Intel Whitepaper On UPnP

← Back to Stories (view on slashdot.org)

Posted by timothy on Saturday June 7, 2003 @11:32AM from the play-more-pray-more dept.

An anonymous reader writes "This article by two developers at Intel provides an introduction and overview to Universal Plug and Play (UPnP), a standards-based technology for transparent network device connectivity that allows devices from various vendors to "just work" when plugged into the network, eliminating the administrative hassle typically associated with networking devices and making them programmable entities that can be controlled across the network. Intel has been a strong supporter of UPnP, and has released an open-source SDK for the development of Linux-based UPnP devices, hosted at SourceForge, which has been used in a number of UPnP products that will soon show up on the market."

28 comments

Min score:

Reason:

Sort:

Vs. Zeroconf? by TheRoss · 2003-06-07 11:36 · Score: 2, Informative

Has anyone posted a detailed comparison of UPnP and Zeroconf/Rendevous? They seem to accomplish similar things.

Please reply to this comment with any links.
1. Re:Vs. Zeroconf? by KeyserDK · 2003-06-07 20:29 · Score: 1
  
  Zeroconf is a much larger beast. What you can compare is SLP (Service location protocol) www.openslp.org and UPnP (?). zeroconf gathers all the small details for ip/dns issues so that ip/dns(local) networking can "just work". SLP is what apple uses for itunes & and their IM so you can find anyone on your own subnet using the same program (or service), it's an service location protocol ;)
  
  Microsoft didn't like SLP for a number of reasons, although i can't find the URL to the guy who designed uPnP for microsoft. He had a nice informative site.
  
  But I'm pretty sure you can make 1:1 functional (what it does) comparison between SLP and uPNP. The design is the thing that makes them different.
  
  Hope it helps. (i'm in a hurry)
  
  --
  still reading?
2. Re:Vs. Zeroconf? by Anonymous Coward · 2003-06-08 07:07 · Score: 0
  
  "Microsoft didn't like SLP for a number of reasons"
  
  Well, they already have their own "SLP" in the form of NetBIOS. Why confuse the market by reinventing the wheel when they are trying to migrate people to Active Directory?
3. Re:Vs. Zeroconf? by smallduck · 2003-06-09 10:22 · Score: 1
  
  Zeroconf is a much larger beast.
  
  Larger? Hmm, in ascii sort order I suppose it is.
  
  What you can compare is SLP (Service location protocol) www.openslp.org and UPnP (?).
  
  Perhaps an interesting comparison. But useless if you wanted to talk about zeroconf.
  
  zeroconf gathers all the small details for ip/dns issues so that ip/dns(local) networking can "just work".
  
  Yup, that's 2/3rds of zeroconf. At last year's Apple developer conference, Stuart Chesire talked about zeroconf as encompassing 3 areas: addressing, naming, browsing.
  
  Dynamic addressing without a dhcp server is achieve using IPv4 link-local addressing, which isn't specific to (and i think predates) zeroconf. In fact UPnP also relies on link-local addressing I hear. This has been implemented in windows & mac os for some time now - its the 169.254/16 default address you get when you can't connect to your dhcp server.
  
  Naming is done using something called multicast dns where essentially normal dns request can be multicast on the local network, instead of sent to a specific name server. A tiny daemon "mDNS responder" on each device is all thats needed for multicast dns to work.
  
  these are those small detail, as you say, that let ip/dns(local) networking "just work".
  
  SLP is what apple uses for itunes & and their IM so you can find anyone on your own subnet using the same program (or service), it's an service location protocol ;)
  
  Nope. From apple's rendezvous faq:
  
  Previous versions of Mac OS X relied on SLP for service discovery, however, starting in Mac OS X 10.2, Apple is putting all of its resources behind Rendezvous, and therefore, we recommend that developers start adopting Rendezvous for service discovery instead of SLP
  
  The third part of zeroconf is browsing, ie. service discovery. This feature is essentially a kind of lookup: "what are all the file servers on my network?". Since every device has a mDNS responder for address lookup, rather than inventing a new protocol, zeroconf does discovery as an extension to dns based on existing scheme for SRV records. The draft spec is very readable, go see dns-sd.org.
  
  An interesting aspect of these discovery extensions to dns is that they can be implemented in existing names servers just by statically configurating the records that zeroconf would have defined automatically. So even if you aren't using zeroconf for dynamic address & naming, you can still use its service discovery.
  
  Microsoft didn't like SLP for a number of reasons, although i can't find the URL to the guy who designed uPnP for microsoft. He had a nice informative site.
  
  I'd like to see that, can anyone give a link? Apple obviously had similar dislikes for SLP, since they now discourage its use, but I haven't seen that discussed anywhere.
  
