what is subnet router in tailscale
tags: learning networking tailscale
content
- tailnet 里的所有设备, 把 指向 一个特定 ip range 里的地址 的请求都 先发送到 subnet router, 再由 subnet router 发送到 destination
- 这里的 destination 是和 subnet router 在同一个子网里的, 通常不是在 public internet 里的
tailnet-subnet-router.excalidraw
⚠ Switch to EXCALIDRAW VIEW in the MORE OPTIONS menu of this document. ⚠ You can decompress Drawing data with the command palette: ‘Decompress current Excalidraw file’. For more info check in plugin settings under ‘Saving’
Excalidraw Data
Text Elements
physical subnet
machine A
machine B
…
tailscale subnet router
other network
machine C with tailscale installed
machine D
tailnet
data packet
machine A has no idea that the traffic comes from another subnet, they can only see that traffic comes from subnet router
Qn: how does machine C know where to send packet if it wants to connect to machine A?
Ans: subnet router is advertising to the whole tailnent:
“i have 192.168.16.0/24 in my physical network, connect to me if you wanna connect to them”
Ans: the packet already contains machine A’s private ip, so subnet router just forwards directly to machine A
this only works if machine C already knows machine A’s ip (private ip in its physical network) what if dns is needed?
Route DNS lookups to an internal DNS server
of course, when these two subnets are not directly connected, there’s no way machineC could just send packets to subnet router (it doesn’t even know what’s the subnet router’s ip!) the process is more like this:
tailnet
machine C with tailscale installed
tailscale subnet router
tailscale server
Link to original
up
[[tailscale#subnet router](https //tailscale.com/kb/1019/subnets)|tailscale - subnet router]]