Show HN: lambda-nat-proxy – Serverless proxy using Lambda and UDP NAT punching

Show HN: lambda-nat-proxy – Serverless proxy using Lambda and UDP NAT punching(github.com)

18 points by danvittegleo 337 days ago | 11 comments

Revisited an old experiment of mine (https://github.com/dan-v/awslambdaproxy): can AWS Lambda functions work as network proxies? This time using UDP NAT hole punching + QUIC tunnels.

Client discovers public IP via STUN, writes session data to S3, which triggers a Lambda. Both endpoints punch UDP holes through their NATs, then establish a QUIC connection for encrypted traffic forwarding.

pbnjay 333 days ago |

Probably gets pretty costly if you’re running a lot of data through it. Now if you could implement a Tailscale DERP server in a lambda that would be pretty amazing: https://tailscale.com/kb/1232/derp-servers

danvittegleo 333 days ago | |

I did toy around with Tailscale initially trying to get it to spin up as an exit node but wasn't able to get that functional. I did manage to get Tailscale Funnel to work as the tunnel mechanism to Lambda, but unfortunately the performance was really poor.

robcohen 333 days ago |

Alternatively, you could make a Nix flake that can generate an immutable microVM image based on Solo5, running a MirageOS unikernel that implements NAT traversal with UDP hole punching and relay fallback. This image can be deployed to Fly.io as a lightweight, autoscaling Firecracker VM with per-second billing. It boots in milliseconds and costs far less than Lambda.

Any reason to use lambda vs this cloud-agnostic approach? Maybe I am missing something. I guess per second vs per 100ms billing, but I can't imagine it ends up being cheaper with Lambda.

danvittegleo 333 days ago | |

Absolutely - there are plenty of more cost-effective, cloud-agnostic ways to build something like this. This is just an experiment to explore Lambda networking and push it beyond its intended use cases.

robcohen 332 days ago | | |

Sure, I think it's an awesome effort. Just trying to think of an agnostic approach that's more efficient.

wredcoll 333 days ago | |

I honestly thought this post was satire for at least 30 seconds.

robcohen 332 days ago | | |

I'm not trying to disparage the attempt, just thinking of a way to make it's end goal more agnostic and efficient.

shayonj 333 days ago |

Very interesting concept. I’d love some cheap and “throw away” method of setting up tunnels with minimal onus on the exit nodes.

danfritz 333 days ago |

Looks cool but how much does it cost?

danvittegleo 333 days ago | |

Like most things with AWS, it’s tricky to pin down exactly - and it’ll probably cost more than you’d expect once you factor in Lambda invocations, GB-seconds of execution time, S3 request fees, and especially data‐transfer charges.

js4ever 333 days ago | |

10x the original cost it's trying to avoid probably