DERP relay usage indicates direct connectivity failure between peers

warning

Connection ManagementUpdated Jan 28, 2026(via Exa)

Sources

Tailscale client metricstailscale.com

Technologies:

Tailscalesubject

How to detect:

Traffic is flowing through DERP relay servers instead of direct peer connections, indicated by the 'derp' path label in throughput metrics. This suggests NAT traversal or firewall issues preventing direct IPv4/IPv6 connections.

Recommended action:

Monitor tailscaled_inbound_bytes_total and tailscaled_outbound_bytes_total metrics filtered by path='derp'. If DERP usage is high, investigate firewall rules, NAT configurations, or network policies blocking UDP traffic. Check tailscaled_home_derp_region_id to identify which relay region is being used.