Real-world CGNAT use case that might be relevant here: I'm running an industrial AI monitoring system (computer vision on live RTSP camera feeds) deployed on Google Cloud Run. The cameras are behind an ISP that blocks port forwarding entirely — a common apartment/SMB situation. Tailscale solved this completely. The Cloud Run container joins the tailnet, the camera's RTSP server gets a 100.x.x.x address via MediaMTX, and the container reads the stream over the private mesh as if everything were on the same LAN. No public exposure, no ISP negotiation, no port forwarding rules. The Peer Relay announcement matters for this setup specifically: my Cloud Run instance spins up fresh containers under load, and DERP relay fallback was occasionally adding latency during the NAT traversal handshake on cold starts. Peer Relays distributing that relay burden to edge nodes should reduce that.

One question for the Tailscale folks: for ephemeral compute (Cloud Run, Lambda, Fly.io), where containers may spin up/down frequently, how does peer relay selection work when the relaying node itself might be transient?