Luis/clan-master-thesis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Luis:6f4f0af8b0ea5a6d7b0d6c21c1e9526db8558584
Branches Tags
Luis:main
...
compare: Luis:ae3d6b2749db4d4afc90d401d81984e8096f3a38
Branches Tags
Luis:main

3 Commits
6f4f0af8b0 ... ae3d6b2749

Author SHA1 Message Date
Qubasa
ae3d6b2749 really good motivation section 2026-02-11 22:27:05 +01:00
Qubasa
9bba7cdfd2 really good motivation section 2026-02-11 22:26:58 +01:00
Qubasa
230dfef15d before claude motivation rewrite 2026-02-11 22:16:18 +01:00
3 changed files with 456 additions and 141 deletions
Expand all files Collapse all files

182
Chapters/Motivation.tex
View File

@@ -2,46 +2,23 @@
\label{Motivation}
This thesis emerged from two interconnected research directions.
The initial focus was the Clan deployment framework,
which leverages Nix and NixOS to eliminate
entire classes of errors prevalent in contemporary infrastructure deployment.
By doing so, Clan reduces operational overhead to a degree
where a single administrator can reliably self-host
complex distributed services at scale.
Peer-to-peer architectures promise censorship-resistant, fault-tolerant
infrastructure by eliminating single points of failure \cite{shukla_towards_2021}.
These architectures underpin a growing range of systems---from IoT edge computing
and content delivery networks to blockchain platforms like Ethereum.
Yet realizing these benefits requires distributing nodes across
genuinely diverse hosting entities.
During the development of the Clan framework,
which depends heavily on overlay VPNs for secure peer connectivity,
a recurring challenge became apparent:
practitioners held divergent preferences for mesh VPN solutions,
each citing different edge cases where their chosen VPN
proved unreliable or lacked essential features.
These discussions, however, were largely grounded in anecdotal evidence
rather than systematic evaluation.
This observation revealed a clear need for
rigorous, evidence-based comparison of Peer-to-Peer overlay VPN implementations.
This chapter introduces the Clan project, articulates its fundamental
objectives, outlines the key components, and examines the driving
factors motivating its development.
Peer-to-peer (P2P) technologies and decentralization have undergone
significant growth and evolution in recent years. These technologies
form the backbone of various systems, including P2P Edge
Computing—particularly in the context of the Internet of Things
(IoT)—Content Delivery Networks (CDNs), and Blockchain platforms such
as Ethereum. P2P architectures enable more democratic,
censorship-resistant, and fault-tolerant systems by reducing reliance
on single points of failure \cite{shukla_towards_2021}.
However, to fully realize these benefits, a P2P system must deploy
its nodes across a diverse set of entities. Greater diversity in
hosting increases the networks resilience to censorship and systemic failures.
Despite this, recent trends in Ethereum node hosting reveal a
significant reliance on centralized cloud providers. Notably, Amazon,
Hetzner, and OVH collectively host 70\% of all Ethereum nodes, as
illustrated in Figure \ref{fig:ethernodes_hosting}.
In practice, this diversity remains illusory.
Amazon, Hetzner, and OVH collectively host 70\% of all Ethereum nodes
(see Figure~\ref{fig:ethernodes_hosting}),
concentrating nominally decentralized infrastructure
within a handful of cloud providers.
More concerning, these providers operate under overlapping regulatory jurisdictions,
predominantly the United States and the European Union.
This concentration undermines technical sovereignty:
a single governmental action could compel service termination,
data disclosure, or traffic manipulation across a majority of the network.
\begin{figure}[H]
\centering
@@ -51,75 +28,78 @@ illustrated in Figure \ref{fig:ethernodes_hosting}.
\label{fig:ethernodes_hosting}
\end{figure}
The centralized nature of these providers and their domicile within the
same regulatory jurisdiction—the United States—introduces vulnerability.
Such a configuration allows for possible governmental intervention,
which could lead to network shutdowns or manipulation by leveraging
control over these cloud services.
Why does this centralization persist despite the explicit goals of decentralization?
The answer lies in the practical barriers to self-hosting.
Cloud providers offer static IP addresses and publicly routable endpoints,
eliminating the networking complexity that plagues residential and
small-office deployments.
