Introduction
Iroh is a Rust library from n0 (Number Zero) for building peer-to-peer applications. It handles NAT traversal, connection establishment, and reliable data transfer over QUIC, letting developers focus on application logic instead of networking plumbing.
What Iroh Does
- Establishes direct peer-to-peer connections with automatic NAT hole-punching
- Transfers data reliably over the QUIC protocol with built-in encryption
- Provides content-addressed blob storage and synchronization between peers
- Discovers peers via configurable discovery mechanisms including DNS and DHT
- Runs on desktop, server, mobile, and WebAssembly targets
Architecture Overview
Iroh is built on top of the quinn QUIC implementation and uses Ed25519 key pairs as node identities. The endpoint layer handles connection establishment and NAT traversal using STUN, relay servers for fallback, and direct hole punching. Above the transport sits a blob layer that syncs content-addressed data using BLAKE3 hashes and a range-based transfer protocol for efficient partial downloads.
Self-Hosting & Configuration
- Add iroh as a Cargo dependency to any Rust project
- Build an Endpoint with the builder pattern, choosing discovery and relay options
- Generate or load a persistent SecretKey for stable node identity across restarts
- Configure custom relay servers or use the default n0 relay infrastructure
- Use the iroh CLI tool for testing connectivity and blob transfers during development
Key Features
- Automatic NAT traversal with hole punching and relay fallback
- QUIC-based transport with built-in TLS 1.3 encryption using node keys
- Content-addressed blob sync with BLAKE3 hashing and verified streaming
- Cross-platform support including Linux, macOS, Windows, iOS, Android, and WASM
- Composable protocol system for layering custom application protocols
Comparison with Similar Tools
- libp2p — larger modular networking stack with many transports; more complex setup and Rust API surface
- ZeroTier — creates virtual L2 networks; operates at a lower level than application-layer P2P
- WireGuard — VPN tunnel protocol; not designed for application-level peer discovery or data sync
- WebRTC (via webrtc-rs) — browser-oriented real-time communication; heavier and more complex for pure data transfer
FAQ
Q: Does Iroh work without a central server? A: Yes, once peers discover each other they connect directly. Relay servers are optional fallback for restrictive NATs.
Q: Can I use Iroh from languages other than Rust? A: FFI bindings and a Python SDK are available, and the WASM target enables browser use.
Q: How does Iroh handle peer discovery? A: Through pluggable discovery services including DNS-based discovery and a distributed hash table.
Q: Is Iroh production-ready? A: Iroh is under active development with breaking API changes possible. Several production applications already use it.