Gnutella bandwidth bandits

The file-trading network's developers are discovering that even their wide-open, free-for-all technology might need a little policing.

Published August 9, 2002 12:03AM (EDT)

Last September, the loose affiliation of programmers who monitor the Gnutella file-trading network noticed something strange. The network, a popular hub for MP3 traders, seemed to be suffering a kind of denial-of-service attack, with some people reporting that their machines were inundated with requests for content. Though the attack seemed small, the particular design of Gnutella -- a "decentralized peer-to-peer network," in which each computer routes network traffic -- amplified its effects, causing the whole network to clog.

But when the developers got to the bottom of the problem, it turned out that there was no malicious attack -- it was just selfish code. A new Gnutella client called Xolox had recently come onto the network, and in an effort to give Xolox users faster downloads, its programmers had configured the program to frequently "re-query" the network to check for desired files. Such automated requests aren't unusual -- many programmers use the technique to improve their software's performance on Gnutella; but Xolox re-queried at dizzying speeds, causing headaches for everyone else, while possibly improving downloads for its own users.

"Will the Xolox developers please step forward?" asked one developer in the Gnutella Developer Forum (GDF), the discussion site where Gnutella developers discuss the technical aspects of the network. "If they are not present," he added, "they should be invited to the group and educated on the damage which this feature causes, especially to modem users."

The Xolox programmers were invited, but they did not come to the GDF. Some developers approached them privately to let them know of the problem, though, and Xolox responded well. "We convinced them that everyone is affected by the overall level of network performance," says Adam Fisk, a coder at LimeWire, one of the most popular Gnutella clients. "They eventually changed the re-querying algorithms."

Although the Xolox incident was cleared up, it portended greater troubles with "bad actors" on the network, some of whom aren't responding as agreeably as Xolox did. Recently, these selfish, damaging clients have so frustrated the developers who run the most successful Gnutella programs -- and who, consequently, have a lot of say in what becomes of the network -- that they're now contemplating ways to police behavior on Gnutella. That would be an ironic change for a technology born out of an act of anti-corporate defiance and which has long embraced a standard of anarchy.

This spring, a client called Qtraxmax appeared on Gnutella, and it, too, launched search requests like mad. Developers at Limewire e-mailed programmers at Qtraxmax, and though they seemed receptive to concerns, "I don't think they quite realize the scope of the problem," Fisk says. Qtraxmax accounts for only a tiny portion of clients on the Gnutella network -- according to CNet Download.com, only about 860,000 people have downloaded the program, a tiny number compared to the other Gnutella programs (LimeWire has been downloaded 13 million times, BearShare 17 million, and Morpheus 98 million).

But Qtraxmax doesn't need a huge user base to cause big problems. Gnutella is quite vulnerable to being flooded with excessive automated queries, Fisk says. If Gnutella didn't entirely collapse, he adds, "you would definitely just slow the network down to a crawl."

Salon's e-mail requests to Qtraxmax bounced back, and since its developers don't participate in any of the online discussion boards devoted to Gnutella, it's unclear if the company -- which is apparently based in Hong Kong -- is addressing the problem.

But Gnutella developers aren't waiting around for Qtraxmax to start behaving well. On Gnutella discussion sites, programmers are discussing a number of technical proposals that would make access to the network contingent on good behavior: If you write code that hurts Gnutella, in other words, you don't get to play. One idea would allow only "clients that you can authenticate" to speak on the network, Fisk says. This would include the five-or-so most popular Gnutella applications, including "Limewire, BearShare, Toadnode, Xolox, Gtk-Gnutella, and Gnucleus." If new clients want to join the group, they would need to abide by a certain communication specification.

In theory, such a system could both cut down on selfish behavior on the network and go far in preventing malicious attacks from the recording industry, which many Gnutella developers expect. There aren't yet solid technical plans for these proposals, but "if the situation gets bad enough," says Fisk, limiting the network to a few well-behaved programs is "definitely a possibility" during the next year. With Gnutella developers worrying about bad clients and the recording industry, people are now rethinking "having this network where you allow just anyone on."

Such a move might seem out of place in a project that, from the outset, has held itself up as a foe of authority. But Gnutella has outgrown its cowboy days, and some developers, over time and through force of will and coding savvy, have in fact become Gnutella's leaders. Bearshare's Vincent Falco, Gtk-Gnutella's Raphael Manfredi, and the developers at LimeWire are some of the most impassioned, informed, and indeed authoritative voices on the GDF. As designers of the more established Gnutella clients, they also have the most invested in the system, and the most to lose if the network goes down thanks to the pranks of a few upstarts. Their need, now, to bring order to an open system is only natural -- but there's no telling how other Gnutella developers will react to the proposed ideas.

In a way, say people in the open-source movement, Gnutella is in a spot that many open projects have faced before; it's a strange mix of order and disorder, upstarts and old-timers, proprietary interests and open-source purists, and it needs to find the right balance, or it could founder.

Gnutella has always been more a provocative technical idea than a useful file-trading network. When it was released, it was billed as an improvement over Napster, whose network required central servers and was therefore vulnerable to legal attacks by the recording industry. Gnutella is fully decentralized, and that, people said, rendered it immune to legal action; in late 2000, when Napster's court-imposed shutdown seemed imminent, it was this promise of Gnutella's invincibility that seemed to sustain most file traders.