Most internet-connected devices sit behind Network Address Translation (NAT),
which prevents incoming connections without explicit port forwarding
or relay infrastructure.
Combined with dynamic IP assignments from ISPs, maintaining stable peer connectivity
from self-hosted infrastructure traditionally required significant technical expertise.
The reliance on cloud-based solutions is largely attributed to their
ease of use and reliability, as self-hosting introduces several
technical and operational challenges, which include:
Overlay VPNs offer a solution to this fundamental barrier.
By establishing encrypted tunnels that traverse NAT boundaries,
mesh VPNs enable direct peer-to-peer connectivity without requiring
static IP addresses or manual firewall configuration.
Each node receives a stable virtual address within the overlay network,
regardless of its underlying network topology.
This capability is transformative:
it allows a device behind consumer-grade NAT to participate
as a first-class peer in a distributed system,
removing the primary technical advantage that cloud providers hold.
\begin{itemize}
\item \textbf{NAT Traversal:} Establishing direct connections
between peers located behind Network Address Translation (NAT)
devices is complex and often requires workarounds such as port
forwarding or relay servers.
The Clan deployment framework builds on this foundation.
Clan leverages Nix and NixOS to eliminate entire classes of
configuration errors prevalent in contemporary infrastructure deployment,
reducing operational overhead to a degree where a single administrator
can reliably self-host complex distributed services.
Overlay VPNs are central to Clan's architecture,
providing the secure peer connectivity that enables nodes
to form cohesive networks regardless of their physical location or NAT situation.
As illustrated in Figure~\ref{fig:vision-stages}, Clan envisions
a web interface that enables users to design and deploy private P2P networks
with minimal configuration, assisted by an integrated LLM
for contextual guidance and troubleshooting.
\item \textbf{Dynamic IP Addresses:} Peers often have non-static
(dynamic) IP addresses assigned by Internet Service Providers
(ISPs), which makes maintaining stable connections difficult
without additional solutions like Dynamic DNS services.
During the development of Clan, a recurring challenge became apparent:
practitioners held divergent preferences for mesh VPN solutions,
each citing different edge cases where their chosen VPN
proved unreliable or lacked essential features.
These discussions were largely grounded in anecdotal evidence
rather than systematic evaluation.
This observation revealed a clear need for rigorous,
evidence-based comparison of peer-to-peer overlay VPN implementations.
\item \textbf{Data Reliability:} Ensuring data durability and
preventing loss due to hardware failures, system crashes, or
insufficient backup mechanisms can be a challenge for individual
users managing their own infrastructure.
Existing research on this topic remains sparse.
One notable work from 2024, ``Full-mesh VPN performance evaluation
for a secure edge-cloud continuum'' \cite{kjorveziroski_full-mesh_2024},
benchmarks a subset of overlay VPNs but focuses primarily
on solutions with a central point of failure.
In contrast, this thesis evaluates more widely adopted mesh VPNs
with an emphasis on fully decentralized architectures.
Furthermore, that study relied exclusively on iperf3 for performance measurement,
whereas our benchmark suite includes real-world workloads
to better reflect practical usage patterns.
\item \textbf{Security Concerns:} Self-hosted systems must be
protected from malicious actors, including securing data in
transit, authenticating connections, and mitigating attacks such
as Distributed Denial of Service (DDoS).
A further motivation was to create a fully automated benchmarking framework
capable of generating a public leaderboard,
similar in spirit to the js-framework-benchmark
(see Figure~\ref{fig:js-framework-benchmark}).
By providing an accessible web interface with regularly updated results,
we hope to encourage P2P VPN developers to optimize their implementations
in pursuit of top rankings.
\item \textbf{Maintenance Overhead:} Regular updates, hardware
repairs, and troubleshooting require time and effort, which may
discourage users unfamiliar with system administration.
\begin{figure}[H]
\centering
\includegraphics[width=1\textwidth]{Figures/krause-js-framework.png}
\caption{js-framework-benchmark results for Chrome 144.0
\cite{krause_krausestjs-framework-benchmark_2026}}
\label{fig:js-framework-benchmark}
\end{figure}
\item \textbf{Steep Learning Curve:} Non-technical users face a
high entry barrier, as hosting and configuring their own P2P
nodes often involve understanding complex networking and software
setup processes.