  An interesting thing to note is that the three names seen on most zeroconf documents are Stuard Chesire from Apple, Bernard Aboba from Microsoft and Erik Guttman from Sun. That's an interesting mix.
  
  While UPnP comes off as a strategic invention driven by top-level management at MS & Intel, Zeroconf strikes me as a group of smart guys "scratching an itch" and coming up with practical solution.
  
  quack
  
  --
  no sig, no plan, no clue
4. Re:Vs. Zeroconf? by YU+Nicks+NE+Way · 2003-06-10 03:20 · Score: 1
  
  Actually, at least on the MS side, UPnP is also a bunch of smart guys "scratching an itch". They're just scratching different itches: the zeroconf guys are working on making attachment to the network transparent to the user, the UPnP guys are working on providing transparent access to the resources on that network. The two systems together attempt to extend the stack stack which allows a user to plug in his 802.11b card (802.11b), quickly connect to a network (TCP/IP) and get an IP address (zeroconf), and find the nearest printer (UPnP). The user should only see the authentication prompt.
  
  Your comment makes it appear that Apple is trying to extend zeroconf to attach to file servers. In my opinion, that overloads the protocol unwisely. There are a number of pragmatic issues involved in binding to a network resource (e.g. bandwidth, current load, other restrictions). Those issues require negotiation between both the resource provider and the newly attached consumer, and that's why a new protocol is needed.
Security? by semaj · 2003-06-07 11:49 · Score: 2, Interesting

These systems (Rendezvous, UPnP, etc.) seem to neglect one issue that's important to me personally.

If I plug something in to my network, I want to know exactly what it's doing and what it's not. Unless I tell it otherwise I want it to sit there and do absolutely nothing. Am I missing something here? The last thing I can imagine being useful is for "intelligent" devices to start making decisions about what they think I want them to do.

--
Meep meep
1. Re:Security? by Anonymous Coward · 2003-06-07 11:52 · Score: 0
  
  You're wrong. That's not what you really want. What you really want is for any device to do exactly what it's supposed to do. You don't want your devices doing nothing unless you tell them do. That's a configuration nightmare.
  
  If you want to continue to live in the bad old days where everything had to be configured in order to work, go ahead. The rest of the world will view you as a quaint throwback at worst.
2. Re:Security? by bmetzler · 2003-06-07 13:32 · Score: 2, Insightful
  
  If I plug something in to my network, I want to know exactly what it's doing and what it's not.
  You seem to think that everyone wants, or should want, what, and only what you want. It's not true, people have diverse needs.
  
  If you want your devices to just sit there dumbly, that's fine, turn uPnP off. But for the rest of us, it makes administration easy when things "just work."
  
  If accounting needs a new printer, it is nice for me if I don't need to touch all 60 computers in accounting when I plug the printer in. It should just show up on all the computers. What's more, it should be the default printer if that's what I want.
  -Brent
3. Re:Security? by rfsayre · 2003-06-07 16:34 · Score: 1
  
  haha yeah, right. you're making an arbitrary distinction.
  
  do you have your browser pop up a dialog box every time it accepts a cookie?
4. Re:Security? by Anonymous Coward · 2003-06-07 19:36 · Score: 0
  
  A better question- is there any way to impose policy on these things?
  
  It's great for things to Just Work. What about Bob in Accounting plugging in his PDA and having it Just Work to snarf employee records/sniff printer traffic for competing employees' paychecks being printed (salary info)/etc?
  
  But more generally, we don't always want our firewalls (even on our *desktops*) opening new ports to unknown chunks of driver code without some knowledge, at least, that it's occurring. It seems easy enough for 'PnP' devices (and not having used UPnP, I've no idea how far it extends) to check for a policy server (e.g., built into a desktop OS, and/or as a standalone on a corporate network), which in turn should be monitoring as much UPnP traffic as it can, and logging events for scrutiny by an admin.
  
  Ideally, some sort of Bluetooth-esque keying system could exist, to allow for plug-and-*minimal*-configuration, while avoiding the creation of massive holes.
5. Re:Security? by semaj · 2003-06-07 20:59 · Score: 1
  
  You seem to think that everyone wants, or should want, what, and only what you want. It's not true, people have diverse needs.
  
  I said: "These systems (Rendezvous, UPnP, etc.) seem to neglect one issue that's important to me personally.". How is that "thinking that everyone wants"?
  
