Skip to main content
Relays are servers that temporarily route encrypted traffic until a direct, P2P connection is feasible. Once this direct path is set up, the relay server steps back, and the data flows directly between devices. This approach allows Iroh to maintain a secure, low-latency connection, even in challenging network situations. There are situations where a direct connection can’t be established, and in those cases traffic falls back to running through the relay. Relay servers do not have access to the data being transmitted, as it’s encrypted end-to-end. We’re working on formally collecting the direct connection rate from production iroh networks. Anecdotal evidence points to roughly 9 out of 10 networking conditions we see in practice allowing a direct connection to be established. Our holepunching implementation is deterministic - if it works between two devices once, it should continue to work as long as their networking setup remains stable.

Public relays

iroh is configured with a set of public relays provided by The n0 team that are free to use. The public relays rate-limit traffic that flows through the relay. This is to prevent abuse, and ensure the relays are available to everyone. There are no guarantees around uptime or performance when using the public relays. We recommend using the public relays for development and testing, as they are free to use and require no setup. However, for production systems, we recommend using dedicated relays instead.

Dedicated relays

For production use, we recommend using dedicated relays. Dedicated relays are relay servers that are either self-hosted or provided as a managed service. Dedicated relays provide better performance, security, and uptime guarantees compared to the public relays. Relay code is open source! You can run your own relay server, or pick a hosting provider.

Why this architecture is powerful

This approach makes uptime management significantly easier compared to traditional client-server architectures: Stateless servers, stateful clients
Unlike traditional servers that store your application’s data and state, relay servers are just connection facilitators. All your business logic and data lives in your clients. This means:
  • No database synchronization - You don’t need to worry about keeping multiple server databases in sync or handling data replication
  • No state migration - When a relay goes down, clients simply reconnect to another relay without any data loss or state transfer
  • Simple server management - Relay servers are lightweight and easy to spin up or down. No complex deployment procedures or data migration steps
Automatic failover
iroh clients automatically try multiple relays when connecting. If one relay is unavailable, clients seamlessly fall back to another relay in your list without application-level retry logic. Your peers will find each other as long as at least one relay is reachable. Multi-cloud resilience
For even better guarantees, you can distribute relays across multiple cloud providers. If one provider experiences an outage, your application keeps running on relays hosted elsewhere. Since relays don’t store state, you can freely mix providers without worrying about cross-cloud data consistency. Cost-effective scaling
Adding capacity means spinning up more lightweight relay instances, not provisioning databases or managing complex stateful server infrastructure. You can easily scale up for peak usage and scale down during quiet periods. This architecture inverts the traditional model: instead of treating servers as precious stateful resources and clients as disposable, relay-based architectures treat relays as disposable connection facilitators while clients own the application state and logic.

Connection Changes

During the lifespan of a connection, networking conditions can change, for example when a user switched from 5G to WiFi, plugs in an ethernet cable, or a sysadmin modifies router configurations. The connection may change from direct to relayed, or even a mixed combination of the two. Iroh will automatically switch between direct and relayed connections as needed, without any action required from the application.

Read more