Tailscale's Peer Relays feature moves to general availability, letting organizations deploy their own high-throughput relays for better performance in restrictive network environments.
Tailscale has announced the general availability of Peer Relays, a feature that allows organizations to deploy their own high-throughput relay nodes within their Tailscale networks. This capability addresses a fundamental challenge in distributed networking: maintaining reliable, secure connections when direct peer-to-peer communication is blocked by firewalls, NATs, or cloud networking constraints.
From beta to production-ready
The journey to general availability represents significant engineering investment. What began as a solution for working around hard NATs has evolved into a production-grade connectivity option that gives teams the performance, control, and flexibility needed to scale Tailscale in challenging network environments.
The most noticeable improvement comes in throughput performance. When multiple clients forward traffic through a single relay, the system now selects more optimal network interfaces and address families when available. This optimization helps bootstrap connections and improves overall quality. On the relay side, lock contention improvements mean packets are handled more efficiently, and traffic distribution across multiple UDP sockets where available delivers meaningful gains in both performance and reliability.
Static endpoints for cloud environments
One of the most significant additions addresses a common pain point in cloud deployments. In public cloud networks, instances often sit behind strict firewall rules or rely on port forwarding and load balancers in peered public subnets. The infrastructure in front of these instances may not be able to run Tailscale directly, making standard discovery mechanisms ineffective.
Peer relays now integrate with static endpoints through the --relay-server-static-endpoints flag. This allows a peer relay to advertise fixed IP:port pairs to the tailnet, enabling external clients to relay traffic even when automatic endpoint discovery fails. This unlocks high-throughput connectivity in restrictive cloud environments where traditional NAT traversal doesn't work.
For many organizations, this capability means peer relays can replace subnet routers, enabling full-mesh deployments with core Tailscale features like Tailscale SSH and MagicDNS. The ability to deploy relays behind load balancers while still providing reliable, high-performance paths represents a significant advancement for enterprise deployments.
Enhanced observability and debugging
With general availability, Tailscale has integrated Peer Relays more deeply into its visibility and observability tooling. The feature now integrates directly with tailscale ping, allowing administrators to see whether a relay is being used, whether it's reachable, and how it impacts latency and reliability when testing connectivity.
This integration removes much of the guesswork from troubleshooting. When issues arise, it's easy to determine whether traffic is being relayed, whether the relay is healthy, and whether it's contributing to degraded performance. For ongoing monitoring, Peer Relays expose client metrics like tailscaled_peer_relay_forwarded_packets_total and tailscaled_peer_relay_forwarded_bytes_total. These metrics can be scraped and exported to monitoring systems like Prometheus and Grafana alongside existing Tailscale client metrics.
Enterprise-ready deployment
Peer Relays are available on all Tailscale plans, including the free Personal plan, making this capability accessible to organizations of all sizes. The deployment model is straightforward: relays can be enabled on any supported Tailscale node using the CLI, controlled through grants in ACLs, and deployed incrementally alongside existing relay infrastructure.
For organizations with specific throughput goals or deployment requirements, Tailscale offers deployment support. This enterprise-grade approach ensures that organizations can scale their Tailscale deployments confidently, knowing they have the performance, control, and observability needed for production environments.
The broader impact
This release represents more than just a feature update—it's a fundamental shift in how organizations can architect their Tailscale deployments. By allowing organizations to deploy their own high-throughput relays, Tailscale provides a path to maintain the security and simplicity benefits of the platform while addressing the performance and connectivity challenges that arise in real-world network environments.
The general availability of Peer Relays positions Tailscale as a more complete solution for enterprise networking, particularly for organizations operating in restrictive cloud environments or those requiring high-performance connectivity across geographically distributed teams.
For teams already using Tailscale, the path forward is clear: evaluate whether Peer Relays can improve your network performance, particularly in environments where direct peer-to-peer connections are challenging. For those considering Tailscale, this capability addresses one of the most common concerns about mesh networking solutions—what happens when direct connections aren't possible?
The answer, increasingly, is that you can deploy your own high-performance relays and maintain the seamless, secure connectivity that makes Tailscale compelling in the first place.
Comments
Please log in or register to join the discussion