Updates #docs Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>main
Brad Fitzpatrick
3 years ago
committed by
Brad Fitzpatrick
parent
3ae7140690
commit
c1e6888fc7
@ -0,0 +1,61 @@ |
|||||||
|
# DERP |
||||||
|
|
||||||
|
This directory (and subdirectories) contain the DERP code. The server itself is |
||||||
|
in `../cmd/derper`. |
||||||
|
|
||||||
|
DERP is a packet relay system (client and servers) where peers are addressed |
||||||
|
using WireGuard public keys instead of IP addresses. |
||||||
|
|
||||||
|
It relays two types of packets: |
||||||
|
|
||||||
|
* "Disco" discovery messages (see `../disco`) as the a side channel during [NAT |
||||||
|
traversal](https://tailscale.com/blog/how-nat-traversal-works/). |
||||||
|
|
||||||
|
* Encrypted WireGuard packets as the fallback of last resort when UDP is blocked |
||||||
|
or NAT traversal fails. |
||||||
|
|
||||||
|
## DERP Map |
||||||
|
|
||||||
|
Each client receives a "[DERP |
||||||
|
Map](https://pkg.go.dev/tailscale.com/tailcfg#DERPMap)" from the coordination |
||||||
|
server describing the DERP servers the client should try to use. |
||||||
|
|
||||||
|
The client picks its home "DERP home" based on latency. This is done to keep |
||||||
|
costs low by avoid using cloud load balancers (pricey) or anycast, which would |
||||||
|
necessarily require server-side routing between DERP regions. |
||||||
|
|
||||||
|
Clients pick their DERP home and report it to the coordination server which |
||||||
|
shares it to all the peers in the tailnet. When a peer wants to send a packet |
||||||
|
and it doesn't already have a WireGuard session open, it sends disco messages |
||||||
|
(some direct, and some over DERP), trying to do the NAT traversal. The client |
||||||
|
will make connections to multiple DERP regions as needed. Only the DERP home |
||||||
|
region connection needs to be alive forever. |
||||||
|
|
||||||
|
## DERP Regions |
||||||
|
|
||||||
|
Tailscale runs 1 or more DERP nodes (instances of `cmd/derper`) in various |
||||||
|
geographic regions to make sure users have low latency to their DERP home. |
||||||
|
|
||||||
|
Regions generally have multiple nodes per region "meshed" (routing to each |
||||||
|
other) together for redundancy: it allows for cloud failures or upgrades without |
||||||
|
kicking users out to a higher latency region. Instead, clients will reconnect to |
||||||
|
the next node in the region. Each node in the region is required to to be meshed |
||||||
|
with every other node in the region and forward packets to the other nodes in |
||||||
|
the region. Packets are forwarded only one hop within the region. There is no |
||||||
|
routing between regions. The assumption is that the mesh TCP connections are |
||||||
|
over a VPC that's very fast, low latency, and not charged per byte. The |
||||||
|
coordination server assigns the list of nodes in a region as a function of the |
||||||
|
tailnet, so all nodes within a tailnet should generally be on the same node and |
||||||
|
not require forwarding. Only after a failure do clients of a particular tailnet |
||||||
|
get split between nodes in a region and require inter-node forwarding. But over |
||||||
|
time it balances back out. There's also an admin-only DERP frame type to force |
||||||
|
close the TCP connection of a particular client to force them to reconnect to |
||||||
|
their primary if the operator wants to force things to balance out sooner. |
||||||
|
(Using the `(*derphttp.Client).ClosePeer` method, as used by Tailscale's |
||||||
|
internal rarely-used `cmd/derpprune` maintenance tool) |
||||||
|
|
||||||
|
We generally run a minimum of three nodes in a region not for quorum reasons |
||||||
|
(there's no voting) but just because two is too uncomfortably few for cascading |
||||||
|
failure reasons: if you're running two nodes at 51% load (CPU, memory, etc) and |
||||||
|
then one fails, that makes the second one fail. With three or more nodes, you |
||||||
|
can run each node a bit hotter. |
||||||
Loading…
Reference in new issue