hngopher.com

       [HN Gopher] Show HN: lambda-nat-proxy - Serverless proxy using L...
       ___________________________________________________________________
        
       Show HN: lambda-nat-proxy - Serverless proxy using Lambda and UDP
       NAT punching
        
       Revisited an old experiment of mine
       (https://github.com/dan-v/awslambdaproxy): can AWS Lambda functions
       work as network proxies? This time using UDP NAT hole punching +
       QUIC tunnels.  Client discovers public IP via STUN, writes session
       data to S3, which triggers a Lambda. Both endpoints punch UDP holes
       through their NATs, then establish a QUIC connection for encrypted
       traffic forwarding.
        
       Author : danvittegleo
       Score  : 15 points
       Date   : 2025-06-17 19:01 UTC (4 days ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | danfritz wrote:
       | Looks cool but how much does it cost?
        
         | danvittegleo wrote:
         | Like most things with AWS, it's tricky to pin down exactly -
         | and it'll probably cost more than you'd expect once you factor
         | in Lambda invocations, GB-seconds of execution time, S3 request
         | fees, and especially data-transfer charges.
        
         | js4ever wrote:
         | 10x the original cost it's trying to avoid probably
        
       | pbnjay wrote:
       | Probably gets pretty costly if you're running a lot of data
       | through it. Now if you could implement a Tailscale DERP server in
       | a lambda that would be pretty amazing:
       | https://tailscale.com/kb/1232/derp-servers
        
         | danvittegleo wrote:
         | I did toy around with Tailscale initially trying to get it to
         | spin up as an exit node but wasn't able to get that functional.
         | I did manage to get Tailscale Funnel to work as the tunnel
         | mechanism to Lambda, but unfortunately the performance was
         | really poor.
        
       | shayonj wrote:
       | Very interesting concept. I'd love some cheap and "throw away"
       | method of setting up tunnels with minimal onus on the exit nodes.
        
       | robcohen wrote:
       | Alternatively, you could make a Nix flake that can generate an
       | immutable microVM image based on Solo5, running a MirageOS
       | unikernel that implements NAT traversal with UDP hole punching
       | and relay fallback. This image can be deployed to Fly.io as a
       | lightweight, autoscaling Firecracker VM with per-second billing.
       | It boots in milliseconds and costs far less than Lambda.
       | 
       | Any reason to use lambda vs this cloud-agnostic approach? Maybe I
       | am missing something. I guess per second vs per 100ms billing,
       | but I can't imagine it ends up being cheaper with Lambda.
        
         | danvittegleo wrote:
         | Absolutely - there are plenty of more cost-effective, cloud-
         | agnostic ways to build something like this. This is just an
         | experiment to explore Lambda networking and push it beyond its
         | intended use cases.
        
       ___________________________________________________________________
       (page generated 2025-06-21 23:01 UTC)