daemon
Private networking services double-route requests
Hi, we have a potentially show-stopping, but certainly very confusing, bug with the private networking rollout.
My expectation with private networking is that network addresses are per-environment -- for us, this is staging and production, as well as PR environments. My expectation then is that each environment has an isolated VPC and that resources cannot communicate via VPC across those environments. This tracks with the 'per-environment' and 'isolation' per environment language in the private networking and envirnoment docs.
In our case, we have two services, call them alice and bob. Alice is a frontend that talks to Bob, the backend. Bob has a private address,
bob.railway.internal
. This address is the same across each environment by default - whereas the default HTTP domain is bob-staging.up.railway.app
or bob-repo-pr-38.up.railway.app
for example.
I can see that when Alice sends requests across to bob.railway.internal
the request is routed to EACH instance of Bob that has private networking enabled! Each request is then operated twice. This does not fit my understanding, that each environment should be isolated.
Are PR envs not considered isolated envs for these purposes? Can Railway automatically prefix the private URL with the env name or something (though, it does break env vars, I guess?) Do we need to turn off PR environments or manually change the envs (!?) for each?26 replies
intra-pod latency
What is the expected latency between two services running on Railway?
My expectation within the same cloud / AZ is probably 2-3ms (attributable to Envoy / other k8s overhead). Do those numbers look right to you? It certainly feels significantly higher.
Will private networking bring this down? I assume that right now connection is over public internet, if we are behind a VPC, that should cut down on some SSL etc?
22 replies