Performance best practices
Tailscale continuously seeks ways to improve performance, such as making significant changes to wireguard-go (the userspace WireGuard implementation that Tailscale uses) and taking advantage of the transport layer offload engine to push Tailscale to 10Gb/s and beyond.
In most cases, Tailscale provides the best performance possible without additional configuration or customization. However, there are some situations in which you can leverage best practices to achieve the highest performance. The following sections offer best practices for getting the most out of Tailscale in various environments, operating systems, and modes of operation (exit nodes, subnet routers, and the like).
Direct connections
Tailscale uses direct and relayed connections, opting for direct connections when possible. Direct connections nearly always result in lower latency and higher throughput.
To increase the likelihood of a direct connection, you can:
- Expose a public IP address for your tailnet devices.
- Open a firewall port when necessary.
- Use the device connectivity guide to troubleshoot why a device might be using a relayed connection.
Operating system recommendations
Use a recent version of your preferred operating system because it typically offers the most recent software and hardware optimizations. For example, using Linux kernel version 6.2 or later provides the best performance by enabling Tailscale to use the latest kernel features.
Linux optimizations for subnet routers and exit nodes
Tailscale version 1.54 or later used with a Linux 6.2 or later kernel enables UDP throughput improvements using transport layer offloads. If a Linux device is acting as an exit node or subnet router, ensure the following network device configuration is in place for the best results:
NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ")
sudo ethtool -K $NETDEV rx-udp-gro-forwarding on rx-gro-list off
By default, changes made using the ethtool don't persistent after a reboot. On Linux distributions using networkd-dispatcher (which you can verify with systemctl is-enabled networkd-dispatcher), you can run the following commands to create a script that configures these settings on each boot.
printf '#!/bin/sh\n\nethtool -K %s rx-udp-gro-forwarding on rx-gro-list off \n' "$(ip -o route get 8.8.8.8 | cut -f 5 -d " ")" | sudo tee /etc/networkd-dispatcher/routable.d/50-tailscale
sudo chmod 755 /etc/networkd-dispatcher/routable.d/50-tailscale
Run the following commands to test the script to ensure it runs successfully on your devices:
sudo /etc/networkd-dispatcher/routable.d/50-tailscale
test $? -eq 0 || echo 'An error occurred.'
Machine sizing recommendations
For best performance, use the most recent generation of CPU architecture available to you. In general, higher CPU clock speed is more important than more cores.
Provider-specific recommendations
Refer to the following for provider-specific sizing recommendations: