Owner: @Antonio @Andrus Salumets

Reviewers: 🟢@Álvaro Castro-Castilla 🟢@Daniel Sanchez Quiros 🟢@Petar Radovic 🟢@Gusto Bacvinka 🟢@Youngjoon Lee

Introduction

Network Address Translation (NAT) is a critical challenge that Nomos participants must address to the largest extent possible. Nomos is designed to operate on modern laptops for a significant subset of users, many of whom may lack the technical expertise to troubleshoot NAT-related issues. Therefore, Nomos aims to resolve these challenges automatically.

The Nomos NAT traversal strategy is the process by which a node:

Determines its NAT status, i.e., whether it is publicly reachable (via a public IP address or valid port mapping on a router), or hidden behind a NAT/firewall without a valid port mapping.
Must be able to both establish outbound connections and accept inbound connections from other nodes regardless of their NAT status.

In this document, Public denotes a publicly reachable node, as described above. A node that does not have those properties is considered Private. Dialing refers to the process of establishing an outbound connection using the libp2p stack, where the dialing peer is the initiator of the connection.

This document defines a phased strategy for enabling and maintaining public reachability in libp2p nodes. By combining AutoNAT, dynamic port mapping, and continuous verification, the protocol aims to maximize the likelihood that a node can be contacted from the public Internet - even in the presence of different types of NATs and firewalls.

Overview

Key design principles

Optional Configuration

The NAT traversal strategy must work out-of-the-box whenever possible. On one hand, users who do not want to engage in any configuration should not be required to do more than install the node software package. On the other hand, users that want to be in full control of the node must be able to configure every aspect of the strategy.

Decentralized

Leverage the existing Nomos P2P network for coordination rather than relying on centralized third-party services.

Progressive Fallback

Begin with lightweight checks, escalating through more complex and resource-hungry protocols. A failure at any step moves the protocol to the next stage in the strategy.

Changing Network Environment

It is assumed that unless explicitly specified (which is the case for non-consumer grade hardware and specialized node operators with statically configured addresses), each node’s private or public status is prone to change (i.e., a once publicly-reachable node can become unreachable and vice versa).