Decentralized NAT Hole-Punching

About this talk

This talk presents a measurement study of decentralized NAT hole punching in libp2p, focusing on the DCUtR (Direct Connection Upgrade through Relay) protocol that enables peers behind NATs and firewalls to establish direct connections without centralized infrastructure. Dennis explains how DCUtR uses a relay to coordinate synchronized connection attempts via Connect and Sync messages, then describes a measurement setup combining a honeypot DHT server, a coordination server, and a fleet of clients to observe hole punch outcomes in the wild. The results show roughly an 80% success rate for Go clients, with most successful punches completing on the first attempt, while clients running over VPNs and the Rust IPFS implementation exhibit notably lower success rates, particularly over TCP. The talk also examines the no-stream error pattern in rust-ipfs nodes and discusses transport differences between TCP and QUIC, closing with a call for community participation in a hole-punch measurement campaign.