By ByteBot
Peer-to-peer networking has a dirty secret: you’re not actually connecting to a device. You’re connecting to a temporary number the internet assigned it. When that number changes — and it will — your connection breaks. Iroh 1.0, released today by n0, makes the case that IP addresses are the wrong abstraction entirely. The library reached stable after 4+ years and 65+ releases, and it’s already handling 200 million endpoint connections per month.
The Problem with IPs
IP addresses are assigned to you, not owned by you. DHCP leases expire. VPNs reroute traffic. Corporate proxies intercept connections. NAT devices mangle packets. Every time your device moves to a new network, its identity changes — and anything pointing to the old address breaks.
Iroh’s answer is to replace IP addresses with cryptographic keypairs. Your device generates a keypair at startup. That public key becomes its stable identifier. You dial the key; Iroh figures out how to reach the device. The IP address becomes an implementation detail you never have to think about.
This isn’t just a conceptual shift. In practice, it means connections survive network changes, work through firewalls and NAT without extra configuration, and carry built-in authentication — you can’t be talking to anyone other than the key you dialed.
How Iroh Gets You There
Under the hood, Iroh runs QUIC over UDP with TLS 1.3. When you connect to a peer, it first attempts a direct connection using hole punching. According to production data, this succeeds roughly 95% of the time — significantly better than libp2p’s ~70% success rate under similar conditions.
When direct connections fail, Iroh falls back to relay servers (called DERP nodes — Designated Relay for Encrypted Packets). These relays don’t break the security model: traffic stays end-to-end encrypted and relay servers see only node identifiers, not content. If you need to avoid relay IP disclosure to peers, you can route through Tor — Iroh’s transport layer is pluggable.
The library also supports non-IP transports entirely: Bluetooth Low Energy for local device discovery, LoRa for long-range radio networks, and local network discovery for offline-first applications. The abstraction holds regardless of the physical layer beneath.
What 1.0 Actually Means
Stable doesn’t just mean “no more breaking API changes.” It means wire protocol stability: a Python client at v1.0 can talk to a Rust server at v1.1 without negotiation issues. Official language support now includes Rust, Python, Node.js, Swift, and Kotlin — with FFI bindings covering the gaps.
The production numbers back the stability claim. Iroh has been running in production on hundreds of thousands of devices well before hitting 1.0. PrimeIntellect uses Iroh for asynchronous P2P communication in decentralized AI pipeline parallelism — training large models across geographically distributed compute without a central coordinator. Nous Research uses it to manage gradient sharing across AWS, GCP, Azure, and self-hosted nodes simultaneously.
Composable, Not Monolithic
Iroh ships with three production-ready protocols you can mix and match:
- iroh-blobs: Content-addressed blob transfer. Think git’s object store, but for arbitrary data across a P2P network.
- iroh-gossip: Publish-subscribe overlay network built on HyParView and Plumtree algorithms, specifically tuned for mobile devices with high network churn.
- iroh-docs: Eventually consistent key-value storage with a built-in sync protocol — useful for shared state across peers without a central database.
You don’t have to use any of them. The router API lets you register your own ALPN-keyed handlers and run entirely custom protocols over the same Iroh endpoint. n0’s philosophy is deliberate: “no one wants the nginx team to ship postgres.” Iroh does the transport layer exceptionally well and lets you choose what runs on top.
When to Reach for Iroh
If you’re building something that needs direct device-to-device connections — distributed AI training, real-time multiplayer, IoT sensor networks, file sync, secure messaging — Iroh is worth serious evaluation. Its 95% direct connection success rate and built-in encryption make it easier to justify than the alternatives. The LambdaClass technical deep-dive provides an honest comparison with libp2p if you want a second opinion before committing.
Two limitations worth knowing upfront: IP addresses are still visible to direct peers and to relay servers (a VPN integration can address this), and the observability tooling is still maturing. Neither is a blocker for most use cases, but they matter if you’re building in adversarial environments or need production-grade metrics out of the box.
The GitHub repository has 8,800 stars and clean getting-started examples in all supported languages. For a 1.0, that’s a healthy foundation. The networking layer your distributed application deserves probably shouldn’t be an afterthought built on IPs — and now there’s a stable library that treats it as a first-class problem.