\item \textbf{High Network Churn:} In dynamic P2P environments
where peers frequently join and leave, ensuring consistent
availability of services and maintaining network stability
present additional challenges.
\item \textbf{Uptime and Availability:} Keeping self-hosted systems
online and operational 24/7 can be difficult, especially in
situations of power outages, hardware failures, or limited
internet connectivity.
\end{itemize}
Recognizing this gap, the Clan project aims to address these
challenges by simplifying the process of self-hosting, making it as
straightforward, accessible, and reliable as using a cloud provider.
The project's vision is to empower users to deploy and manage their
own private P2P networks with minimal technical expertise,
significantly lowering the barrier to entry.
As illustrated in Figure \ref{fig:vision-stages}, the proposed
solution includes a user-friendly web interface. This interface
allows users to design and customize their private P2P networks with
just a few clicks. To further simplify the process, the inclusion of
a Large Language Model (LLM) is envisioned to assist users throughout
the network creation process. The LLM would provide contextual
guidance, answer configuration-related queries, and help resolve
potential issues, thus making the system approachable for a wider
audience without requiring advanced technical skills.
\begin{figure}[h!]
\begin{figure}[h]
\centering
% Row 1

BIN
Figures/krause-js-framework.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 175 KiB

415
master_citations.bib
View File

@@ -254,46 +254,6 @@
- 2022 - Keep CALM and CRDT On.pdf:application/pdf},
}
@inproceedings{jeffery_amc_2023,
location = {New York, {NY}, {USA}},
title = {{AMC}: Towards Trustworthy and Explorable {CRDT}
Applications with the Automerge Model Checker},
isbn = {9798400700866},
url = {https://dl.acm.org/doi/10.1145/3578358.3591326},
doi = {10.1145/3578358.3591326},
series = {{PaPoC} '23},
shorttitle = {{AMC}},
abstract = {Conflict-free Replicated Data Types ({CRDTs}) enable
local-first operations and asynchronous collaboration without the
need for always-on centralised services. {CRDTs} can have a high
overhead, so implementations need to be optimised, but this
optimisation can lead to bugs despite the use of test suites and
fuzzing. Furthermore, using {CRDTs} in applications is complex,
observing unexpected conflict resolution, issues synchronising
documents and difficulties implementing appropriate data models.
Automerge is a library, exposing a {JSON} {CRDT}, that sees users
having difficulties in modelling their problems, understanding
their edge cases and implementing applications correctly. We
introduce the Automerge Model Checker ({AMC}), empowering
application developers to check properties about their
implementations and explore them dynamically. {AMC} can check a
range of applications as well as being able to check properties
about the core of Automerge itself, helping to make more
trustworthy Automerge applications.{AMC} is available open-source
at github.com/jeffa5/automerge-model-checker.},
pages = {44--50},
booktitle = {Proceedings of the 10th Workshop on Principles and
Practice of Consistency for Distributed Data},
publisher = {Association for Computing Machinery},
author = {Jeffery, Andrew and Mortier, Richard},
urldate = {2024-11-24},
date = {2023},
file = {Full Text
PDF:/home/lhebendanz/Zotero/storage/EEMPQUIR/Jeffery and Mortier -
2023 - AMC Towards Trustworthy and Explorable CRDT Applications
with the Automerge Model Checker.pdf:application/pdf},
}
@inproceedings{dolstra_nix_2004,
location = {{USA}},
title = {Nix: A Safe and Policy-Free System for Software Deployment},
@@ -330,3 +290,378 @@
file = {ISPs - ethernodes.org - The Ethereum Network & Node
Explorer:/home/lhebendanz/Zotero/storage/BH7E2FAL/Hosting.html:text/html},
}
@article{kern_lost_2023,
title = {Lost in Simulation: Route Property in Mininet},
url =
{https://www.net.in.tum.de/fileadmin/TUM/NET/NET-2023-06-1/NET-2023-06-1_03.pdf},
doi = {10.2313/NET-2023-06-1_03},
shorttitle = {Lost in Simulation},
abstract = {The Mininet network emulator enables the comparison of
speed, delay, jitter and packet loss across different topologies.
