pith. machine review for the scientific record. sign in

arxiv: 2604.12484 · v1 · submitted 2026-04-14 · 💻 cs.NI · cs.PF

Recognition: unknown

Large-Scale Measurement of NAT Traversal for the Decentralized Web: A Case Study of DCUtR in IPFS

Dennis Trautwein , Cornelius Ihle , Moritz Schubotz , Corinna Breitinger , Bela Gipp
Authors on Pith no claims yet

Pith reviewed 2026-05-10 14:29 UTC · model grok-4.3

classification 💻 cs.NI cs.PF
keywords NAT traversalDCUtRIPFShole-punchingpeer-to-peerdecentralized networksQUICTCP
0
0 comments X

The pith

IPFS measurements establish 70% success for decentralized NAT traversal, with TCP and QUIC matching UDP.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper conducts the first large-scale study of the DCUtR protocol operating inside the live IPFS network to measure how often peers can form direct connections despite NAT. Drawing on 4.4 million traversal attempts from over 85,000 networks, it reports a conditional success rate of 70 percent for the hole-punching stage once relays and addresses are prepared. The results show that this rate holds equally for TCP, QUIC, and UDP, contradicting the common view that UDP is required for reliable traversal. The protocol also proves efficient, with 97.6 percent of successes occurring on the first attempt and no dependence on specific relay properties.

Core claim

DCUtR achieves a conditional success rate of 70% ± 7.1% for hole-punching after successful relay reservation and public address discovery. This rate is statistically the same for TCP and QUIC as for UDP. The mechanism works independently of relay choice, succeeds on the first attempt in 97.6% of cases, and operates in a fully permissionless setting across 167 countries.

What carries the argument

DCUtR protocol, which sequences relay reservation, address discovery, and high-precision RTT-based synchronization to enable direct peer-to-peer hole-punching.

Load-bearing premise

The 4.4 million attempts collected from 85,000 networks form an unbiased sample of real-world NAT behaviors and the IPFS logging captures every relevant outcome without systematic errors.

What would settle it

A follow-up measurement that gathers a comparable number of DCUtR attempts from a fresh global sample of networks and obtains a hole-punching success rate clearly outside the reported 70% ± 7.1% interval.

Figures

Figures reproduced from arXiv: 2604.12484 by Bela Gipp, Corinna Breitinger, Cornelius Ihle, Dennis Trautwein, Moritz Schubotz.

Figure 1
Figure 1. Figure 1: DCUtR protocol flow diagram 3.1.3 Circuit v2. For private peers, the Circuit v2 protocol provides lightweight relaying services, primarily for signaling and coordi￾nation tasks such as those required by DCUtR. Crucially, Circuit v2 is designed to minimize resource usage, imposing negligible processing and bandwidth costs on relays; unlike traditional TURN relays, which forwards all application traffic. Cir… view at source ↗
Figure 2
Figure 2. Figure 2: Measurement infrastructure architecture. The cen [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: (a) Geographic distribution of controlled client peers in the measurement study that contributed hole punch results. [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: (a) Network identifications per hole punch result. [PITH_FULL_IMAGE:figures/full_fig_p007_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: (a) Reported hole punch results over the course of the duration of our measurement campaign split by their individual [PITH_FULL_IMAGE:figures/full_fig_p008_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: (a) The direct RTT as a fraction of the RTT through the relay. (b) RTT distributions for hole punches with the outcomes [PITH_FULL_IMAGE:figures/full_fig_p009_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: (a) Success rate dependence on relay location along the path. (b) Ratio of the mean over the standard deviation of the [PITH_FULL_IMAGE:figures/full_fig_p010_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: (a) If the hole punch was successful, which trans [PITH_FULL_IMAGE:figures/full_fig_p010_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: (a) If successful, with which attempt succeeded the hole punch. (b) Influence of active port mappings on the hole [PITH_FULL_IMAGE:figures/full_fig_p011_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: DCUtR Protocol Sequence Diagram [PITH_FULL_IMAGE:figures/full_fig_p015_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Postgres database UML diagram A.2 Dataset In this section, we will provide a detailed overview of the dataset used in our analysis. The provided dataset is a Postgres database dump available via this IPFS CID bafybeia7sq3nfd7c4obcy7ahjvnoka7ujdiob33r7rqyeycgicdt3iknki [PITH_FULL_IMAGE:figures/full_fig_p016_11.png] view at source ↗
read the original abstract

