Tailscale subnet routers behind Docker: UDP relay flapping under load?

Running a Tailscale subnet router as a Docker container on a Debian host (Tailscale 1.58). Under light load everything is stable, but when throughput exceeds ~200 Mbps sustained, the UDP relay starts flapping — connections drop and reconnect every 30-60 seconds. The host's Tailscale daemon (running directly on the host, not in Docker) stays stable. The container uses --net=host and --cap-add=NET_ADMIN. I've ruled out OOM kills and CPU throttling. The logs show 'magicsock: periodic rebind failed' on the container side. Is this a known Docker networking issue with Tailscale's wireguard tunnel, or should I be looking at sysctl tweaks (udp_mem, rmem_max)?