

  1. Clarified release behavior
  • Added explicit statement that app-scoped egress IPs are only released when you run fly ips release-egress and persist across Machine destruction.

Why- The live doc implied persistence but didn't state release behavior, which can cause billing confusion and leaked IPs.

  1. Updated billing section
  • Added beta pricing information- free during beta, expected to bill at $3.60/mo after beta.

Why: The live doc showed final pricing, but the feature is in beta and currently free. This prevents billing any surprises.

  1. Standardized and improved Caveats section
  • Connection limit standardized to 1024 concurrent connections (was 1000). This was written here as well originally- https://community.fly.io/t/beta-feature-try-out-app-scoped-egress-ips/26536.
  • Changed "external IP address" to "destination IP address" for accuracy
  • Fixed indentation of connection limit note
  • Improved delay explanation, so now there is context about why delays occur
  • Added a note about flyctl warnings when limits are approached, so users are aware
  1. Added new section: "Interaction with Machine-Scoped Egress IPs"
  • Explains that app-scoped and machine-scoped IPs shouldn't be used together
  • States that machine-scoped IPs take precedence over app-scoped IPs
  • Includes migration guidance with a warning callout

Why: During migration, machines can silently use machine-scoped IPs instead of app-scoped ones, causing unexpected routing. Want to make sure users are aware of this.

kcmartin
kcmartin approved these changes Dec 18, 2025
View reviewed changes
Copy link
Contributor

@kcmartin kcmartin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kcmartin kcmartin requested a review from PeterCxy December 18, 2025 23:05
PeterCxy
PeterCxy reviewed Dec 18, 2025
View reviewed changes
networking/egress-ips.html.md Outdated
---

## Static Egress IPs (App-Scoped)
## Static Egress IPs (App-Scoped) (Beta)
Copy link
Contributor

@PeterCxy PeterCxy Dec 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They're not beta anymore. The reason why docs were updated today is exactly because they are no longer considered beta. The flyctl side will be updated shortly to reflect that. Billing for static egress IPs start on Jan 1, 2026 (I don't think that's necessary to mention in docs, I will be writing a short FP to remind users of that)

PeterCxy
PeterCxy reviewed Dec 18, 2025
View reviewed changes
networking/egress-ips.html.md Outdated
- When using App-scoped static egress IPs, a Machine can make up to 1000 connections to _each_ external IP address. There is no limit on the _total_ number of concurrent connections.
- We do not expect this to be a concern for most apps. However, feel free to talk to us if this limits your use case!
- When using app-scoped static egress IPs, a Machine can make up to 1024 concurrent connections to _each_ destination IP address. There is no limit on the _total_ number of concurrent connections.
- We do not expect this to be a concern for most apps. However, feel free to talk to us if this limits your use case!
Copy link
Contributor

@PeterCxy PeterCxy Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should have one more level of indentation?

Copy link
Contributor Author

@Lucais11 Lucais11 Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll actually just use a small warning callout for this instead of the extra indentation

PeterCxy
PeterCxy reviewed Dec 18, 2025
View reviewed changes
networking/egress-ips.html.md Outdated
- We do not expect this to be a concern for most apps. However, feel free to talk to us if this limits your use case!
- When you have multiple static egress IPs assigned in one region, there is currently no way to specify exactly which IP each machine will use.
- When new machines are created, there might be a brief window when an app-scoped egress IP is not applied to the machine. This may happen more often with more machines or during bluegreen deployment. Allocating multiple pairs of static egress IPs alleviates the issue.
- There may be a short delay between allocating an egress IP (or creating a Machine) and the egress IP becoming usable. This is inherent to how the system applies IPs to new Machines. This delay may be more noticeable with more Machines or during bluegreen deployments. Allocating multiple pairs of static egress IPs alleviates the issue.
Copy link
Contributor

@PeterCxy PeterCxy Dec 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this description is entirely accurate. It's essentially talking about two possible scenarios:

  • Right after allocating a new egress IP, in that case the egress IP will be applied to all existing machines after a short delay. Allocating multiple pairs will probably not help in this case (since allocating them might be slower 😄 ).
  • The app already has an egress IP assigned, and a new machine is created. In that case there might be a delay before the machine gets to use the egress IP, and only in this case might allocating multiple pairs help.

PeterCxy
PeterCxy reviewed Dec 18, 2025
View reviewed changes
networking/egress-ips.html.md Outdated
If a Machine has a machine-scoped egress IP, it takes precedence over any app-scoped egress IP in the same region. This behavior may change in the future.

<div class="warning icon">
When migrating from machine-scoped to app-scoped egress IPs, release machine-scoped IPs first to make sure that Machines use the app-scoped IPs.
Copy link
Contributor

@PeterCxy PeterCxy Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not necessary, you may release machine-scoped IPs after app-scoped egress IPs are assigned to ensure a smooth transition.

@Lucais11 Lucais11 merged commit 8b06ff8 into main Dec 19, 2025
1 of 2 checks passed
@Lucais11 Lucais11 deleted the update-egressip-doc branch December 19, 2025 01:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PeterCxy PeterCxy PeterCxy left review comments

@kcmartin kcmartin kcmartin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Lucais11 @PeterCxy @kcmartin