The promise of decentralized peer-to-peer (P2P) systems is fundamentally gated by the challenge of Network Address Translation (NAT) traversal, with existing solutions often reintroducing the very centralization they seek to avoid. This paper presents the first large-scale measurement study of a fully decentralized NAT traversal protocol, Direct Connection Upgrade through Relay (DCUtR), within the production libp2p-based InterPlanetary File System (IPFS) network. Drawing on over 4.4 million traversal attempts from 85,000+ distinct networks across 167 countries, we provide an empirical analysis of modern P2P connectivity. We establish a conditional success rate of $70\% \pm 7.1\%$ for the hole-punching stage, given that prerequisite relay reservation and public address discovery succeed, providing a crucial new benchmark for the field. Critically, we empirically challenge the long-held belief of UDP's superiority for NAT traversal, demonstrating that DCUtR's high-precision, RTT-based synchronization yields statistically indistinguishable success rates for both TCP and QUIC ($\sim70\%$). Our analysis further validates the protocol's design for permissionless environments by showing that success is independent of relay characteristics and that the mechanism is highly efficient, with $97.6\%$ of successful connections established on the first attempt. Building on this analysis, we propose a concrete roadmap of protocol enhancements aimed at achieving universal connectivity and contribute our complete dataset to foster further research in this domain.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. This paper presents the first large-scale measurement of the DCUtR NAT traversal protocol in the production IPFS/libp2p network. Drawing on 4.4 million traversal attempts from over 85,000 networks across 167 countries, it reports a conditional hole-punching success rate of 70% ± 7.1% (given successful relay reservation and public-address discovery), finds statistically indistinguishable success rates for TCP and QUIC, notes that 97.6% of successful connections occur on the first attempt, shows independence from relay characteristics, and releases the full dataset along with a roadmap for protocol improvements.

Significance. If the reported conditional rates are robust to sampling details, the work supplies a valuable empirical benchmark for decentralized NAT traversal in permissionless overlays and usefully challenges the UDP-superiority assumption with production data. The scale of the dataset and public release are clear strengths that enable follow-on research.

major comments (2)
  1. [Measurement Methodology / Data Collection] The description of peer sampling, logging of traversal outcomes, and exclusion criteria for the 4.4 M attempts is insufficient to assess selection bias. Because all measurements occur inside the live IPFS overlay (after DHT join, relay reservation, and address advertisement), the sample systematically excludes nodes that fail early discovery steps; this conditioning may inflate the reported 70% ± 7.1% hole-punching rate relative to a broader NAT population. Clarifying the exact sampling frame and how failed prerequisites are recorded is required to support the claim that the result is a general benchmark.
  2. [Results (TCP/QUIC comparison)] The statistical claim of indistinguishability between TCP and QUIC (~70%) requires the exact test statistic, per-protocol sample sizes, and full confidence-interval calculations to be reproducible; without these, the challenge to long-held UDP assumptions rests on an incompletely documented comparison.
minor comments (1)
  1. [Figures] Figure captions and axis labels should explicitly state that all rates are conditional on prerequisite success.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive and detailed review. We address each major comment below, providing clarifications and committing to specific revisions that strengthen the manuscript without altering its core claims.

read point-by-point responses

  1. Referee: [Measurement Methodology / Data Collection] The description of peer sampling, logging of traversal outcomes, and exclusion criteria for the 4.4 M attempts is insufficient to assess selection bias. Because all measurements occur inside the live IPFS overlay (after DHT join, relay reservation, and address advertisement), the sample systematically excludes nodes that fail early discovery steps; this conditioning may inflate the reported 70% ± 7.1% hole-punching rate relative to a broader NAT population. Clarifying the exact sampling frame and how failed prerequisites are recorded is required to support the claim that the result is a general benchmark.

