> And, long story short, we now have an implementation of certificate-based SSH, running over gVisor user-mode TCP/IP, running over userland wireguard-go, built into flyctl.
I think they mean to say that a part of gVisor is used by Fly, because if I recall correctly flyctl did use the gVisor user mode TCP stack for Wireguard tunneling.
I don't believe they do, they use Firecracker microVMs for isolation: https://fly.io/docs/reference/architecture/
https://fly.io/blog/ssh-and-user-mode-ip-wireguard/
Quote:
> And, long story short, we now have an implementation of certificate-based SSH, running over gVisor user-mode TCP/IP, running over userland wireguard-go, built into flyctl.
Also:
https://fly.io/blog/our-user-mode-wireguard-year/
https://fly.io/blog/jit-wireguard-peers/
This is another one of those things where the graph of our happiness about a technical decision is sinusoidal. :)
We don't.
I think they mean to say that a part of gVisor is used by Fly, because if I recall correctly flyctl did use the gVisor user mode TCP stack for Wireguard tunneling.
Ahh, that makes sense. Ok, revised answer: yes, we do. :)