Skype And Firewalls

Alright, you must either have been living underground or even worse: have been offline for over a year, if you haven’t heard of Skype by now. Skype is software to call via the internet. That’s nothing new, though. You could do that before. The major difference that Skype makes is the following:

It just works.

I could tell a long, boring story about how it works around firewalls and how they use peer to peer technology to accomplish all this, and I will later on, but basically this is all you need to know. It works, the sound quality is very good and bandwith usage relatively low.

Skype is developed by the same people that developed Kazaa and it is said to work so well because they already found out how to solve the firewall problem with Kazaa. I have thought about developing some peer to peer file sharing software a while ago and of course the firewall problem came up.

What is the firewall problem? A firewall, by default, only allows outgoing connections. This means that connections to servers can only established by you and not the other way around. If another user or server tries to contact you, your firewall will block it. That’s unless you open up certain ports. If you’re using a router and connect to the internet using NAT, it’s even harder to make incoming connections possible. You’d have to tell the router to map a certain port to a certain PC. This requires router configuration. Also, that port on the router will always point to a certain PC, so other if you want to use the same applications on more PCs in the network, you will need to use different ports. It is obvious that you can’t ask the general computer user to configure their firewalls or routers in order to allow incoming connections.

Why do you need incoming connections so bad? When you surf the internet you don’t, if you use e-mail or ftp you don’t need them either. Generally you only need them in peer to peer networks. In peer to peer networks another (human) internet person wants establish a connection to you (a peer), or the other way around. Making peer to peer connections avoids immense traffic on a central server. Imagine that if you wanted to share a file using Kazaa, and Kazaa would work with a central server. First you do a search to the central server, this will generally go quite fast, as all data is on one place (this is why searching on Napster was so quick). Then you’d pick a file. The central server which already has a connection to all the users (these connections are initiated by the users upons startup), would request that particular file. It would download it to the server and then send it over to you. With two users that will go fine, but imagine a million people doing that. Imagine the bandwidth bill for that central server. And I’ll not even talk about the legal situation at hand. (Remember why Napster shut down?) Peer to peer networking is much more distributed, as no central server is used. The trouble is, as I said, that the two people have to connect to each other. That won’t be a problem if at least one of the two is not behind a firewall. The other person could just connect to the firewall-less user. But what if everyone has a firewall? Nobody could connect to anybody, without firewall or router configuration. That’s the firewall problem.

The interesting thing with Skype is that just works. It always works, even if both people got firewalls or are behind routers. The question is: how do they do it? I would be interested in knowing that. But, that’s probably not something they’d share. It’s their greatest strength.

My Skype username is “zefhemel” by the way.