    Authors: We agree that the methodology section would benefit from greater detail to allow readers to fully evaluate selection effects. The reported 70% ± 7.1% figure is explicitly a conditional success rate for the hole-punching stage, given successful relay reservation and public-address discovery; this conditioning is intentional because DCUtR is invoked only after those steps succeed in the libp2p/IPFS stack. We do not claim the rate applies to an unconditional NAT population. In the revision we will expand the Measurement Methodology section with: (1) a precise description of the DHT-based peer sampling frame, (2) the logging format for all traversal attempts including prerequisite outcomes, and (3) explicit exclusion rules applied to the 4.4 M attempts. We will also add a short discussion of how the conditioning affects generalizability and note that the released dataset permits independent re-analysis of early-failure cases. revision: yes

  2. Referee: [Results (TCP/QUIC comparison)] The statistical claim of indistinguishability between TCP and QUIC (~70%) requires the exact test statistic, per-protocol sample sizes, and full confidence-interval calculations to be reproducible; without these, the challenge to long-held UDP assumptions rests on an incompletely documented comparison.

    Authors: We accept that the statistical documentation must be made fully reproducible. The indistinguishability conclusion rests on overlapping 95% confidence intervals and a two-proportion hypothesis test showing no significant difference at conventional thresholds. In the revised manuscript we will report: the exact test statistic and p-value, the per-protocol attempt counts (TCP vs. QUIC), and the complete formulas and intermediate values used to compute the confidence intervals. These additions will be placed in the Results section and the associated appendix so that the challenge to the UDP-superiority assumption can be verified directly from the text. revision: yes

Circularity Check

0 steps flagged

No circularity: purely observational measurement study

full rationale

The paper reports empirical statistics (conditional success rates, TCP/QUIC equivalence, first-attempt efficiency) computed directly from 4.4 million observed traversal attempts collected in the live IPFS network. No equations, fitted parameters, predictions, or derivations are present that could reduce to prior inputs or self-citations. The 70% ± 7.1% figure is a direct aggregate of logged outcomes conditioned on observed prerequisites; it is not obtained by any modeling step that re-uses the same data as both input and output. Self-citations, if any, are not load-bearing for any claimed result. This is a standard, non-circular measurement paper whose central claims rest on external network observations rather than internal construction.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

This is an empirical measurement study with no mathematical derivations, free parameters, axioms, or invented entities; all claims rest directly on observed network data.

pith-pipeline@v0.9.0 · 5589 in / 1188 out tokens · 45654 ms · 2026-05-10T14:29:27.015751+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

37 extracted references · 18 canonical work pages

  1. [1]

    Alvestrand

    Harald T. Alvestrand. 2021. Overview: Real-Time Protocols for Browser-Based Applications. RFC 8825. doi:10.17487/RFC8825

    work page doi:10.17487/rfc8825 2021

  2. [2]

    2020.How NAT traversal works

    David Anderson. 2020.How NAT traversal works. https://tailscale.com/blog/how- nat-traversal-works Accessed: 2025-05-18

    2020

  3. [3]

    Juan Benet. 2014. IPFS-content addressed, versioned, P2P file system. arXiv:1407.3561(2014)

    work page Pith review arXiv 2014

  4. [4]

    C Bommelaer de Leusse and Carl Gahnberg. 2019. The Global Internet Report: Consolidation in the Internet Economy.Internet Society(2019)

    2019

  5. [5]

    Mohamed Boucadair, Reinaldo Penno, and Dan Wing. 2013. Universal Plug and Play (UPnP) Internet Gateway Device - Port Control Protocol Interworking Function (IGD-PCP IWF). RFC 6970. doi:10.17487/RFC6970

    work page doi:10.17487/rfc6970 2013

  6. [6]

    Vitalik Buterin. 2013. Ethereum White Paper: A Next Generation Smart Contract & Decentralized Application Platform. (2013). https://github.com/ethereum/ wiki/wiki/White-Paper

    2013

  7. [7]

    Pouwelse, and Henk Sips

    Lucia D’Acunto, J.A. Pouwelse, and Henk Sips. 2009. A Measurement of NAT & Firewall Characteristics in Peer to Peer Systems.Proc. 15-th ASCI Conference 5031 (01 2009)

