Realm Host V2 Ha Tunnel 〈CONFIRMED — Version〉

For global HA, combine Realm Host V2 with a health-checking DNS service (like Route53 or Cloudflare). Use a script to update DNS A records pointing a static hostname (e.g., tunnel.realm.example.com) to the healthy backend IP. Realm Host clients resolve that hostname every 60 seconds.

For UDP-based tunnels (WebRTC, gaming, DNS), active-passive is inefficient. Realm V2 supports active-active HA using Anycast (BGP routing) plus coordinated connection tracking.

| Component | Description | |----------------------|-------------| | Realm Host V2 Gateway | Logical endpoint that terminates tunnels. Runs on VM or hardware appliance. | | HA Pair | Two gateway instances sharing a virtual IP (VIP) or using route injection. | | Heartbeat Link | Dedicated or in‑band link for state sync (VRRP, OSPF, or custom sync). | | Tunnel Endpoint | Source/destination IPs for each tunnel instance (primary + backup). | | Orchestrator | Optional controller for provisioning and monitoring multiple HA pairs. | realm host v2 ha tunnel

For this guide, we assume:

[tunnels.failover] max_retries = 3 retry_interval = "5s" backup_remote = "127.0.0.1:8081" # secondary backend For global HA, combine Realm Host V2 with

Note: In a true HA setup, 0.0.0.0:8443 is bound on all nodes, but only the VIP owner routes traffic.

A typical production HA tunnel consists of three planes: For this guide, we assume: [tunnels

[tunnels.tls] cert = "/etc/realm/tls/fullchain.pem" key = "/etc/realm/tls/privkey.pem"