  --
  Meep meep
6. Re:Security? by bmetzler · 2003-06-09 00:01 · Score: 1
  
  I said: "These systems (Rendezvous, UPnP, etc.) seem to neglect one issue that's important to me personally.".
  But that doesn't make sense. If it is just important to you personally, then why bother being interested in it. Just never use it. You seem to think it problematic, but that "problem" would affect everyone.
  -Brent
Oooo, yes by ThePeices · 2003-06-07 11:51 · Score: 1

Good one on the part of Intel with comming out with a SDK for linux as well for other platforms. This is exactly the sort of stuff we need to see more often from major companies. It helps to keep linux up to date from the people who make this stuff, not having the end users rely on people to hack apart the specs themselves and write drivers from scratch. Good one Intel.
And SLP ? by Anonymous Coward · 2003-06-07 11:54 · Score: 0

What about using atleast a standard ?
SLP - service location protocol. RFC 2608
Take a look at e.g. www.openslp.org and www.srvloc.org
Once OpenSLP implements RFC 3011 , cool things can be done,
e.g. get rid of stupid ipv6 dhcp servers, and serv configuration through SLP.
No-Nos/Re-inventing the wheel. by Bri3D · 2003-06-07 11:57 · Score: 2, Interesting

Intel has done two things wrong with this: 1) Reinventing the wheel. Zeroconf is already there, and open-source too. You'd think that with a "universal" standard, you'd at least want to go with what's already there. 2) Trying to shove on Apple again. This time, it's going to be harder though, because Zeroconf already is supported on many devices and applications, including the TiVo. Another reason to just use Zeroconf.
Dates. by hackwrench · 2003-06-07 12:14 · Score: 1

Does anybody have dates corresponding to various milestones of UPnP and Zeroconf. I heard of UPnP before I heard of Zeroconf. However, it's gone a long time without many products that I have seen.
1. Re:Dates. by Anonymous Coward · 2003-06-07 15:42 · Score: 0
  
  No dates but timing is not very relevant. All that really matters about any standard is early adoption rates.
  
  UPnP had several recent issues with WinXP when WinXP rolled out. There were several security hazards, etc. Also installing XP on a network by default scanned all the available devices (mostly printers). This took forever on a large corporate LAN. I think that feature was turned off by default and UPnP disabled in general by default.
  
  Yes, UPnP was first at least in marketing and being adopted by XP. But Zeroconf was adopted by Apple and they made sure it actually worked! I can browse other Apple computers with ease, find webpages and share my iTunes TODAY! UPnP works but it's sloppy and security prone.
  
  Perhaps UPnP could work in the future after all the security fixes, etc. It's the bad press that killed it's adoption. Zeroconf is renamed Rendevzous by Apple. Don't know why they rename just about everything... i.e. Firewire, Airport, etc.
  
  At the very least both technologies are fully Open Source and the spec's are published, thank goodness for that! We'll just have to wait and see how it goes. Of course both could end up being used in different niche markets.
Re:And SLP ? by Anonymous Coward · 2003-06-07 17:10 · Score: 0

SLP is deprecated in favor of Rendezvous.
Hey Mike by MerlynEmrys67 · 2003-06-07 20:00 · Score: 0, Offtopic

Wonder if you realize you used to work for me Mr. Jeronimo...
Glad to see you have survived at Intel, and are having fun toys to play with still... I prefer faster technologies than generally make it home

--
I have mod points and I am not afraid to use them
UPnP.... another wintel "standard" by SkewlD00d · 2003-06-07 21:08 · Score: 3, Interesting

Considering the source: M$FT/intel... how likely is it to be a patent/royalty-free "open" standard? Who's on the technical committee? I love it when win/tel secretly develop a standard in a black-box environment, then get ISO/IEEE to rubber-stamp it. You get good things like DDE/DDX, OLE, OLE2, ATL, COM, ActiveX, and VBS. Well, I guess Sun is guilty for that too, w/ Java.

"All your desktop are belong to Gate$."

--
The biggest trick the devil pulled was letting lawyers become politicians so they can write the laws.
AMD hates Intel's UPNP by Anonymous Coward · 2003-06-08 04:26 · Score: 0
Big problems:
1. Slow boot
2. More, and more open source code to linux, it's very big if increasing compatibility from old ...
3. PCI is always slow, 33Mhz or 66Mhz, worse than independent buses from standard drafts ...
My better request to AMD: many independent buses for HDs, Gigaethernets, TV, SVGA and FPGAs with the condition of good "Z impedance".
JCPM (c) (kloneright)
1. Re:AMD hates Intel's UPNP by Anonymous Coward · 2003-06-08 05:16 · Score: 0
  
  i say i: why did Intel reinvent the wheel of communication "USB" if Ethernet was good?
  ^-wolf-friend-^
2. Re:AMD hates Intel's UPNP by Anonymous Coward · 2003-06-08 05:20 · Score: 0
  
  and Wireless and TVnet!!!
  Manolito (Duplikateright)
Re:UPnP sucks for everyone by Anonymous Coward · 2003-06-08 15:31 · Score: 0
Quoting the article:
devices periodically advertise their presence on the network ...

