Hole Punching: To Do Or Not To Do
Hole punching technique is nothing new. It is as old as the firewalls through which it punches hole. But due to the huge popularity of Skype which does hole punching to make VoIP work even when behind firewalls and due to the apparent inability of network administrators to block them, there is a new wave of articles on this topic.
Slashdot covered one such article. After reading the comments there it became clear that many don't really understand how protocols like TCP and UDP work or why hole punching works.
Hole punching head-ache at office:
Hype is that network administrators will have a lot of headache managing the bandwidth consumed by all these p2p applications that punch holes and "illegally" transfer data. But that isn't the case in reality. Network administrators have a variety of options at their disposal. Like in case of Skype, they can always block the various Skype central site IP addresses. Also, an advanced stateful firewall like IPTables in Linux can be configured to block hole-punching. But, in some cases, hole punching applications can actually save bandwidth. If you and your colleague sitting on the other end of the office are talking to each other over skype and are on the same local network, then your traffic isn't even leaving your network! You two would be connected peer 2 peer directly. So there you go! Your network administrator should be happy!
Hole Punching at home?:
In this part of the world(India), majority ISPs like Airtel or BSNL provide public IPs for their broadband customers. So, when I'm connected to Internet at home, I've a public IP (non-static). So, there is no question of complex NAT firewalls getting in the way.(We all do have firewalls on our machines and on the router, but they are just filtering unwanted traffic and not actually doing any NAT). So, I can actually tell my firewall to allow Skype traffic bothways and no hole punching is required. Skype MAY become a super node and start using your bandwidth for routing other people's voice data. Now, if you aren't on a unlimited usage bill-plan this might hurt you. So, its best to turn off the application when you are not using it yourself.
We at pi are building an application that also does hole punching. It's more exciting than skype and has lot more functionality. Currently it is in free beta mode. Go grab it and try it for yourself.
Slashdot covered one such article. After reading the comments there it became clear that many don't really understand how protocols like TCP and UDP work or why hole punching works.
Hole punching head-ache at office:
Hype is that network administrators will have a lot of headache managing the bandwidth consumed by all these p2p applications that punch holes and "illegally" transfer data. But that isn't the case in reality. Network administrators have a variety of options at their disposal. Like in case of Skype, they can always block the various Skype central site IP addresses. Also, an advanced stateful firewall like IPTables in Linux can be configured to block hole-punching. But, in some cases, hole punching applications can actually save bandwidth. If you and your colleague sitting on the other end of the office are talking to each other over skype and are on the same local network, then your traffic isn't even leaving your network! You two would be connected peer 2 peer directly. So there you go! Your network administrator should be happy!
Hole Punching at home?:
In this part of the world(India), majority ISPs like Airtel or BSNL provide public IPs for their broadband customers. So, when I'm connected to Internet at home, I've a public IP (non-static). So, there is no question of complex NAT firewalls getting in the way.(We all do have firewalls on our machines and on the router, but they are just filtering unwanted traffic and not actually doing any NAT). So, I can actually tell my firewall to allow Skype traffic bothways and no hole punching is required. Skype MAY become a super node and start using your bandwidth for routing other people's voice data. Now, if you aren't on a unlimited usage bill-plan this might hurt you. So, its best to turn off the application when you are not using it yourself.
We at pi are building an application that also does hole punching. It's more exciting than skype and has lot more functionality. Currently it is in free beta mode. Go grab it and try it for yourself.