    2009

  8. [8]

    Trinh Viet Doan, Roland van Rijswijk-Deij, Oliver Hohlfeld, and Vaibhav Bajpai

  9. [9]

    Internet Technol.22, 3, Article 70 (Feb

    An Empirical View on Consolidation of the Web.ACM Trans. Internet Technol.22, 3, Article 70 (Feb. 2022), 30 pages. doi:10.1145/3503158

    work page doi:10.1145/3503158 2022

  10. [10]

    Kjeld Borch Egevang and Paul Francis. 1994. The IP Network Address Translator (NAT). RFC 1631. doi:10.17487/RFC1631

    work page doi:10.17487/rfc1631 1994

  11. [11]

    Bryan Ford, Saikat Guha, Kaushik Biswas, Senthil Sivakumar, and Pyda Srisuresh

  12. [12]

    RFC 5382

    NAT Behavioral Requirements for TCP. RFC 5382. doi:10.17487/RFC5382

    work page doi:10.17487/rfc5382

  13. [13]

    Bryan Ford, Dan Kegel, and Pyda Srisuresh. 2008. State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs). RFC 5128. doi:10. 17487/RFC5128

    2008

  14. [14]

    Bryan Ford, Pyda Srisuresh, and Dan Kegel. 2005. Peer-to-Peer Communication Across Network Address Translators. InUSENIX Annual Technical Conference, General Track

    2005

  15. [15]

    Saikat Guha and Paul Francis. 2005. Characterization and measurement of TCP traversal through NATs and firewalls. InProceedings of the 5th ACM SIGCOMM Conference on Internet Measurement(Berkeley, CA)(IMC ’05). USENIX Associa- tion, USA, 18

    2005

  16. [16]

    Gertjan Halkes and Johan Pouwelse. 2011. UDP NAT and firewall puncturing in the wild. InLecture Notes in Computer Science. Springer Berlin Heidelberg, Berlin, Heidelberg, 1–12

    2011

  17. [17]

    Matt Holdrege and Pyda Srisuresh. 1999. IP Network Address Translator (NAT) Terminology and Considerations. RFC 2663. doi:10.17487/RFC2663

    work page doi:10.17487/rfc2663 1999

  18. [18]

    2022.Introduction to and State of libp2p By Max Inden Paris P2P Festival #1

    Max Inden. 2022.Introduction to and State of libp2p By Max Inden Paris P2P Festival #1. Youtube. https://youtu.be/Sbd7odDFT1w?si=CcqK6wWeUENawMIh&t=129

    2022

  19. [19]

    Cullen Fluffy Jennings and Francois Audet. 2007. Network Address Translation (NAT) Behavioral Requirements for Unicast UDP. RFC 4787. doi:10.17487/ RFC4787

    2007

  20. [20]

    Dan Kegel. 1999. NAT and Peer-to-peer networking. http://www.kegel.com/peer- nat.html. Accessed: 2023-03-08

    1999

  21. [21]

    Simon Keller, Tobias Hoßfeld, and Sebastian von Mammen. 2022. Edge-Case Integration into Established NAT Traversal Techniques. In2022 IEEE Ninth International Conference on Communications and Electronics (ICCE). 75–80. doi:10.1109/ICCE55644.2022.9852092

    work page doi:10.1109/icce55644.2022.9852092 2022

  22. [22]

    Ari Keränen, Christer Holmberg, and Jonathan Rosenberg. 2018. Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal. RFC 8445. doi:10.17487/RFC8445

    work page doi:10.17487/rfc8445 2018

  23. [23]

    Jinyu Liang, Wei Xu, Taotao Wang, Qing Yang, and Shengli Zhang. 2024. Imple- menting NAT Hole Punching with QUIC. doi:10.48550/arXiv.2408.01791

    work page doi:10.48550/arxiv.2408.01791 2024

  24. [24]

    Derek MacDonald and Bruce Lowekamp. 2010. NAT Behavior Discovery Using Session Traversal Utilities for NAT (STUN). RFC 5780. doi:10.17487/RFC5780

    work page doi:10.17487/rfc5780 2010

  25. [25]

