A computer device includes logic configured to implement a tunnel broker. The tunnel broker is configured to receive a request from a client device for a service in a system, the service having a requested service property; select a first node in the system that hosts a first service instance having the requested service property; and establish a communication tunnel with a first end at the client device and a second end at the selected first node. The tunnel broker is further configured to determine that the first node no longer hosts the first service instance having the requested service property or that the first node has become unreachable; select a second node in the system that hosts a second service instance having the requested service property; and move the second end of the communication tunnel from the first node to the second node.
