Fly.io, with the power of Firecracker alchemy, transforms containers into VMs running globally. The focus is on improving WireGuard for customers, replacing common HTTPS and REST APIs with a unique Fly.io approach. Despite challenges like unreliable NATS and persistent WireGuard peers, Fly.io successfully implemented a system where gateways dynamically pull peer configurations on demand. With the help of the Linux kernel WireGuard Netlink interface, connections are established quickly and efficiently, reducing stale peers significantly. This innovative approach results in faster peer setup, fewer gateway reload delays, and smoother operation overall. Highlights include a successful switch to a new provisioning system and improved gateway performance.
https://fly.io/blog/jit-wireguard-peers/