It provides a Python {API} to instantiate almost arbitrary layouts
of networks and connections with attributes like predetermined
packet loss. We inspect linear and grid-like topologies and
discover that both share similar performance characteristics.},
author = {Kern, Philipp},
editora = {Architectures, Chair Of Network},
editoratype = {collaborator},
urldate = {2025-01-07},
date = {2023},
langid = {english},
note = {Medium: {PDF}
Publisher: Chair of Network Architectures and Services, School of
Computation, Information and Technology, Technical University of Munich},
file = {PDF:/home/lhebendanz/Zotero/storage/KSRTDLCA/Kern - 2023 -
Lost in Simulation Route Property in Mininet.pdf:application/pdf},
}
@article{savolainen_modeling_2019,
title = {Modeling the interplay of information seeking and
information sharing: A conceptual analysis},
volume = {71},
issn = {2050-3806},
url =
{https://www.emerald.com/insight/content/doi/10.1108/ajim-10-2018-0266/full/html},
doi = {10.1108/AJIM-10-2018-0266},
shorttitle = {Modeling the interplay of information seeking and
information sharing},
abstract = {The purpose of this paper is to contribute to the
creation of a holistic picture of information behavior by examining
the connections between information seeking and sharing.,Conceptual
analysis is used to focus on the ways in which the researchers have
modeled the interplay of information seeking and sharing. The study
draws on conceptual analysis of 27 key studies examining the above
issue, with a focus on the scrutiny of six major models for
information behavior.,Researchers have employed three main
approaches to model the relationships between information seeking
and sharing. The indirect approach conceptualizes information
seeking and sharing as discrete activities connected by an
intermediating factor, for example, information need. The
sequential approach assumes that information seeking precedes
information sharing. From the viewpoint of the interactive
approach, information seeking and sharing appear as mutually
related activities shaping each other iteratively or in a cyclical
manner. The interactive approach provides the most sophisticated
research perspective on the relationships of information seeking
and sharing and contributes to holistic understanding of human
information behavior.,As the study focuses on information seeking
and sharing, no attention is devoted to other activities
constitutive of information behavior, for example, information
use.,The study pioneers by providing an in-depth analysis of the
connections of information seeking and information sharing.},
pages = {518--534},
number = {4},
journaltitle = {Aslib Journal of Information Management},
author = {Savolainen, Reijo},
urldate = {2025-01-24},
date = {2019-06-18},
langid = {english},
note = {Publisher: Emerald Publishing Limited},
file = {Full
Text:/home/lhebendanz/Zotero/storage/LK5QNLVT/Savolainen - 2019 -
Modeling the interplay of information seeking and information
sharing A conceptual
analysis.pdf:application/pdf;Snapshot:/home/lhebendanz/Zotero/storage/JMW3VDFN/html.html:text/html},
}
@online{noauthor_web_nodate,
title = {The Web of False Information: Rumors, Fake News, Hoaxes,
Clickbait, and Various Other Shenanigans: Journal of Data and
Information Quality: Vol 11, No 3},
url = {https://dl.acm.org/doi/abs/10.1145/3309699},
urldate = {2025-01-24},
file = {PDF:/home/lhebendanz/Zotero/storage/95QKTBA7/The Web of
False Information Rumors, Fake News, Hoaxes, Clickbait, and Various
Other Shenanigans J.pdf:application/pdf;The Web of False
Information\: Rumors, Fake News, Hoaxes, Clickbait, and Various
Other Shenanigans\: Journal of Data and Information Quality\: Vol
11, No 3:/home/lhebendanz/Zotero/storage/7A2CZ7A6/3309699.html:text/html},
}
@article{noauthor_systematic_2024,
title = {A Systematic Approach to Deal with Noisy Neighbour in
Cloud Infrastructure {\textbar} Request {PDF}},
url =
{https://www.researchgate.net/publication/303741535_A_Systematic_Approach_to_Deal_with_Noisy_Neighbour_in_Cloud_Infrastructure},
doi = {10.17485/ijst/2016/v9i19/89211},
abstract = {Request {PDF} {\textbar} A Systematic Approach to Deal
with Noisy Neighbour in Cloud Infrastructure {\textbar}
Background/Objectives: One of the major challenges of the
multitenant cloud model is performance unpredictability because of
resource contention.... {\textbar} Find, read and cite all the
research you need on {ResearchGate}},