    Daniel Maier, Oliver Haase, Jürgen Wäsch, and Marcel Waldvogel. 2011. NAT hole punching revisited. InIEEE 36th Conference on Local Computer Networks, LCN 2011. 147–150. doi:10.1109/LCN.2011.6115173

    work page doi:10.1109/lcn.2011.6115173 2011

  26. [26]

    Daniel McIntosh. 2018. We need to talk about data: How digital monopolies arise and why they have power and influence.J. Tech. L. & Pol’y23 (2018), 185

    2018

  27. [27]

    Andreas Müller, Andreas Klenk, and Georg Carle. 2008. On the Applicability of Knowledge Based NAT-Traversal for Home Networks. InNETWORKING 2008 Ad Hoc and Sensor Networks, Wireless Networks, Next Generation Internet, Amitabha Das, Hung Keng Pung, Francis Bu Sung Lee, and Lawrence Wai Choong Wong (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 264–275

    2008

  28. [28]

    Marc Petit-Huguenin, Gonzalo Salgueiro, Jonathan Rosenberg, Dan Wing, Rohan Mahy, and Philip Matthews. 2020. Session Traversal Utilities for NAT (STUN). RFC 8489. doi:10.17487/RFC8489

    work page doi:10.17487/rfc8489 2020

  29. [29]

    Tirumaleswar Reddy.K, Alan Johnston, Philip Matthews, and Jonathan Rosenberg

  30. [30]

    RFC 8656

    Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN). RFC 8656. doi:10.17487/RFC8656

    work page doi:10.17487/rfc8656

  31. [31]

    Philipp Richter, Florian Wohlfart, Narseo Vallina-Rodriguez, Mark Allman, Randy Bush, Anja Feldmann, Christian Kreibich, Nicholas Weaver, and Vern Paxson

  32. [32]

    InPro- ceedings of the 2016 Internet Measurement Conference(Santa Monica, California, USA)(IMC ’16)

    A Multi-perspective Analysis of Carrier-Grade NAT Deployment. InPro- ceedings of the 2016 Internet Measurement Conference(Santa Monica, California, USA)(IMC ’16). Association for Computing Machinery, New York, NY, USA, 215–229. doi:10.1145/2987443.2987474

    work page doi:10.1145/2987443.2987474 2016

  33. [33]

    Jonathan Rosenberg. 2010. Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols. RFC 5245. doi:10.17487/RFC5245

    work page doi:10.17487/rfc5245 2010

  34. [34]

    Daryl Seah, Wai Kay Leong, Qingwei Yang, Ben Leong, and Ali Razeen. 2009. Peer NAT proxies for peer-to-peer games. InProceedings of the 8th Annual Workshop on Network and Systems Support for Games(Paris, France)(NetGames ’09). IEEE Press, Article 6, 6 pages

    2009

  35. [35]

    Marten Seemann, Max Inden, and Dimitris Vyzovitis. 2022. Decentralized Hole Punching. In2022 IEEE 42nd International Conference on Distributed Computing Systems Workshops (ICDCSW)(Bologna, Italy). IEEE

    2022

  36. [36]

    Dennis Trautwein, Aravindh Raman, Gareth Tyson, Ignacio Castro, Will Scott, Moritz Schubotz, Bela Gipp, and Yiannis Psaras. 2022. Design and Evalua- tion of IPFS: A Storage Layer for the Decentralized Web. InProceedings of the ACM SIGCOMM 2022 Conference(Amsterdam, Netherlands)(SIGCOMM ’22). Association for Computing Machinery, New York, NY, USA, 739–752....

    work page doi:10.1145/3544216.3544232 2022

  37. [37]

    Connection Events

    Stanislav Vojíř and Jan Kučera. 2022. Towards Re-Decentralized Future of the Web: Privacy, Security and Technology Development.Acta Informatica Pragensia 10 (01 2022), 349–369. doi:10.18267/j.aip.169 NAT Traversal Measurement Campaign IMC ’26, October 12–16, 2026, Karlsruhe, Germany A Appendix A.1 DCUtR Sequence Diagram Figure 10: DCUtR Protocol Sequence ...

    work page doi:10.18267/j.aip.169 2022