Challenging Tribal Knowledge -- Large Scale Measurement Campaign on Decentralized NAT Traversal

TL;DR

This work provides the first large-scale, longitudinal evaluation of a fully decentralized NAT traversal protocol (DCUtR) in production libp2p/IPFS networks, using over 4.4 million data points from 85,000+ networks across 167 countries. It demonstrates a contemporary hole-punch baseline of $70\% \pm 7.1\%$, and shows that DCUtR’s RTT-based synchronization yields transport-agnostic performance with roughly $70\%$ success for both TCP and QUIC, contradicting the idea that UDP-based traversal is inherently superior. The study confirms relay-agnostic robustness and finds that $97.6\%$ of successful connections occur on the first attempt, while also validating the effectiveness of Connection Reversal when port mappings exist. The authors release a large open dataset to spur further research and propose a concrete optimization roadmap toward universal connectivity in decentralized networks. Overall, DCUtR reduces reliance on centralized NAT-traversal infrastructure and provides a practical path toward scalable, permissionless P2P connectivity.

Abstract

The promise of decentralized peer-to-peer (P2P) systems is fundamentally gated by the challenge of Network Address Translation (NAT) traversal, with existing solutions often reintroducing the very centralization they seek to avoid. This paper presents the first large-scale, longitudinal measurement study of a fully decentralized NAT traversal protocol, Direct Connection Upgrade through Relay (DCUtR), within the production libp2p-based IPFS network. Drawing on over 4.4 million traversal attempts from 85,000+ distinct networks across 167 countries, we provide a definitive empirical analysis of modern P2P connectivity. We establish a contemporary baseline success rate of $70\% \pm 7.1\%$ for the hole-punching stage, providing a crucial new benchmark for the field. Critically, we empirically refute the long-held 'tribal knowledge' of UDP's superiority for NAT traversal, demonstrating that DCUtR's high-precision, RTT-based synchronization yields statistically indistinguishable success rates for both TCP and QUIC ($\sim70\%$). Our analysis further validates the protocol's design for permissionless environments by showing that success is independent of relay characteristics and that the mechanism is highly efficient, with $97.6\%$ of successful connections established on the first attempt. Building on this analysis, we propose a concrete roadmap of protocol enhancements aimed at achieving universal connectivity and contribute our complete dataset to foster further research in this domain.

Figures (11)

• Figure 1: DCUtR protocol flow diagram
• Figure 2: Measurement infrastructure architecture. The central components honeypot, server, and clients allow us to detect, serve and hole punch DCUtR-capable remote peers.
• Figure 3: (a) Geographic distribution of controlled client peers in the measurement campaign that contributed hole punch results. (b) Geographic distribution of remote peers that interacted with the IPFS network that contributed hole punch results in the measurement campaign.
• Figure 4: (a) Network identifications per hole punch result. Most could be linked to a single network based on the reported IP addresses that the client listens on. (b) CDF of the number of unique networks per client, showing that over $60\%$ of clients operated from a single network throughout the campaign.
• Figure 5: (a) Reported hole punch results over the course of the duration of our measurement campaign split by their individual outcomes according to table \ref{['tab:hpr-outcomes']}. (b) Daily success rates of hole punches for individual networks across the entire measurement period. The dashed orange line is the line of best fit across all success rates.