Skip to content

feat(proto): Server sends NAT traversal probes with active CID#575

Merged
flub merged 2 commits intomainfrom
flub/server-nat-active-cid
Apr 9, 2026
Merged

feat(proto): Server sends NAT traversal probes with active CID#575
flub merged 2 commits intomainfrom
flub/server-nat-active-cid

Conversation

@flub
Copy link
Copy Markdown
Collaborator

@flub flub commented Apr 9, 2026
edited
Loading

Description

This changes the server-side of the NAT traversal to always send path
challenges using the active CID. This means it does not skip probes
when there are no more CIDs (currently still limited to 5).

It does means the paths are linkable, and this is a violation of a
MUST in RFC9000. But this is the direction we want to take right now.

Breaking Changes

Paths are now linkable.

Notes & open questions

This is on the path towards #567.

Closes #574.

An attempt to replace #571 with something much simpler and without
design problems. If combined with increasing MAX_MULTIPATH_PATHS on
the iroh side I expect it to be similarly effective.

@flub
feat(proto): Server sends NAT traversal probes with active CID
9972eb3 
This changes the server-side of the NAT traversal to always send path
challenges using the active CID. This means it does not skip probes
when there are no more CIDs (currently still limited to 5).

It does means the paths are linkable, and this is a violation of a
MUST in RFC9000. But this is the direction we want to take right now.
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 9, 2026
edited
Loading

Documentation for this PR has been generated and is available at: https://n0-computer.github.io/noq/pr/575/docs/noq/

Last updated: 2026-04-09T14:14:28Z

flub
flub commented Apr 9, 2026
View reviewed changes
Comment thread noq-proto/src/cid_queue.rs
}

/// Returns the number of unused CIDs (neither active nor reserved).
#[allow(unused)]
Copy link
Copy Markdown
Collaborator Author

@flub flub Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure how sacred this code is. Happy to also delete it but I know a lot of work went into the CidQueue and we are still likely to want to use this at some point.

flub
flub commented Apr 9, 2026
View reviewed changes
Comment thread noq-proto/src/connection/mod.rs Outdated
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 9, 2026
edited
Loading

Performance Comparison Report

9972eb3cb6336a1bd9e9d8b8908d0e53af2283aa - artifacts

Raw Benchmarks (localhost)

Scenario noq upstream Delta CPU (avg/max)
large-single 5484.3 Mbps 8313.0 Mbps -34.0% 96.9% / 157.0%
medium-concurrent 5362.5 Mbps 7545.2 Mbps -28.9% 96.2% / 158.0%
medium-single 3827.7 Mbps 4189.8 Mbps -8.6% 89.4% / 96.9%
small-concurrent 3794.6 Mbps 4884.6 Mbps -22.3% 95.7% / 107.0%
small-single 3365.5 Mbps 4491.0 Mbps -25.1% 96.4% / 162.0%

Netsim Benchmarks (network simulation)

Condition noq upstream Delta
ideal 3100.7 Mbps 3435.9 Mbps -9.8%
lan 782.5 Mbps 796.5 Mbps -1.8%
lossy 69.8 Mbps 55.9 Mbps +25.0%
wan 83.8 Mbps 83.8 Mbps ~0%

Summary

noq is 23.4% slower on average

---
3583125de5e2b90d8c2fc94496d09314df0a470f - artifacts

Raw Benchmarks (localhost)

Scenario noq upstream Delta CPU (avg/max)
large-single 5387.3 Mbps 7969.5 Mbps -32.4% 88.9% / 96.0%
medium-concurrent 5346.5 Mbps 8050.9 Mbps -33.6% 91.0% / 96.8%
medium-single 4084.0 Mbps 4749.2 Mbps -14.0% 85.7% / 95.5%
small-concurrent 3800.8 Mbps 5302.3 Mbps -28.3% 92.6% / 100.0%
small-single 3366.3 Mbps 4783.1 Mbps -29.6% 88.8% / 97.1%

Netsim Benchmarks (network simulation)

Condition noq upstream Delta
ideal 3058.4 Mbps 4008.7 Mbps -23.7%
lan 782.5 Mbps 810.4 Mbps -3.4%
lossy 69.8 Mbps 55.9 Mbps +25.0%
wan 83.8 Mbps 83.8 Mbps ~0%

Summary

noq is 27.5% slower on average

@n0bot n0bot bot added this to iroh Apr 9, 2026
@github-project-automation github-project-automation bot moved this to 🚑 Needs Triage in iroh Apr 9, 2026
matheus23
matheus23 approved these changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@matheus23 matheus23 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can confirm this improves holepunching equally well (compared to #571) for cases with lots of interfaces.

Comment thread noq-proto/src/connection/mod.rs Outdated
@flub
This can happen normally
3583125 
There is no check in front of the call chain that makes sure that CIDs
are present. They could be missing e.g. if the path is abandoned.
@flub flub enabled auto-merge April 9, 2026 14:13
@flub flub added this pull request to the merge queue Apr 9, 2026
Merged via the queue into main with commit 47f61ed Apr 9, 2026
36 checks passed
@flub flub deleted the flub/server-nat-active-cid branch April 9, 2026 14:26
@github-project-automation github-project-automation bot moved this from 🚑 Needs Triage to ✅ Done in iroh Apr 9, 2026
This was referenced Apr 13, 2026
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matheus23 matheus23 matheus23 approved these changes

@dignifiedquire dignifiedquire Awaiting requested review from dignifiedquire

@divagant-martian divagant-martian Awaiting requested review from divagant-martian

Assignees

No one assigned

Labels

None yet

Projects

iroh
Status: ✅ Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Server should send nat probes using the active CID

2 participants

@flub @matheus23