Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
72 lines (42 sloc) 3.82 KB

Better NAT traversal so that Relay servers are a last (not first) resort

The current cost of running relay servers for IPFS is unsustainable. We need to implement NAT hole punching mechanisms in libp2p to reduce the dependence on relay servers by NAT’d hosts. TURN should only be a last resort, and we should be preferentially using STUN-inspired practices to break through NATs.

libp2p is primarily TCP-oriented, and hole punching has a success rate of ~60%, so when two peers find each other, they should be able to coordinate via a third peer to synchronise around a hole punching choreography.

Conducting such signalling in a decentralised fashion is one of the topics for this session. One approach is to use our existing relay infrastructure: as soon as peers establish a relayed connection, they'd immediately attempt to upgrade to a direct connection. Defining how that happens is a goal of this session.

Moreover, exposing such facilities through via ICE/WebRTC-compliant interfaces would expand the reach of this solution and open it up for novel, browser-based use cases.

One challenge we'll also address is the adaptation of certain protocols (such as multistream/1.0.0) to handle TCP simultaneous opens gracefully. This event is a first-class citizen in TCP hole punching, but currently libp2p connection bootstrapping will fail under this context. We need to fix that.


  • Defining a solid decentralised, hole punching, attack-resistant STUN-like signalling protocol, to make TURN-like relay servers a last resort to work around NATs.
  • Leveraging relay servers as a rendezvous point for signalling, but allowing any third party to act as a signaller for another peer.

Requirements to consider

  • Connection migration: the direct connection resulting from the upgrade must absorb the state of the abandoned relayed connection.
  • TCP simultaneous open: Handling it in role-oriented protocols.
  • Attack resistance: identifying, preventing and recovering from attacks, including, but not limited to, byzantine action.
  • ICE/WebRTC compliant: Exposing an ICE/WebRTC-compliant interface for browsers to leverage this infrastructure.

Where to learn about it



🎤 Slides


Auto Nat and auto relay startup time not ideal for all applications.

Possible option to specify default bootstrap which are used immediately while auto Nat and auto relay runs

Tcp hole punching timing issue.

Udp holepunching 80% success rate.

TCP hole punching 60%.

TCP hole punching simultaneous connect. Doesn't work with role based protocols.

Using poison bit with highest ip/port to determine roles.

Libp2p event bus to get events about nat status which can be used to show users nat type so they can take action to forward ports.

Automatically change dht to client if not dialable.

How to migrate protocol session from relayed connection to direct connection after hole punching succeeds.

Push migration responsibility to protocols when event is triggered. Freeze stream and rewirel

When you have multilayer nats look for nodes in each layer to help you through.

Traceroute for multi nat.

You can’t perform that action at this time.