journaltitle = {{ResearchGate}},
urldate = {2025-02-19},
date = {2024-10-22},
langid = {english},
file = {Full Text PDF:/home/lhebendanz/Zotero/storage/3HXVA58J/2024
- A Systematic Approach to Deal with Noisy Neighbour in Cloud
Infrastructure Request
PDF.pdf:application/pdf;Snapshot:/home/lhebendanz/Zotero/storage/8KU7F7XX/303741535_A_Systematic_Approach_to_Deal_with_Noisy_Neighbour_in_Cloud_Infrastructure.html:text/html},
}
@online{noauthor_netzdg_nodate,
title = {{NetzDG} - Gesetz zur Verbesserung der Rechtsdurchsetzung
in sozialen Netzwerken},
url = {https://www.gesetze-im-internet.de/netzdg/BJNR335210017.html},
urldate = {2025-02-24},
file = {NetzDG - Gesetz zur Verbesserung der Rechtsdurchsetzung in
sozialen
Netzwerken:/home/lhebendanz/Zotero/storage/VKPIEEDI/BJNR335210017.html:text/html},
}
@online{noauthor_packet_2025,
title = {Packet zum Gesetz über digitale Dienste {\textbar}
Gestaltung der digitalen Zukunft Europas},
url =
{https://digital-strategy.ec.europa.eu/de/policies/digital-services-act-package},
urldate = {2025-02-24},
date = {2025-02-21},
langid = {german},
file =
{Snapshot:/home/lhebendanz/Zotero/storage/362VSA4E/digital-services-act-package.html:text/html},
}
@article{salmi_constructing_2003,
title = {Constructing Knowledge Societies: New Challenges for
Tertiary Education},
volume = {28},
issn = {0379-7724, 1469-8358},
url = {https://www.tandfonline.com/doi/full/10.1080/0379772032000110125},
doi = {10.1080/0379772032000110125},
shorttitle = {Constructing Knowledge Societies},
pages = {65--69},
number = {1},
journaltitle = {Higher Education in Europe},
author = {Salmi, Jamil},
urldate = {2025-02-26},
date = {2003-04},
langid = {english},
file = {PDF:/home/lhebendanz/Zotero/storage/M7TSQ6XA/Salmi - 2003 -
Constructing Knowledge Societies New Challenges for Tertiary
Education.pdf:application/pdf},
}
@article{sahlberg_rethinking_2010,
title = {Rethinking accountability in a knowledge society},
volume = {11},
rights = {http://www.springer.com/tdm},
issn = {1389-2843, 1573-1812},
url = {http://link.springer.com/10.1007/s10833-008-9098-2},
doi = {10.1007/s10833-008-9098-2},
abstract = {Competition between schools combined with test-based
accountability to hold schools accountable for predetermined
knowledge standards have become a common solution in educational
change efforts to improve the performance of educational systems
around the world. This is happening as family and community social
capital declines in most parts of developed world. Increased
competition and individualism are not necessarily beneficial to
creating social capital in schools and their communities. This
article argues that: (1) the evidence remains controversial that
test-based accountability policies improve the quality and
efficiency of public education; (2) the current practice of
determining educational performance by using primarily standardized
knowledge tests as the main means of accountability is not a
necessary condition for much needed educational improvement; and
(3) there is growing evidence that increased high-stakes testing is
restricting students conceptual learning, engaging in creative
action and understanding innovation, all of which are essential
elements of contemporary schooling in a knowledge society. Finland
is used as an example to suggest that educational change should
rather contribute to increasing networking and social capital in
schools and in their communities through building trust and
strengthening collective responsibilities within and between
schools. This would create better prospects of worthwhile lifelong
learning in and out of schools. Based on this analysis, the article
concludes that education policies should be directed at promoting
more intelligent forms of accountability to meet external
accountability demands and to encourage cooperation rather than
competition among students, teachers and schools.},
pages = {45--61},
number = {1},
journaltitle = {J Educ Change},
author = {Sahlberg, Pasi},
urldate = {2025-02-26},
date = {2010-02},
langid = {english},
file = {PDF:/home/lhebendanz/Zotero/storage/Q7WXPVKN/Sahlberg -
2010 - Rethinking accountability in a knowledge society.pdf:application/pdf},
}
@article{vanderlind_effects_2017,
title = {Effects of Mental Health on Student Learning},
volume = {22},
issn = {1087-0059},
url = {https://eric.ed.gov/?id=EJ1154566},
abstract = {Learning can be hindered by students' mental health.
