[HN Gopher] Fck-nat: The (f)easible (C)ost (k)onfigurable NAT
___________________________________________________________________
Fck-nat: The (f)easible (C)ost (k)onfigurable NAT
Author : alexzeitler
Score : 112 points
Date : 2024-01-28 09:42 UTC (5 days ago)
(HTM) web link (fck-nat.dev)
(TXT) w3m dump (fck-nat.dev)
| pyvpx wrote:
| fuck tail latency, as well.
| paulvnickerson wrote:
| I've used this in the past. Was very pleased.
| TheRealPomax wrote:
| If you did it right, your tool or service will exist for decades
| to come, if you have the option to not call it something fsck,
| fwkc, fck, etc. it's worth exercising that option.
| ianlevesque wrote:
| On the other hand, this is your chance to name it fsck, fwkc,
| fck. It'll be harder to rename later.
| OkayPhysicist wrote:
| If you're too stuck up to appreciate a funny pun, don't use the
| software. No one's holding a gun to your head. Or you could
| relax, not everything needs to be "serious business".
| isityouyesitsme wrote:
| While not really being one who cares personally about the
| example here, I would not give a tool a name that I full well
| know will offend the sensibilities of some who will use it.
| That would make me a jerk, no matter how funny or whimsical I
| may find it.
|
| Even when poking fun at myself, I choose names of projects
| carefully. It's pretty easy to not be a jerk, at least in
| this way.
| diggan wrote:
| > I full well know will offend the sensibilities of some
| who will use it
|
| How could you possibly know this, where do you draw the
| line?
|
| For something people, "Hacker News" is surely offensive
| because "hacker" is generally thought of as a negative term
| (Yes, I know _our_ meaning, others generally don 't).
|
| GitHub could also be offensive to some, "git" after all is
| as much of a swear-word as "fck".
| gosub100 wrote:
| An early-90s textbook I read about encryption said that
| some people were disgusted hearing the word 'decrypt' for
| the first time because a crypt is a place where dead
| bodies were stored. They suggested (to those offended) to
| use the word _cipher_ instead ;)
| gosub100 wrote:
| Would you be ok if this tool was named sensibly, but was
| developed in brainfuck?
| Retr0id wrote:
| Sometimes keeping "serious" people away from your project is a
| feature, not a bug.
| 83457 wrote:
| It will probably be changed to "ck-nat" eventually.
| SkyMarshal wrote:
| Technically it should be cc-nat. This fck acronym seems like
| someone is trying a little too hard to twist it into
| something edgy.
| 83457 wrote:
| Was looking for someone to get the fckeditor > ckeditor
| reference.
| pwagland wrote:
| https://ckeditor.com/blog/FCKeditor-2.6.11-Released/
|
| You learn something new every day. To be fair, this
| rename is 10 years old!
| 83457 wrote:
| Renamed after a decade which I thought relevant to the
| comment above.
| Symbiote wrote:
| It worked out OK for Git, which means slightly malicious idiot
| in Britain and Ireland.
|
| (Linus was supposedly well aware of the meaning when he chose
| it.)
| diggan wrote:
| Supposedly, Linus named Git after himself, just like with
| Linux. According to the legends at least.
| suprjami wrote:
| There's a bit of a difference between "cranky old person" and
| one letter away from "fuck".
| pwagland wrote:
| It really depends on what country you are in.
|
| In many countries c*nt is one of the more terrible
| swearwords could imagine. In Ireland it's friendly banter.
| d*ckhead can be either a term of endearment amongst (close)
| friends, or an insult in Australia, and worse in other
| countries.
|
| In many, if not most, non American countries, f*ck just
| doesn't cut the mustard when swearing.
|
| Heck, in the UK, they have a major high street brand called
| FCUK.
| sonicanatidae wrote:
| https://i.kym-cdn.com/entries/icons/original/000/028/596/dsm...
| TehCorwiz wrote:
| The name of 'Git' (the source control system) is literally a
| derogatory term. I think you overestimate the value or
| prevalence of decorum. you should also google the relationship
| between the number of uses of the word "fuck" in code comments
| with code quality. There's been several papers on it.
|
| EDIT: Here: https://cme.h-its.org/exelixis/pubs/JanThesis.pdf
| shzhdbi09gv8ioi wrote:
| > fsck
|
| = filesystem check
|
| please stop being _this_ thin skinned
| hasty_pudding wrote:
| I would advertise how understandable it is as well.
