Private relay services – Insights from an access-network perspective

Hari Jayaraman

Playlists: 'denog15' videos starting here / audio

The market has gathered more than a year’s experience with Private Relay, which Apple introduced with iOS15. We want to shed some light on the traffic profile visible from an access-network perspective.

So far, the market has not seen a major uptake in Apple Relay services, it is still in the permille range of total traffic. However, operators have voiced concerns about how such services, if deployed widespread, could impact the ability to manage capacity, traffic and availability effectively.

The architecture is well documented by Apple and the three CDNs operating egress-proxies, Akamai, Cloudflare and Fastly. But how does the traffic look in real life? Does content localization work as expected? Such questions are yet to be adequately answered.
We used flow-based data from affiliated networks to investigate the parts of the traffic flows which are visible to an access network and applied the documentation of the relay architecture to understand what we see.

What we can clearly see is that traffic behaves less structured compared to a comparable non-relay stream. Also, debugging is extremely challenging, as the Private Relay design is purposely effectively hindering an end-to-end view for any involved party.