Monday, November 14, 2005

UPnP Port Forwarding

I've been recently researching UPnP Port Forwarding support for Peer Impact and here are some of my findings.

Between 60-75% of the users on the Peer Impact network are behind some kind of firewall whether it is a software application like Zone Alarm running on a user’s PC or a hardware device like a D-Link home router that is connected to a user’s PC. The job of those applications are to block any incoming network requests so they don’t reach a user’s PC protecting it from attackers and viruses. Having 60-75% of your network behind firewalls is not the optimal situation for a p2p network because this doesn’t allow users who are behind a firewall to share with other users who are behind a firewall which means they can only share with users not behind a firewall.(This does not mean that users behind cannot share, it just means that users who are behind a firewall cannot share with other users behind a firewall which extremely limits their ability to participate/share in the network and earn Peer Cash.) That was a mouth full :)

There are a couple solutions to enable a user’s PC to accept incoming connections so they can share with everyone while still keeping their PC protected from attackers or viruses, but the solution that works the best is called “Port Forwarding”. Every software or hardware firewall has the capability to “Port Forward” and once properly configured, incoming requests that are received by the firewall that match the target IP and port will be forwarded on to the appropriate PC. This technique will work and allows your Peer Impact application to accept incoming connection from other Peer Impact applications or peers, but it has a few downfalls.
- In order to configure your firewall to “Port Forward” it takes a good amount of technical skill to do it correctly. I don’t know how many people I have helped configure “Port Forwarding” on their firewall and it took us weeks to finally get it to work.
- Most of the people who are using a firewall are also using the device’s DHCP server to obtain an IP. Once you are assigned an IP there is no guarantee that the DHCP server will let you have that IP forever. There is a good chance it will change which means you will have to reconfigure your firewall to work with the new IP. Especially if you are running Peer Impact on a laptop that is moving from location to location.

Luckily, there is a better solution to this problem that uses the UPnP (Universal Plug and Play) protocol to talk to your firewall and ask it to do the port forwarding for you with no technical skills required. UPnP is a relatively new set of protocols that allow devices to interact with each other more easily. One protocol called the Internet Gateway Device (IGD) Standardized Device Control Protocol V 1.0 allows other devices to get information and configure Internet Gateway devices like a D-Link or Linksys router. Fortunately, a lot of the main Internet Gateway or home router manufactures are supporting this protocol which makes it practical for applications like Peer Impact to use the protocol for port forward. Using this protocol Peer Impact can configure any Internet Gateway device that supports UPnP to enable port forwarding without any interaction from the user.

Using the UPnP protocol would make everything a lot easier because people would not need to know the following.
- Their internal IP of their computer
- What port or ports to forward
- What Internet protocols to use when forwarding.(TCP or UDP or both)
- The IP address of their Internet Gateway so they can configure it manually
- The user name and password to login to their Internet Gateway.
- How to find and use the configuration screens on the device to port forward

Now using the UPnP protocol to port forward does comes with it’s downfalls.
- Not all Internet Gateway devices support UPnP
- Even the ones that have support for UPnP don’t work properly
- On some devices and platforms UPnP support isn’t turned on by default
- Microsoft’s support and SDK implementation of the Internet Gateway Device (IGD) Standardized Device Control Protocol V 1.0 is buggy and very unpredictable. Some days it works and some days it doesn’t.

In the end I think trying to use UPnP to “Port Forward” is worth the effort because if it doesn’t work people can still fallback to manually configuring their device to “Port Forward”. Plus, one would hope that support for UPnP on the Windows platform and Internet Gateway devices can only improve over time. So look for this feature in an upcoming release of Peer Impact.

NOTE: I have also looked at some open source code that should work when Peer Impact decides to support other platforms like Linux and Mac OSX. I haven’t done enough research to comment on how reliable these implementations are.

For more information on port forwarding visit


Post a Comment

<< Home

Web Site Counter
Web Site Counter