|
| maybe something like: ufck?
| overstay8930 wrote:
| If you care about price this badly just use v6, it's free
| dns_snek wrote:
| That's not an option if you need to support IPv4-only clients,
| which the vast majority of services do.
| andrewaylett wrote:
| IPv4 clients are a different problem, with a different
| solution -- NAT is for outbound connections. Of course,
| plenty of services you want to connect _to_ could only
| support IPv4.
|
| IPv6 internally doesn't stop you running public
| IPv4-accessible services.
| dns_snek wrote:
| I see, I misunderstood, I thought this was for inbound
| connections.
| ikiris wrote:
| Start charging those clients an ipv4 fee then.
| andrepew wrote:
| Unless you're dependent on one of the many many AWS services
| that don't support IPv6-only access.
|
| https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-su...
| sonicanatidae wrote:
| He's probably being paid by Big v6 to push it.
| p1mrx wrote:
| There is an ongoing discussion about adding NAT64 support:
| https://github.com/AndrewGuenther/fck-nat/issues/41
| oopsthrowpass wrote:
| Ahh this almost fits our use case, but we already went with
| Feasible Cost Konfigurable AWS setup
| bilalq wrote:
| The NAT tax is real. We got to tens of thousands of registered
| users of our app with the $30/month NAT gateway being like 90% of
| our AWS bill. And it didn't even serve customer facing traffic!
| At the time, it's only use was for a serverless Aurora DB used by
| background jobs.
|
| It only gets more expensive when you actually serve large amounts
| of traffic, need multi-AZ setups, and run multiple AWS accounts
| for different envs for beta/prod and each engineer's sandbox
| account. The worst part of cloud billing is how each base cost
| has several dimensions of multipliers.
| paulddraper wrote:
| I don't pay the NAT tax.
|
| I just use public IP addresses.
|
| It's fine, it works. Worked for EC2-Classic, works today.
| ipython wrote:
| You now get charged for ipv4 addresses as well. Less than
| nat, yes, but now ipv4 addresses are no longer free either.
| outworlder wrote:
| I don't know about your specific network architecture but, if
| you need to access AWS services from inside your VPC, make sure
| to configure a VPC endpoint for the services where it is
| available(RDS is one of them).
|
| Far too many people forget about that and send their AWS
| traffic through their NAT GWs.
| icedchai wrote:
| Keep in mind for low traffic sites, it may be cheaper to use
| NAT, if you already need it for something else. All those
| "VPC endpoints" can really add up. It's kind of crazy you
| gotta pay for the privilege of connecting to AWS from within
| AWS.
| mannyv wrote:
| One use case for NAT is lambdas calling out of their VPC to the
| internet. Not everything is v6 friendly yet.
|
| I'll try and deploy this. Our NAT costs aren't that high, but
| reducing spend is worth an hour or two. I might leave this as
| something for the new guy, just so we can see if he can do it
| without taking down the environment.
| sakopov wrote:
| This is perfect for preprod environments. I'd probably not deploy
| in production. There is a better nat instance setup available
| called alternat [1] which is a little more durable and better for
| production cases.
|
| [1] https://github.com/1debit/alternat
| tootie wrote:
| This is what we run. Modest but not trivial scale. Transition
| was really easy.
| andrewguenther wrote:
| Author of fck-nat here. My big issue with Alternat is that it
| actively updates the route table which can still cause
| availability problems. It's a shorter outage than the current
| fck-nat replacement methodology, but it is still dropping
| connections.
|
| The longer term vision for fck-nat is a two node approach using
| conntrackd and keepalived to actively failover existing
| connections to the secondary with no loss of availability. This
| has the added benefit of not requiring all of the auxiliary
| infrastructure that Alternat sets up.
| sakopov wrote:
| That's an awesome update! I currently run fck-nat in pre-prod
| environments (and love it so far) but still use NAT gateway
| in production. I was actively looking into switching over to
| AlterNat for prod because of the failover to NAT gateway
| during NAT instance updates and outages, but definitely not a
| fan of the complexity you're eluding to. The future plans
| you've outlined definitely make me want to wait it out and
| just use fck-nat across the board. Thanks for sharing these
| plans!
| andrewguenther wrote:
| Author of fck-nat here. Happy to answer any questions! Thanks for
| the post!
___________________________________________________________________
(page generated 2024-02-02 23:00 UTC)