|
| 1 | +--- |
| 2 | +title: TSFlow - Visualizing Your Tailscale Network Traffic Like Never Before |
| 3 | +description: |
| 4 | +slug: tsflow |
| 5 | +date: 2025-06-15 00:00:00+0000 |
| 6 | +image: tsflow.png |
| 7 | +categories: |
| 8 | + - Tailscale |
| 9 | +tags: |
| 10 | + - Tailscale |
| 11 | +weight: 1 |
| 12 | +draft: false |
| 13 | +--- |
| 14 | + |
| 15 | +Tailscale is an identity-based service network layer. Often times when your tailnet is large and you have just pushed a new ACL config, it can be hard to tell where the flow of your traffic is originating from and what is the traffic that any particular client is having traffic traverse through. |
| 16 | + |
| 17 | +As organizations scale their Tailscale deployments, network administrators and DevOps teams face an increasingly complex challenge: understanding how traffic flows through their tailnet. With dozens or hundreds of devices, complex ACL policies, and multiple subnets, gaining visibility into network patterns becomes critical for security, performance, and troubleshooting. |
| 18 | + |
| 19 | +That's why we built **TSFlow** - a modern, real-time web application that transforms your Tailscale network logs into beautiful, interactive visualizations that make network traffic patterns immediately clear. |
| 20 | + |
| 21 | +## The Challenge: Network Visibility at Scale |
| 22 | + |
| 23 | +When your tailnet grows beyond a handful of devices, several pain points emerge: |
| 24 | + |
| 25 | +- **ACL Complexity**: After deploying new access control policies, it's difficult to verify they're working as intended |
| 26 | +- **Traffic Patterns**: Understanding which devices communicate with each other and how frequently |
| 27 | +- **Performance Issues**: Identifying bandwidth-heavy connections or unusual traffic spikes |
| 28 | +- **Security Monitoring**: Detecting unexpected communication patterns that might indicate security issues |
| 29 | +- **Compliance**: Demonstrating network segmentation and access controls for audit purposes |
| 30 | + |
| 31 | +Traditional network monitoring tools weren't designed for the modern, identity-based networks that Tailscale enables. We needed something purpose-built for the Tailscale ecosystem. |
| 32 | + |
| 33 | +## Introducing TSFlow: Network Visualization Made Simple |
| 34 | + |
| 35 | +TSFlow bridges this gap by leveraging Tailscale's powerful [Network Flow Logging API](https://tailscale.com/api#tag/logging/GET/tailnet/{tailnet}/logging/configuration) to create intuitive, real-time visualizations of your network traffic. Built as a modern web application with a Go backend and React frontend, TSFlow transforms raw network logs into actionable insights. |
| 36 | + |
| 37 | + |
| 38 | + |
| 39 | +### Key Features |
| 40 | + |
| 41 | +**🌐 Interactive Network Topology** |
| 42 | +- Force-directed graphs show device relationships at a glance |
| 43 | +- Real-time traffic flow animations reveal active connections |
| 44 | +- Multiple layout algorithms (force-directed, circular, grid, hierarchical) for different perspectives |
| 45 | +- Zoom and pan controls for detailed exploration of large networks |
| 46 | + |
| 47 | + |
| 48 | + |
| 49 | +**📊 Comprehensive Analytics** |
| 50 | +- Live traffic metrics and bandwidth utilization |
| 51 | +- Protocol breakdown (TCP, UDP, ICMP) with detailed statistics |
| 52 | +- Device activity monitoring across your entire tailnet |
| 53 | +- Historical trend analysis with customizable time ranges |
| 54 | + |
| 55 | + |
| 56 | + |
| 57 | +**🔍 Advanced Filtering** |
| 58 | +- Flexible time range selection from 5 minutes to custom date ranges |
| 59 | +- Protocol-based filtering to focus on specific traffic types |
| 60 | +- Traffic categorization (virtual, subnet, physical) |
| 61 | +- Device and tag-based filtering for targeted analysis |
| 62 | + |
| 63 | +**🎯 Device Management** |
| 64 | +- Real-time device status monitoring (online/offline) |
| 65 | +- Detailed device metadata including OS, version, and connectivity |
| 66 | +- Tag-based organization matching your Tailscale configuration |
| 67 | + |
| 68 | + |
| 69 | +## Real-World Use Cases |
| 70 | + |
| 71 | +### ACL Validation |
| 72 | +After deploying new access control policies, TSFlow makes it easy to verify they're working correctly. The network topology view immediately shows which devices can communicate, while the traffic logs confirm that blocked connections are indeed being denied. |
| 73 | + |
| 74 | +### Performance Troubleshooting |
| 75 | +When users report slow network performance, TSFlow's bandwidth visualization quickly identifies high-traffic connections and potential bottlenecks. The protocol breakdown helps distinguish between different types of traffic and their impact. |
| 76 | + |
| 77 | +### Security Monitoring |
| 78 | +Unusual traffic patterns become immediately visible in TSFlow's real-time visualizations. Whether it's unexpected device-to-device communication or traffic volume spikes, security teams can quickly identify and investigate potential issues. |
| 79 | + |
| 80 | +### Network Documentation |
| 81 | +TSFlow's clear visualizations serve as living documentation of your network topology, making it easier to onboard new team members and communicate network architecture to stakeholders. |
| 82 | + |
| 83 | +## Getting Started |
| 84 | + |
| 85 | +TSFlow is designed to be deployed alongside your existing infrastructure with minimal configuration. Here's how to get started: |
| 86 | + |
| 87 | +### Prerequisites |
| 88 | +- A Tailscale API key with `devices:read` and `logs:read` permissions |
| 89 | +- Docker (recommended) or Go 1.21+ and Node.js 18+ |
| 90 | + |
| 91 | +### Quick Start with Docker |
| 92 | + |
| 93 | +```bash |
| 94 | +# Run TSFlow with your Tailscale credentials |
| 95 | +docker run -d \ |
| 96 | + -p 8080:8080 \ |
| 97 | + -e TAILSCALE_API_KEY=your-tailscale-api-key \ |
| 98 | + -e TAILSCALE_TAILNET=your-tailnet-name \ |
| 99 | + -e ENVIRONMENT=production \ |
| 100 | + --name tsflow \ |
| 101 | + tsflow |
| 102 | + |
| 103 | +# Access the dashboard |
| 104 | +open http://localhost:8080 |
| 105 | +``` |
0 commit comments