Unsecured devices continually volunteering personal information to the outside world? I don't want:
- drive-by advertisers using up paper on my printer.
- my neighbor snooping into the contents of my camera.
- monitoring of my song selections by assorted profilers.
- network bandwidth being interrupted just so my neighbor's electronic picture frames can say "I'm here.". My neighbors will probably buy this stuff oblivious that they are making somebody's network worthless.
On second thought, I take all of that back. Come to think of it I have decided I like UPnP. Not only can I viewz0r my neighbor's electronic picture frames, I can give them, and their noisy kids, something really educational to look at.
...An AMD ad, of course. Take your mind out of the gutter!
My impression of UPnP by Ben+Hutchings · 2003-06-09 02:39 · Score: 1

UPnP: providing remote administration to Windows XP since 2001.
I've played around with it by sofad · 2003-06-09 03:01 · Score: 2, Interesting

This is a pretty "new" technology. There is not that many resources/ user group about it.
I have a Microsoft wireless router (MN-500) and it supports UPNP.
I started looking into it and it looks like there are a few cool COM objects that can be used in conjunctions with Advanced XML namespaces to do intersting things programatically.
I wonder what kind of security they put into it ...?
One of the feature/use of UPNP is to traverse and handle NAT properly.
The thing that really bug me, is that they keep adding MMSG ports ( I guess they are from MSN messenger) to my static list of redirected ports.
Geez, stick with one, don't take 10/20 of my port redirections.
All I need is for one of those ports to become easily exploitable and I'm toast !
I can see why it's nice:
MY Webcam/ VOIP/ Remote Assistance, all of the features of MSN Messenger on XP (some avail on other versions) just work.
I still would like to keep it to a few static, non changing ports.
Anybody else experienced that kind of behavior ?
MSFT & UPnP by Axello · 2003-06-10 08:13 · Score: 1

On http://www.microsoft.com/WINDOWSXP/pro/techinfo/pl anning/networking/nattraversal.asp there is a rather interesting article explaining the basics & problems associated with NAT. For beginners. At the end they explain the Windows API for UPnP.

The list with Limitations of NAT Traversal is funny, were it not that this will open a cornucopia of new virus possibilities. NAT Traversal is one of the possible solutions in a UPnP device:
NAT Traversal technology has been created to enable network applications to detect the presence of a local NAT device. Once detected, the application can then configure the NAT, defining the appropriate mappings to solve their compatibility issues.

So far so good. However:
* NAT traversal has an open trust model. This means that all application on the private network have access to all the port mappings on a NAT. This allows for a great amount of flexibility of multiple points of administration, but applications do not have exclusive ownership of their mappings.
Oh goody, Open Trust, sounds like an MSFT technology enhancement!

* Conflict resolution is the responsibility of applications. If an application tries to map a port that is already mapped to another client, it is up to the application to either find another port or overwrite the application.
This means that if a rogue email client wants the smtp port redirected to its office machine, the real email server doesn't get any mail, because it is the responsibility of the rogue application!

* Applications are responsible for cleaning up after themselves when they are done with a port mapping. Static mappings persist indefinitely and are most appropriately used by services that intend to listen on well-known ports for the life of the application.
This means that on top of memory leaks, we can have portmap leaks: applications that are not written correctly will 'hog' the UPnP router ports, spoiling it for others.

I first encountered this UPnP thingy when a colleague of mine couldn't use video chat with his MSN Messenger client. It seems MSN wants to have UDP portmaps from, 5004 - 65535 mapped to the PC it is using. Funny that. Most other video clients only use 2 ports, at most. Instead of improving their MSN protocol to play nice with other network clients, MSFT invents a new, Universal Plug & Play standard!

I think I'll stick with iChat.
Aggh NAT is a fucking hack and this is a hack of.. by Anonymous Coward · 2003-06-10 20:49 · Score: 0

...a hack!!!

Microsoft/Intel are HOLDING THE WORLD BACK by in introducing somthing that will make that sickening hack called NAT hang around like the bad smell it is.

NAT is like a big smelly shit in a toilet. This UPnP crap is like opening the door to the toilet and smelling the fart smells. IPv6 is like flushing the toilet and spraying fragrant toilet spray.

Don't introduce UPnPray, (pray for securities sake), introduce IPv6 GOD DAMN YOU INTEL and MICROSHAFT!!!