Have you ever wondered how your computer manages to find other devices wether or not they are part of your network? The reason devices seem to always be seamlessly connected with each other is for the most part due to something called Universal Plug and Play (or UPnP), which is enabled by default on millions of routers worldwide.
The following article will explain what UPnP is, it’s pros and cons, and why Jami uses it. But before those things can be explained, we must first go through a quick explanation of how private (or local) networks communicate with the outside world and the Internet.
Network Address Translation
An Internet Protocol address (or IP address) is a unique address that is assigned to a device that enables it to be recognized by other devices when it wants to communicate with them (i.e. 172.16.254.1). However, there is a small problem: there simply aren’t enough of those types of addresses available to support all of the computers and other IP-enabled devices in the world. That’s why we need something called a Network Address Translation protocol, or NAT.
NAT allows multiple computers to share a single public IP address. It does this by assigning the public address to a router that acts as a gateway (or bridge) between a private network and the outside world (the Internet).
Let’s use a common example of a home network with a NAT router (for wired Internet access) and a few computers in the household connected to that router via WiFi. If you want to access a webpage on the Internet, a request is sent from your computer to your router. The NAT router receives the request and forwards it to the Internet on the device’s behalf by translating your computer’s private address to a public address the Internet knows and can work with. When the answer comes back in from the server hosting the webpage , the NAT router does the translation again but this time in the reverse direction from the Internet to your computer’s private address.
This simple translation arithmetic is quite clever and useful, but poses a few problems. Namely that unsolicited communications typically do not work very well. Obviously, one can say that’s a good thing, but there are cases where you need to allow legitimate traffic that was not specifically requested by a host on the internal network to go through, peer-to-peer applications being one of them. And one of the ways to achieve this is by using UPnP.
What is UPnP?
UPnP allows devices on your network to easily find each other and make themselves accessible from the outside by modifying your router's port forwarding configuration using the Internet Gateway Device Protocol.
Port forwarding is what enables a computer behind a NAT firewall to receive incoming traffic from the outside world. Via UPnP you can tell your router to forward all incoming connections with a matching port number to the internal computer’s private address. So in short it allows someone or something on the Internet to communicate with you without having to know your private IP address.
How does Jami use port mappings?
Jami uses port forwarding rules for a wide range of features that allows it to establish a reliable communication channel to the peer-to-peer network. One of the most important features enabled by opening ports is gaining access to the OpenDHT distributed network. Jami also uses port mappings for video and/or voice calls.
The aforementioned features do have security implications though. Opening ports on your router is synonymous with creating a “pinhole” through your firewall. But all this really means is that you are giving Jami the ability to receive information from the outside world. All the packets and information coming through those ports that are not intended for Jami’s encrypted communication won’t be used.
Which port forwarding protocols does Jami use?
The UPnP protocol is quite complicated to implement from a technical stand-point. It’s a mechanism that involves XML-based exchanges from host to client, which isn’t extremely reliable. There can be quite large discrepancies in server-side implementations between old routers (that are still being used today) and newer ones. And on top of that Jami needs to be able to implement a port forwarding client for cross-platform compatibility. One of the open-source libraries Jami uses is the Portable Universal Plug and Play library (PUPnP). A second one Jami uses is NAT-PMP based on the NAT Port Mapping Protocol.
PUPnP is a library that is completely cross-platform. It works on Windows, Linux and MacOS. That way Jami ensures that its UPnP client will be functional on any platform in order to try and interact with any router (old or new). Jami uses it by default.
NAT-PMP is separate protocol that was developed to try and improve on the shortcomings of UPnP. It has Linux and macOS support, it’s quicker and more reliable as well as being a lot easier to implement on the client-side. It isn’t the same protocol as UPnP when it comes to the fundamental technical aspect, but it achieves the same goal: port forwarding for devices behind a NAT firewall. It is a relatively new protocol and isn’t supported by all routers. Therefore Jami will only use it when trying to add port-forwarding rules on a router that supports it.
As mentioned above, there aren’t enough IP addresses to support all of the computers and other IP-enabled devices in the world. Network address translation does a good job of circumventing this problem but a better solution is required. That’s what IPv6, the sixth version of the Internet Protocol, is for. Instead of using a 32-bit numeric address like IPv4, IPv6 uses a 128-bit address written in hexadecimal and separated by colons (i.e. 3ffe:1900:4545:3:200:f8ff:fe21:67cf).
Jami takes pride in always trying to be at the forefront of the new upcoming technologies. The next challenge for improving Jami’s port forwarding capabilities would be to enable it for IPv6 support. This will be done with the UpnP protocol Jami currently uses as well as the Port Control Protocol (implemented with libpcp), which is the Ipv6 version of NAT-PMP. Not a lot of routers support port forwarding over IPv6, but it’s only a matter of time before the newer versions start making their way into mainstream technology. And once they do, Jami will be ready.
By Eden Abitbol – Jami developer