Regional routing

When using your subnet routers in high availability (HA) mode, you can enable the regional routing option in your Tailscale network (tailnet) to automatically route traffic to the closest available HA subnet router for communicating with an IP address in the subnet router’s addressable range.

Regional routing is available for the Enterprise plan.
Regional routing is currently in private alpha. Therefore, this topic is currently hidden.

How regional routing works

Tailscale uses DERP servers to indicate which of your subnet routers is closest to any given client device. Subnet routers are automatically assigned a regional routing group.

Within each region, Tailscale selects a primary subnet router if more than one exists for a given address range. Tailscale regularly updates which HA subnet routers belong to each regional routing group.

Upon connecting to Tailscale, client devices identify which regional routing group is closest to them by finding the closest DERP server. This works by having clients report their latencies to the nearest active DERP servers, after which clients are assigned a regional routing group. Each client is then instructed to send traffic bound to a given subnet directly to the closest subnet router. The client re-evaluates its choice of regional routing group periodically.

Enabling regional routing for your tailnet

  1. Verify that you have at least two subnet routers in failover mode. This is also referred to as HA mode.
  2. Open the Settings page of the admin console.
  3. Enable the Regional Routing option.

The traffic for tailscale clients will automatically be routed to the nearest region with an active HA subnet router when connecting to addresses covered by that subnet router.

Example use cases

On-ramping remote employees to transit backbones

You can use subnet routers in conjunction with regional routing to on-ramp remote employee traffic to transit gateways such as AWS Transit Gateway, Google Cloud Interconnect, Azure ExpressRoute, and other virtual private transit providers. By placing a subnet router in front of each network on-ramp point, regional routing will automatically route device traffic on to the transit provider as quickly as possible.

Connecting to a globally replicated application or VPC

You can use subnet routers in conjunction with regional routing to connect to applications or VPCs that are globally replicated across your cloud provider’s regions, or across multiple cloud providers. By placing a subnet router in front of each application or VPC, regional routing will automatically route device traffic on to the nearest version of that application or VPC. When using this methodology, the application must be available from the same set of IP addresses within the same high availability subnet route. In this way, you can easily deploy and connect to a globally distributed application, with multi-cloud failover built right in.

Last updated