Given the increased reports of mental health concerns among college
students, it is imperative that we understand how best to provide
supports to this population to help them learn and succeed. This is
particularly significant given the body of research that
demonstrates how mental illness may negatively affect student
success and degree persistence. In order to best serve this growing
population, there are possible supports that can be provided in the
classroom embedded into current practices and learning
opportunities for all students across the board. This article
addresses the connections between learning and mental health,
practical takeaways for practitioners, and directions for future research.},
pages = {39--58},
number = {2},
journaltitle = {Learning Assistance Review},
author = {{VanderLind}, Ren},
urldate = {2025-02-26},
date = {2017},
langid = {english},
note = {Publisher: National College Learning Center Association
{ERIC} Number: {EJ}1154566},
keywords = {Academic Achievement, Anxiety, College Students,
Correlation, Depression (Psychology), Gender Differences, Learning,
Learning Theories, Mental Disorders, Mental Health, Metacognition,
Personality Traits, Success},
file = {Full Text
PDF:/home/lhebendanz/Zotero/storage/SGNY7WPR/VanderLind - 2017 -
Effects of Mental Health on Student Learning.pdf:application/pdf},
}
@article{sinsebox_supervision_2020,
title = {Supervision and Evaluation Practices That Impact Teacher
Learning: A Case Study of Rural Teachers Perspectives},
url = {https://fisherpub.sjf.edu/education_etd/474},
shorttitle = {Supervision and Evaluation Practices That Impact
Teacher Learning},
journaltitle = {Education Doctoral},
author = {Sinsebox, Jennifer},
date = {2020-12-01},
file = {"Supervision and Evaluation Practices That Impact Teacher
Learning\: A C" by Jennifer L.
Sinsebox:/home/lhebendanz/Zotero/storage/HWJMQJ9Z/474.html:text/html},
}
@inproceedings{halkes_udp_2011,
title = {{UDP} {NAT} and firewall puncturing in the wild},
volume = {6641},
isbn = {978-3-642-20797-6},
doi = {10.1007/978-3-642-20798-3_1},
abstract = {Peer-to-Peer (P2P) networks work on the presumption
that all nodes in the network are connectable. However, {NAT} boxes and
firewalls prevent connections to many nodes on the Internet. For
{UDP} based protocols, the {UDP} hole-punching technique has
been proposed to mitigate this problem.
This paper presents a study of the efficacy of {UDP} hole
punching on the Internet in the context of an actual P2P network.