But from the beginning, Gnutella exhibited a frustrating reluctance to "scale" -- to perform adequately for large numbers of users -- and when Napster did eventually shut down, in 2001, Gnutella wasn't ready for influx of refugees. Instead, Morpheus, KaZaA and Audiogalaxy -- all faster, non-Gnutella clients -- became the center of file trading. (Morpheus is now a Gnutella client.)

Gnutella is often called "an open-source application," but that's not correct. Although many Gnutella developers embrace the open-source ethos and release their programs under open licenses, Gnutella itself is only a protocol -- a predefined language for communication. It's this protocol that's open. Any developer can freely create a client to speak the Gnutella language, and any client that speaks the language can talk to all others that do. The common protocol allows for a bigger community of file sharers, and it leads to fewer points of centralization. But because developers are free to implement their own variations on network standards, this open system can also be seen as the cause of some of Gnutella's performance problems.

The openness has, for example, most likely hindered Gnutella's ability to scale up. During the last couple of years, Gnutella programmers have developed a number of techniques to deal with the system's scaling problems, the most important being the introduction of "super nodes."

The Gnutella network, as initially created, could be thought of as something like a very noisy cocktail party: If there are 10 people in a room, and one person wants a drink from someone way at the other end of the room, the "get me a Perrier" message would spread around the room raucously, getting passed from neighbor to neighbor in no organized manner. The message would, eventually, get passed to the right person, but only after a lot of unnecessary chatter. Super nodes were created to quiet down the system; they act as the network's traffic cops, directing queries and preventing excessive replication of requests.

But because there are no set-in-stone rules in Gnutella to determine which machines should become super nodes, each developer seems to have a slightly different idea for how to implement them. This would be fine if all developers set relatively high standards for super nodes -- but some programmers set the bar too low, allowing any machine that uses its software to have this special status. Not coincidentally, this boosts performance for people who use that program and slows everyone else down.

Qtraxmax, the program that won't stop sending out automated queries, has also been accused of super node abuse. "Note that clients like Qtrax and Shareaza allow leaves with limitless numbers of [super nodes]," wrote BearShare's Falco in the GDF. "This incredibly selfish behavior causes a flood of query traffic. Although it maximizes results for the local user, it impacts the network greatly. If every client behaved like Qtrax, Gnutella would surely fall."

On the GDF, there is constant back-and-forth over proposals to deal with such problems, and ideas are well-vetted before they're implemented en masse. Though there's a formal voting mechanism, it's hardly ever used, but new ideas aren't often implemented without consensus. There is currently a debate over a proposal to require "digital certificates" for clients to join the Gnutella network. Such certificates would work essentially like passports on the network -- passports issued, and, if necessary, revoked, by the group. It's not clear if this proposal will amount to anything; developers say that if it's rejected, some other scheme to secure the network will likely take its place.

Alan Cox, a veteran Linux developer, says that he's seen this sort of debate before, and he's not against a system that keeps out malicious users using technology. "Years and years ago this came up with a game called Xtrek," Cox says. People were building clients with unfair capabilities to play the space game -- and the solution, says Cox, was to introduce digital signatures. "Unless a client has been signed, it can't play. You could build any client you wanted, but what you can't do is build an Xtrek client that let you play better."

But some developers wince at the thought of using signatures to close off an open network. "There's something inherently brittle about it," says Brian Behlendorf, the co-founder of the Apache Web server project. "Especially when you're talking about an open protocol, from a philosophical perspective, I don't think it works. That seems to me like it would have inhibited innovation. It's fundamentally undemocratic. I can't imagine what HTTP" -- the protocol at the heart of the World Wide Web -- "would've looked like if we required that." Nodes on a network can certainly take "defensive measures" to protect themselves from bad actors, Behlendorf said, and he said that engineers had built that security into the protocols that govern the Internet.

But Gnutella is a different conceptual beast from the Internet, both in its engineering -- its fluid nodes and peer-to-peer architecture -- and, more importantly, in its governing ethic. To put it most simply, Gnutella has few rules because it has few leaders, and both Cox and Behlendorf agree that for an open project to work, it needs to have a leader that the other developers trust. In Linux, Cox says, "Linus wins -- but Linus [Torvalds, Linux's creator] rarely makes a decision except when consensus simply isn't going to be reached." Also, Cox says, "I worked it out one time, and he turns out to be right nine times out of 10."

By design, Gnutella lacks authority, and that could account for its problems. Fisk, of Limewire, makes clear that he and the other veteran developers have no intention of "taking over" Gnutella, but it's also obvious, he says, that stable clients make for a better network. When Gnutella developers think of their network, they don't think of it as a mere MP3 trader, Fisk says. They see it as a revolutionary new protocol for the Internet, one that could be especially important for the sort of huge file transfers that are promised for our impending broadband age. That was the vision that Gene Kan, the developer who did much to popularize Gnutella -- and who committed suicide in July -- used to have for the system. And in order for that vision to come to pass, programmers say, Gnutella needs to be more stable. And for that, Gnutella needs firmer rules.

But will the project splinter if the big guys make their rules? "It could," says Cox. "The project could fork" -- meaning that developers who don't like the rules would split and start their own version of Gnutella. "If you've got people who make bad decisions, the nice thing about open source is, you can always do what you want. And in the end, it only depends on which system is better. There will be a natural selection."


By Farhad Manjoo

Farhad Manjoo is a Salon staff writer and the author of True Enough: Learning to Live in a Post-Fact Society.

MORE FROM Farhad Manjoo


Related Topics ------------------------------------------