Sebastian Schkudlara
Building a peer-to-peer network for AI agents sounds deceptively simple. “Just let them talk to each other!”
Then you meet the real world.
In the real world, NAT (Network Address Translation) is lurking around every corner. Firewalls hate you. Home routers block everything. And “it works on my machine” quickly turns into “it works only on my machine.”
Over the past few weeks, we took Traylinx Stargate—our P2P layer for agents—and dragged it from “experimental prototype” to “production-ready infrastructure.”
We had to solve NAT traversal, automatic failover, and observability without making the user configure a single IP address. Here is the war story.
The Problem: NAT is the Internet’s Bouncer
Our vision was simple: agents should discover and message each other directly. No central servers, no middlemen.
But realized quickly that the modern internet is hostile to direct connections.
- Home Networks: Your ISP provides one IP, your router splits it. Incoming connections? Blocked.
- Corporate Offices: Symmetric NAT scrambles ports. Direct connection? Impossible.
- Cloud (AWS/GCP): Security groups and VPCs add another layer of “nope.”
We had a NATS relay fallback, but it was a crutch. We needed a real, standards-based solution.
Enter Circuit Relay v2.
The Fix: Circuit Relay v2 (The Libp2p Way)
We adopted Circuit Relay v2 from the libp2p stack (the same tech powering IPFS).
The concept is elegant:
- Relay Nodes sit on public, static IPs.
- Agents behind strict NATs keep an open connection to a Relay.
- When Agent A wants to talk to Agent B, the Relay bridges the traffic.
- Crucially: The agents don’t know the difference. To the application layer, it looks like a direct connection.
But “adopting the standard” is just step one. Making it work in production was the hard part.
1. Automatic NAT Detection (No Config Required)
We built a startup routine that probes the network.
- Public IP? Great, use direct connections.
- Restricted but punchable? Attempt hole-punching.
- Symmetric/Strict? Automatically fallback to a Relay.
The user does nothing. It just happens.
2. Connection Pooling (Stop Opening Sockets)
Initially, we opened a new connection for every request. This was… unwise. Latency spiked, and system resources vanished.
We implemented a Connection Pool:
- Reuses existing connections.
- Caps at 100 connections by default.
- Evicts idle peers after a timeout.
Result: 10x reduction in overhead for chatty agents.
3. If It Breaks, Fix It (Auto-Failover)
Relays go down. Networks flap. We added a health monitor that checks Relay status every 30 seconds.
- Primary Relay down? Switch to Backup.
- All Relays down? Fallback to the NATS transport (our “break glass in case of emergency” layer).
In testing, this gave us 95.5% reliability even when we intentionally killed relay nodes during active transfers.
4. Visibility (Because We Were Flying Blind)
You can’t fix what you can’t see. We instrumented everything.
- Success Rates: How often does NAT traversal fail?
- Relay Load: Who is hogging the bandwidth?
- Latency: Is the relay adding 50ms or 500ms?
Now, node.get_metrics() tells us the whole story.
The Stack: 24 Tasks later
We didn’t just hack this in. We treated it as a formal hardening sprint.
- Validation: Proving the old way was broken.
- Integration: Implementing the Circuit Relay v2 spec.
- Reliability: The failover logic.
- Observability: The Prometheus metrics.
We ended up with 193 tests covering everything from “happy path” direct connections to multi-hop relay chains. Pass rate: 95.5%. (The last 4.5% are flaky external library issues we’re upstreaming fixes for).
What This Means For You
If you’re writing code with Traylinx, here is what you get:
1. It Just Works.
node = StarGateNode(display_name="my-agent")
await node.start()
# You didn't configure a relay. You didn't open a port.
# But you can now receive messages from anywhere.
2. Robustness. If the network hiccups, your agent retries. If the relay dies, your agent switches. You don’t write this logic; we did.
3. Enterprise Ready. Need your own private network?
traylinx stargate relay start --port 4001
Spin up your own relays and keep traffic entirely within your VPC.
Architecture: The Priority Cascade
We use a “waterfall” approach to connecting:
- Establish Direct P2P (Fastest, ~10ms).
- Use Circuit Relay v2 (Reliable, ~60ms).
- Fallback to NATS (Guaranteed, ~150ms).
The system always hunts for the highest-performance tier available.
Lessons from the Trenches
Test NAT scenarios early. Testing on localhost is a lie. Testing on a LAN is a lie. You have to test across real networks to see the pain.
Metrics aren’t optional. We wasted days debugging connection drops blindly. Once we added metrics, the problem was obvious in minutes.
Pooling is mandatory. Creating connections is expensive. Reuse them.
Putting It To Work
This wasn’t just an academic exercise. This infrastructure enables the Agent Internet—a world where agents collaborate across boundaries.
- Distributed teams.
- Edge agents.
- Private fleets.
It’s all possible now, and it’s robust enough to rely on.
Traylinx Stargate v0.4.0 is out now.
pip install traylinx-stargate
Building P2P networks is hard. We did the hard work so you don’t have to.
Resources:
Building the Skills Infrastructure: How We Made Agent Capabilities Truly Portable