Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
shj2105 5 hours ago

I’m so confused. What is the difference between a peer relay and a DERP server that is self hosted?

apenwarr 5 hours ago | parent | next [-]

(Tailscale founder here) Two main differences: first, every DERP server used by your tailnet must be accessible by every node on your tailnet at all times, otherwise you get hard-to-debug netsplits. That's a very high bar to maintain so we've historically recommended you don't try. In contrast, peer relays are "if a given pair of nodes can connect through any of the relays, go for it" so deploying one is always a performance and reliability improvement.

Secondly, peer relays support UDP while DERP is TCP-only. That would be fixable by simply improving the DERP protocol, but as we explored that option, we decided to implement the Peer Relay layer instead as a more complete solution.

shj2105 4 hours ago | parent | next [-]

Hmm got it not sure I entirely understand. The issue I have is I’m trying to connect two devices where one is behind a hard CGNAT that always causes the connection to be relayed even though the other one is not behind a cgnat with proper port forwarding. Would a peer relay solve this but is it like a DERP where I have to host it on a VPS separate from my existing two networks or is this something different where I can host the peer relay on the same network not behind a CGNAT and somehow it will link the two networks through it?

xeonmc 2 hours ago | parent | prev | next [-]

What happens if your peer relay device is behind CGNAT/SymNat?

Also, offtopic question: is Tailscale named after the idea of UDP packets “tailgating” a connection?

kwakubiney 4 hours ago | parent | prev [-]

> every DERP server used by your tailnet must be accessible by every node on your tailnet at all times, otherwise you get hard-to-debug netsplits.

What would allow a given pair of nodes access a peer relay? Isn’t the peer relay by default also accessible by every node on the tailnet since it’s in the tailnet as well?

allthetime 5 hours ago | parent | prev | next [-]

Talking out my ass, but as with all things Tailscale, not much, aside from easier to use / less manual setup.

Nothing they do was impossible before, but their big win is making world wide private networking easy and accessible.

I’ve been on-boarding my friends who have their own local media servers setup so we can all share/stream content from each other.

5 hours ago | parent | prev [-]
[deleted]