How Windows Peer-to-Peer Networking Works
In this section, we briefly describe the Windows Peer-to-Peer Networking architecture and then describe the details of the fundamental peer-to-peer capabilities of peer discovery and name resolution, graphing, grouping, replicated storage, and searching.
Windows Peer-to-Peer Networking Architecture
The architecture of Windows Peer-to-Peer Networking is shown in Figure 1.
Figure 1: Windows Peer-to-Peer Networking architecture
See full-sized image.
Windows Peer-to-Peer Networking architecture consists of the following components:
• | Graphing The Graphing component is responsible for maintaining a set of connected nodes known as a graph and providing flooding and replication of data across the graph. The Graphing component uses the Flood & Synchronization, Store, and Graph Maintenance subcomponents. |
• | Grouping The Grouping component is the security layer provided by default on top of a graph. The security layer defines the security model behind group creation, invitation, and connection to the group. In addition, Grouping leverages PNRP as the name resolution protocol - and enables multiple applications to share the same graph. The Grouping component uses the Group Security and Group Security Service Provider (SSP) subcomponents. |
• | NSP The Name Service Provider (NSP) component provides a mechanism to access an arbitrary name service provider. In the case of Windows Peer-to-Peer Networking, peer-to-peer applications use the NSP interface to access PNRP. |
• | PNRP The PNRP component provides peer-to-peer name resolution. |
• | Identity Manager Identity manager enables the creation and management of peer-to-peer identities. |
• | Microsoft TCP/IP version 6 protocol The Microsoft TCP/IP version 6 protocol (IPv6) provides the transport over which Windows Peer-to-Peer Networking operates. |
The details of how Windows Peer-to-Peer Networking works are described in the following sections:
• | IPv6 and NAT traversal |
• | Name resolution and peer discovery with PNRP |
• | Graphing |
• | Grouping |
• | Replicated store |
• | Searching |
IPv6 and NAT Traversal
Windows Peer-to-Peer Networking uses IPv6 as its Internet layer. IPv6 was chosen because it restores the end-to-end computing model to networking. With IPv6, there are no issues with address shortage that require the use of Network Address Translators (NATs). For more information about how NATs translate addresses and port numbers and use port mappings, see Windows 2000 Network Address Translator (NAT). NATs for IPv4 extend the lifetime of the IPv4 public address space, but at the expense of breaking end-to-end communication.
IPv6 support was included in Windows XP and Windows XP with SP1 as a developer preview edition. A production-quality release of an IPv6 protocol is available in Windows XP with SP1, Windows XP with SP2, and the Windows Server™ 2003 family. A common misconception about IPv6 is that the existing IPv4 infrastructure (your intranet and the Internet) must be upgraded to support IPv6 before it can be used. This is not true. The designers of IPv6 realized that IPv4 infrastructures will be in place for the foreseeable future and created a series of transition technologies that allow IPv6 traffic to be sent over an IPv4 network by encapsulating an IPv6 packet with an IPv4 header.
The two transition technologies that are recommended for use and enabled by default for the IPv6 protocol for Windows XP and the Windows Server 2003 family are the following:
• | Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) ISATAP is an address assignment and automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 hosts across an IPv4 intranet. ISATAP is described in the Internet draft titled "Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)". |
• | 6to4 6to4 is an address assignment and automatic tunneling technology that is used to provide unicast IPv6 connectivity between IPv6 sites and hosts across the IPv4 Internet. 6to4 is described in RFC 3056. |
For more information about ISATAP and 6to4, see the IPv6 Transition Technologies white paper.
For IPv6 connectivity across the IPv4 Internet, 6to4 is the preferred address assignment and tunneling technology. However, 6to4 depends on the assignment of a public IP address to a computer connected to a private network that acts as a 6to4 router. The IPv6 protocol for Windows XP and the Windows Server 2003 family can be used as a 6to4 router either automatically by enabling Internet Connection Sharing (ICS) or through manual configuration. Many Network Address Translators (NATs) that are used to connect small office or home office networks to the Internet do not yet have 6to4 router capability. Additionally, there might be more than one NAT between a host on a private network and the IPv4 Internet, in which case 6to4 would not work even if the NAT connected to the private network had 6to4 functionality. Another issue with NATs is their default inability to forward traffic that does not use either TCP or UDP. IPv6 over IPv4 traffic uses protocol 41. If this type of traffic is not recognized by the NAT, it is discarded.
To address the need for an IPv6 over IPv4 address assignment and tunneling solution that works for hosts that are located across NATs that cannot also be 6to4 routers, Microsoft is working with the Internet standards bodies to define Teredo, also known as IPv6 NAT Traversal (NAT-T). Teredo is defined in an Internet draft titled "Teredo: Tunneling IPv6 over UDP through NATs".
Teredo works by assigning global IPv6 addresses that are based on the public IPv4 address of the NAT interface that is connected to the Internet and then encapsulating IPv6 packets with both an IPv4 header and a UDP header. By using both an IPv4 and a UDP header, most NATs can translate Teredo traffic.
Teredo client support is included with Windows XP SP2. For computers running Windows XP with SP1, you must install the Advanced Networking Pack for Windows XP.
For additional information about how Teredo works, see the "Teredo Overview" white paper.
Name Resolution and Peer Discovery with PNRP
In order for communication to occur between peers, they must be able to discover each other's presence and resolve each other's network locations (addresses, protocols, and ports) from names or other types of identifiers. How peers discover each other and resolve each other's names for communication is complicated by transient connectivity and the lack of address records in DNS.
Windows Peer-to-Peer Networking solves this problem with a name resolution and peer discovery scheme with the following attributes:
• | Distributed and serverless for name resolution Like DNS, the complete list of names is stored on computers throughout the cloud. Unlike DNS, there are no servers that provide name resolution. Each peer stores a portion of the list in its cache and can refer to other peers. Central servers are not used to resolve names. Windows Peer-to-Peer Networking is not strictly serverless, as there is a seed node that facilitates initialization. |
• | The use of identifiers (IDs) instead of names Rather than using a name, such as a fully qualified domain name in DNS, IDs are used to identify peer entities. IDs are just numbers and therefore are not subject to language and trademark or copyright issues. |
• | The use of multiple IDs Each separate peer computer, user, group, device, service or other type of peer node can have its own peer ID. |
• | Ability to scale to large numbers of IDs The list of IDs is distributed among the peers using a multi-level cache and referral system that allows name resolution to scale to billions of IDs, while requiring minimal resources on each node. |
The protocol used to send messages between peers for name resolution and peer discovery is Peer Name Resolution Protocol (PNRP).
PNRP uses multiple clouds, in which a cloud is a grouping of computers that use addresses of a specific scope. A scope is an area of the network over which the address is unique. PNRP clouds are based on the address scopes for IPv6 addresses. The following clouds are defined:
• | The global cloud corresponds to the global IPv6 address scope and represents all the computers on the entire IPv6 Internet. There is only a single global could. |
• | The site-specific cloud corresponds to the site IPv6 address scope and site-local addresses. A site is a portion of an organization network that has defined geographical or topological boundaries. There can be multiple site-specific clouds. |
• | The link-local cloud corresponds to the link-local IPv6 address scope and link-local addresses. A link-local cloud is for a specific link, typically the same as the locally attached subnet. There can be multiple link-local clouds. |