Adium

Technology Behind Direct Connections

IM Clients sometimes have a need to establish a Direct Connection to the other party in a conversation. This is used for 3 different reasons

  1. Privacy - where the users do not want the data to go through the centralized servers of the IM Service provider.
  2. No Central Server - where there is not a central server to work with. This is known as a Peer-to-peer network, and is used by services such as Skype.
  3. Large Data Transfers - where large amounts of data need to be transfered and the IM Service wishes to save money by not having to pay for the bandwidth and processing of that data. This is commonly used for:

Establishing a Direct Connection

Because of this need for a direct connection, there is a large amount of work done in each IM system to make it possible to get through NATs and Firewalls, which by their design are meant to prevent these direct connections.

This work typically consists of 3 main areas:

  • Attempt to forward ports on the local firewall or NAT device.
  • Identify IP Addresses for this client
  • Bi-Directional communication to find a way to connect

Automatic Configuration of the local Firewall or NAT device

There are two main mechanisms available to Apple users to have the IM client automatically send a request to the local Firewall or NAT device to have it allow external computers to access the local computer. In each case, the capability must be turned on in the network device for this to work. Due to security concerns possessed by most users, these capabilities are often disabled, but the IM clients still make an attempt to use them, since it is the best way to guarantee that a connection can be established.

The two mechanisms are;

For more details about these mechanisms, please refer to the information in the links above.

Identifying IP Addresses

In order for a direct connection to be established, it is important to share information with the other party about the local IP addresses. An individual machine can have several IP addresses assigned to it for many reasons including:

  • Multiple Network Ports
  • Modem Network connections
  • VPN or PPoE connections.
  • IPV4 and IPv6 addressing.
  • Firewall software

Additionally, most users are not connected directly to the Internet so each of these addresses is usually translated to a different public address which is visible to the rest of the Internet on the other side of their Firewall or NAT device. The IM Client needs to find a way to learn what the public address is for each of the local (or private) addresses. This is typically accomplished by sending a request to an external server and having it respond with the public IP address which was used to contact it. The most commonly used methods for this are:

Again, please refer to the links above for more information.

Bi-Directional communication to find a way to connect

Once both sides of the conversation have information about all the IP Addresses of the remote party, the systems then begin the process of attempting to find which address is the best to use. This typically consists of the following:

  1. One client is picked as the first "sender". Usually this is the client which sent the first request to start a connection. The other machine is designated the "receiver".
  2. Both clients start listening on all IP addresses.
  3. The "sender" picks an IP address from the list of remote IP addresses and sends a request to it. (This is typically retried up to 3 times to give an opportunity for a slow firewall or NAT box to do their job)
  4. If no response is received, the sender tries the next IP address. (This is repeated until all IP addresses are exhausted.)
  5. After a delay, if the "receiver" has not received any messages from the "sender", it switches to be a "sender" and tries sending requests.

This method typically results in the ability to establish a connection except in the case where firewalls are configured to not allow connections without a specific rule set by a network administrator.