To the best of our knowledge, no previous study has provided
similar measurements. Our results show that {UDP} hole punching
is an effective method to increase the connectability of peers on
the Internet: approximately 64\% of all peers are behind
a {NAT} box or firewall which should allow hole punching to work,
and more than 80\% of hole punching attempts between these
peers succeed.},
pages = {1--12},
author = {Halkes, Gertjan and Pouwelse, J.A.},
date = {2011-06-01},
file = {Full Text
PDF:/home/lhebendanz/Zotero/storage/VUJQDDIG/Halkes and Pouwelse -
2011 - UDP NAT and firewall puncturing in the wild.pdf:application/pdf},
}
@article{mehrab_new_2025,
title = {A New Approach to Peer-to-Peer {VPN} Connectivity:
Achieving Seamless Communication Without Firewalls},
shorttitle = {A New Approach to Peer-to-Peer {VPN} Connectivity},
abstract = {This study presents a novel approach to peer-to-peer
Virtual Private Network ({VPN}) connectivity that eliminates
traditional firewall dependencies. As remote work and distributed
systems become increasingly prevalent, the limitations of
conventional {VPN} architectures-including performance bottlenecks,
complex configurations, and centralized points of failure-have
become more apparent. The research evaluates {ZeroTier}, a modern
network virtualization solution, against established {VPN}
technologies (Wireguard, Tailscale, and {OpenVPN}) across a
simulated environment of 100 globally distributed virtual nodes
over a 30-day period. Results demonstrate {ZeroTier}'s superior
performance across key metrics: 57\% faster connection
establishment than Wireguard, 45\% lower latency compared to
traditional solutions, higher throughput (875 Mbps for P2P
connections), reduced resource utilization, and a 94.8\%
first-attempt connection success rate. {ZeroTier} successfully
established direct P2P connections in 85\% of cases, significantly
outperforming competitors. The study details {ZeroTier}'s "Virtual
Layer 2 Ethernet" architecture, which combines centralized
coordination with decentralized communication and employs
sophisticated {NAT} traversal techniques to enable direct
device-to-device connections without complex firewall
configurations. This approach creates a flat, software-defined
network that spans multiple physical locations while maintaining
enterprise-grade security through end-to-end encryption.},
author = {Mehrab, Abu},
date = {2025-04-11},
file = {Full Text
PDF:/home/lhebendanz/Zotero/storage/8T5JMBVF/Mehrab - 2025 - A New
Approach to Peer-to-Peer VPN Connectivity Achieving Seamless
Communication Without Firewalls.pdf:application/pdf},
}
@inproceedings{lackorzynski_comparative_2019,
title = {A Comparative Study on Virtual Private Networks for Future
Industrial Communication Systems},
url = {https://ieeexplore.ieee.org/document/8758010},
doi = {10.1109/WFCS.2019.8758010},
abstract = {The future industrial networks will not be created from
scratch. Rather, they will grow from existing installations without
displacing legacy components. The secure integration of these
legacy machines and networks will become an important building
block in order to realize the vision of Industry 4.0. Secure and
high performance virtual private networks ({VPNs}) will be
necessary for that purpose.Therefore, we investigated and compared
various {VPN} solutions. Their performance was tested on multiple
hardware platforms ranging from very resource constrained to very
powerful. Non-functional aspects, relating around security,
manageability and ease of use, were discussed in order to assess
their suitability for future use cases.We arrive at clear
recommendations on which software {VPN} solutions to choose for
future industrial setups.},
eventtitle = {2019 15th {IEEE} International Workshop on Factory
Communication Systems ({WFCS})},
pages = {1--8},
booktitle = {2019 15th {IEEE} International Workshop on Factory
Communication Systems ({WFCS})},
author = {Lackorzynski, Tim and Köpsell, Stefan and Strufe, Thorsten},
urldate = {2026-02-11},
date = {2019-05},
keywords = {Encryption, Hardware, industrial {IoT}, industrial
networks, Industry, Logic gates, network security, Production
facilities, secure transport, Software, tunneling, Virtual private
networks, {VPN}},
file = {PDF:/home/lhebendanz/Zotero/storage/DWSF7ERP/Lackorzynski
et al. - 2019 - A Comparative Study on Virtual Private Networks for
Future Industrial Communication
Systems.pdf:application/pdf;Snapshot:/home/lhebendanz/Zotero/storage/PXWNAC6D/8758010.html:text/html},
}
@online{noauthor_nat_2026,
title = {{NAT} Traversal: How It Works},
url = {https://dev.to/alakkadshaw/nat-traversal-how-it-works-4dnc},
shorttitle = {{NAT} Traversal},
abstract = {{NAT} traversal is the set of techniques that solves
this problem: discovering public addresses,...},
titleaddon = {{DEV} Community},
urldate = {2026-02-11},
date = {2026-01-30},
langid = {english},
file =
{Snapshot:/home/lhebendanz/Zotero/storage/UHJQ84AV/nat-traversal-how-it-works-4dnc.html:text/html},
}
@software{krause_krausestjs-framework-benchmark_2026,
title = {krausest/js-framework-benchmark},
rights = {Apache-2.0},
url = {https://github.com/krausest/js-framework-benchmark},
abstract = {A comparison of the performance of a few popular
javascript frameworks},
author = {Krause, Stefan},
urldate = {2026-02-11},
date = {2026-02-11},
note = {original-date: 2015-12-09T20:10:53Z},
}