Iroh: IP Addresses Are the Wrong Abstraction

github.com/n0-computer/iroh | License: Apache-2.0

A phone switches from Wi-Fi to LTE, a laptop wakes from sleep, a home router quietly changes its public IP, and suddenly “real-time” software turns into reconnect theater. That fragility has been accepted for years because networking still assumes machines live at stable addresses. Iroh starts from a sharper premise: devices should be contacted by cryptographic identity, not by whatever number the network assigned five seconds ago. That sounds subtle. Honestly, it is not subtle. It changes what kinds of apps can feel dependable.

The Drop: Networking Built for Devices That Move

Plenty of products promise seamless sync, multiplayer, or direct device-to-device transfer, then quietly route everything through centralized infrastructure because the open internet is messy. NATs block inbound traffic. Mobile devices hop networks. Firewalls break assumptions. Public IPs disappear. Even when a direct path should exist, finding and maintaining it becomes a small research project.

Dial By Public Key is Iroh’s answer to that pain. Instead of asking an app developer to track addresses, retries, relay fallback, and connection upgrades, Iroh lets a device be identified by its public key and handles the ugly part underneath. That matters because the real frustration was never just “peer-to-peer is hard.” The deeper issue is that internet addressing was built around locations, while modern apps care about entities. A person’s phone is still the same phone when the network changes. A camera streaming from a moving car is still the same camera when it crosses carriers.

Centralized services have papered over this mismatch for years, often at huge infra cost and with worse privacy. Iroh exists because too many modern products want local-first behavior, direct transport, and resilient realtime links, but the internet still behaves like every device should sit still.

The Stack: Rust, QUIC, and Relay Pragmatism

Under the hood, Iroh is a Rust networking stack built on QUIC, with authenticated encrypted connections, multiplexed streams, and datagram support baked in. Around that core, the project includes hole-punching, relay infrastructure, and address lookup via DNS and pkarr, plus companion protocols for blobs, gossip, and synced docs.

The Sauce: Identity-Native Connectivity

Here’s where Iroh gets genuinely interesting: the architecture treats connectivity as a continuously managed relationship between identities, not a one-time socket setup between addresses. EndpointId is the anchor, a public-key-based identifier for a device, and the system keeps resolving how to reach that identity through whichever path currently makes sense.

That sounds clean in theory, but the cleverness is in how many layers are composed around that idea. Iroh first tries to establish a direct route, because latency and bandwidth are way better when packets do not bounce through a third party. To make that work across hostile consumer networks, it performs hole-punching and keeps measuring path quality. If direct transport fails, RelayMap provides fallback through public or self-run relays, which means the connection model degrades gracefully instead of just breaking. The app still talks to the same identity.

Then there’s Address Lookup, which is more important than it first appears. Rather than hardwiring a single discovery system, Iroh treats lookup as a modular layer. DNS-based resolution, pkarr relays, in-memory hints, and other discovery methods can coexist. That design is smart because discovery standards never settle cleanly. Different apps need different trust, latency, and reachability tradeoffs. Iroh does not force one registry to win.

Honestly, the interesting part is not that Iroh enables peer-to-peer. Plenty of projects do that. The interesting part is that Iroh packages identity, discovery, path optimization, direct transport, and relay fallback into one networking primitive. That starts to feel less like a library and more like an alternate internet SDK.

The Move: Build Products That Survive Bad Networks

Start with any product where connection quality shapes the user experience more than the UI does. File transfer between devices is the obvious one, but the stronger use cases are collaborative editors, edge AI apps syncing local state, multiplayer experiences, remote cameras, sensor fleets, and internal tools that need low-latency links without a giant backend footprint.

A team could use Iroh to ship local-first sync that keeps working when users move between networks, instead of forcing every update through a central broker. Another angle is cost. If heavy data paths, e.g. media transfer or device backup, can go direct and use relays only when needed, infra margins get materially better. That is not just elegance, that is unit economics.

Founders should also notice the control point here. Running Iroh’s relay and lookup pieces gives a company policy and observability without owning every byte of application traffic. That creates a middle ground between fully centralized SaaS and brittle pure peer-to-peer idealism. For products where privacy, resilience, or bandwidth spend matters, Iroh offers a strategic advantage: identity-based networking that can be branded as reliability, not sold as protocol theory.

The Aura: Devices Become First-Class Citizens

People already expect files, chats, and sessions to follow them across screens. The next expectation is subtler: devices themselves should feel reachable, persistent, and trustworthy without asking a cloud service for permission every time. A laptop, drone, camera, or local AI box starts acting less like a temporary node and more like a durable participant on the network.

That behavioral shift matters. When connectivity follows identity, users stop caring where computation lives. Local becomes viable again. Personal infrastructure gets less nerdy and more usable. The cloud does not disappear, but its role looks more optional, which is exactly why projects like Iroh feel bigger than a transport library.

The Play: Infra Category, but Narrowly Wedgeable

From a VC lens, Iroh looks like a 0-to-1 infrastructure primitive with a wedge into several existing markets: developer networking, edge sync, IoT connectivity, and local-first collaboration. TAM is broad because every app with realtime state, heavy transfer, or device orchestration feels this pain, but PMF will show up first in products where latency, bandwidth cost, and privacy directly hit retention. The moat is not raw code, because protocols get copied, it is execution around reliability, relay footprint, ecosystem adoption, and becoming the default identity-native transport layer before incumbents make this easy.

Winners:

• Hardfin: Lower-friction device connectivity strengthens remote equipment monitoring economics, and better direct links compound into higher LTV through more reliable industrial data flows.

• Tailscale: Identity-first networking becoming normal expands buyer education, and Tailscale can absorb the pattern into a broader zero-config connectivity platform with enterprise distribution.

• Cloudflare: More apps needing relay, routing, and edge-assisted transport increases demand for globally distributed network services that monetize reliability at scale.

Losers:

• LiveKit Cloud: Centralized realtime transport gets margin pressure when direct paths handle more traffic, and adapting is hard if the hosted network becomes less necessary for default cases.

• Pusher: Broker-centric messaging looks heavier when developers can get resilient direct connectivity with fallback, which erodes differentiation in the middle of the market.

• Twilio: Usage-based transport revenue faces long-term compression if identity-native networking pushes more data off centralized pipes and into cheaper direct channels.

tl;dr

Iroh turns device networking into “connect to this identity” instead of “hope this IP still works.” The clever part is the layered design: direct QUIC when possible, relay fallback when needed, modular discovery throughout. Worth a close look for anyone building local-first apps, device fleets, sync products, or bandwidth-heavy realtime software.

Stars: 10,609 | Language: Rust