Forget the conspiracy theories: Skype's supernodes belong in the cloud

Forget the conspiracy theories: Skype's supernodes belong in the cloud

Summary: Putting Skype's supernodes in the Microsoft datacentres is about improving performance and not appropriating bandwidth


Forget the conspiracy rumours about wiretapping: putting Skype's supernodes in the Microsoft datacentres is about improving performance and not appropriating bandwidth.

There's been a lot of speculation about whether Skype made changes to its architecture that were more about surveillance than performance, based on a Microsoft patent applied for before it even bought Skype. Some of this speculation arose because Microsoft and Skype initially refused to deny these allegations. An unusually combative blog post from Skype chief development officer Mark Gillett today addresses the issue by calling all the allegations false and explains some of the technical reasons for the change; check out this useful analysis by ZDNet's Ed Bott.

But there one point Gillett doesn't make that's worth remembering: anyone paying for business bandwidth should be delighted that the supernodes are now in the cloud, where they belong.

Computer History Museum 057 (620x465)

Because Skype is peer-to-peer, it needs a directory of routes for getting from one machine with Skype on to another, and it needs to be able to direct Skype-to-Skype calls between users behind NAT connections (like the firewalls on DSL routers, especially when the IP address is going to change whenever your ISP feels like it). Supernodes are the heart of the distributed directory so there are machines accessing them all the time to get the right route to make a call. As well as managing directory look-ups, Skype supernodes also proxy voice calls and file transfers.

Before moving the supernodes into the cloud, Skype would park them in peer-to-peer fashion on any network with a system running Skype that had particularly good bandwidth. If you were a small business paying for a high-bandwidth internet connection, you might have no idea you'd become a supernode until you found your network slowing down and your traffic allowance getting used up by the peer-to-peer directory look-ups rather sooner than you liked.

In 2010, Skype released a set of Active Directory Group Policies for controlling Skype on a company network: this covered things like locking down the ports used to connect to the Skype network; choosing how the Skype software checked for updates; and whether third-party add-ones could access the Skype API. It also included the DisableSupernodePolicy to stop any Skype client on a network from being elected a supernode.

Once enough businesses started refusing to share the bandwidth they were paying for with all the Skype users around the world, putting the supernodes in fast, well-connected datacentres was the only approach Skype could take. Handily — and perhaps not coincidentally — it was bought by a company with plenty of fast, well-connected datacentres.

Does Skype co-operate with legal surveillance requests even though it encrypts Skype-to-Skype calls? News flash: every communications provider co-operates with legal surveillance requests. It has nothing to do with the architecture.

What's more thought provoking is the question of how well peer-to-peer systems can operate at scale without relying on high-bandwidth boosts from datacentres and the cloud and what that means for the open internet as net neutrality comes under threat. Bandwidth and computation aren't free (and neither is the electricity needed to run them); there are a lot of complex questions about shared resources and access that need to be addressed.

If you want to join the discussion about that and you're in the EU, go take part in the public consultation about net neutrality (before 15 October, 2012). If you prefer a conspiracy theory, please make sure it takes both the technical facts and the law into account.

Topics: Microsoft, Privacy, Security, Unified Comms

Mary Branscombe

About Mary Branscombe

Mary Branscombe is a freelance tech journalist. Mary has been a technology writer for nearly two decades, covering everything from early versions of Windows and Office to the first smartphones, the arrival of the web and most things inbetween.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Beautifully and intelligently written!

    Need I say more? meh! :)

    Great article!
  • good article

    well, i am not really that surprised. the government is known for listening into people's life
    Salman A
  • The balance of peer-to-peer and centralized infrastructure

    Many Skype users don’t realize that it is a peer-to-peer network. It’s pretty amazing that they’ve built the world’s largest phone company without laying a single mile of fiber! Of course they haven’t been exactly forthcoming about this fact, and that led to users with high bandwidth (oftentimes businesses) finding out the hard way when they got “upgraded” to supernodes, which often times negatively impacted their network performance. Once Skype started offering tools to combat this, they lost many of these supernodes and needed to replace them. Skype’s outage last year was also a lesson on the vital role supernodes play in their architecture. Hosting them in a data center is a great way to create a group of trusted supernodes, and overall, it’s a small part of Skype’s cost structure. They made a pragmatic trade off here to slightly increase infrastructure costs in order to improve the user experience.

    Symform, the peer-to-peer cloud storage network which I co-founded, made a similar decision when we started. Each of our users contributes local storage space and bandwidth to the network (they know this up front). While overall our model is a decentralized architecture, the central “brain” or orchestration engine for the network, which we call Cloud Control, is centralized and hosted redundantly in a datacenter. Just like Skype, we made the same pragmatic decision to improve the overall experience for a marginal impact on our cost structure.

    P2P architectures have tremendous scale and economics, and Skype continues to benefit from them despite this somewhat small change.
    Bassam Tabbara
  • Skype alternative

    Since Skype is not so secure any more I start looking for an alternative. I found Brosix IM and I think it does a good job ! It is much more secure than Skype and I have no concerns that someone is snooping on my conversations.

    It is free of charge, ad-free and has loads of features !
    So, Bye bye Skype , Hello Brosix !
  • Jitsi - a secure encrypted XMPP Skype Alternative

    based on open source protocol and bullet proof encryption...what else do you want?
    you only have to explain your peers that you choose a non-proprietary protocol
    as well I will look into this Brosix mentioned above :)
    Vitaly Zubkov