Skip to content
Robot Docs
Blog

Network Topology

Locations

Section titled “Locations”

Toronto (Home) — Primary location

Section titled “Toronto (Home) — Primary location”
ISPBell Canada via PPPoE
Public IPDynamic via PPPoE (no CGNAT, real public IP)
RouterUniFi Cloud Gateway Ultra (UX), firmware 4.0.12.17054
WANPPPoE (ppp0)
LAN192.168.177.0/24 (Default network)
UPnPEnabled (with NAT-PMP + Secure Mode)

Devices:

DeviceLAN IPTailscale IPTags
zmac (Mac)192.168.177.133100.117.222.41tag:clients
tsrelay (relay)192.168.177.228100.95.40.19tag:relay

Secondary network: Bell Wi-Fi (separate Bell Home Hub router). More permissive NAT (Endpoint-Independent Filtering). Direct Tailscale connections work without UPnP.

Kingston (Remote) — Workstation location

Section titled “Kingston (Remote) — Workstation location”
ISPVirgin Plus (Bell flanker brand) via PPPoE (CGNAT)
Public IPCGNAT — not directly routable
RouterUniFi
WAN IP from Bell10.130.37.119 (private, confirms CGNAT)
LAN192.168.2.0/24, gateway 192.168.2.1

Workstation:

Hostnameworkstation
LAN IP192.168.2.239 (via enp5s0, 1G)
Tailscale IP100.101.214.44, tag:clients
GPUNVIDIA RTX 3090

Two physical NICs:

  • enp5s0 (1G): Connected to Kingston UniFi, active internet path
  • enp3s0 (10G): Has PPPoE config for Bell on VLAN 35 (enp3s0.35). Currently INACTIVE. Keep PPPoE off — stale endpoints confuse Tailscale’s hole-punching.

Other Kingston devices:

DeviceLAN IPTailscale IP
workstation-kvm100.67.214.102
storage (Synology DS620slim, DSM 7.3.2)192.168.2.26100.106.137.64

Backup access: Teleport VPN can reach workstation at LAN IP 192.168.2.239 when Tailscale is down.

Network Diagram

Section titled “Network Diagram”

Tailscale Devices

Section titled “Tailscale Devices”
DeviceHostnameTailscale IPOSTagsLocation
zmaczeul-mac100.117.222.41macOStag:clientsToronto
tsrelaytsrelay100.95.40.19Linuxtag:relayToronto
workstationworkstation100.101.214.44Linuxtag:clientsKingston
workstation-kvmworkstation-kvm100.67.214.102LinuxKingston
zeul-iphonezeul-iphone100.113.247.15iOSMobile
robin-macrobin-mac100.99.96.72macOSOffline
robin-iphonerobin-iphone100.105.68.71iOSOffline
storagestorage100.106.137.64Linux (DSM 7)Kingston

Services Running

Section titled “Services Running”

Workstation (Kingston)

Section titled “Workstation (Kingston)”
  • Sunshine (game streaming server)
  • Tailscale
  • GDM: autologin enabled, Wayland disabled (X11 only for NVIDIA)
  • X11: headless with virtual display via xorg.conf MetaModes

tsrelay (Toronto)

Section titled “tsrelay (Toronto)”
HardwareRaspberry Pi 4 Model B Rev 1.4, 8GB RAM, 4-core ARM Cortex-A72 @ 1.8 GHz
RoleTailscale peer relay, port 40000 (--relay-server-port=40000)
Port forwardUDP 40000 -> tsrelay on Toronto UniFi
NICWired gigabit Ethernet (eth0)

Throughput Benchmarks (Tailscale Direct, Feb 2026)

Section titled “Throughput Benchmarks (Tailscale Direct, Feb 2026)”

Pi (wired) to Workstation

Section titled “Pi (wired) to Workstation”
DirectionTCP (single)TCP (4 streams)UDP ceiling
Pi to WS (upload)434 Mbps323+ Mbps (0% loss at 500M)
WS to Pi (download)119 Mbps248 Mbps~260 Mbps (drops above)

Mac (Wi-Fi) to Workstation

Section titled “Mac (Wi-Fi) to Workstation”
DirectionTCP (single)
Mac to WS109 Mbps
WS to Mac81 Mbps

Raw ISP speeds (Ookla)

Section titled “Raw ISP speeds (Ookla)”
LocationTo Bell serverTo Rogers (cross-network)
Kingston (WS)896 down / 342 up Mbps99 down / 212 up Mbps
Toronto (Pi)Not testedNot tested

Bottlenecks

Section titled “Bottlenecks”
  1. Kingston CGNAT outbound: Hard packet drops above ~260 Mbps. Cross-network speeds drop significantly vs Bell-internal tests.
  2. Mac Wi-Fi: Caps at ~250 Mbps LAN, further reduced through WireGuard to ~80-109 Mbps. Wired connection fixes this.
  3. Tailscale MTU 1280: More packets per byte, higher overhead.