Forget the conspiracy theories: Skype's supernodes belong in the cloud
Forget the conspiracy rumours about wiretapping: putting Skype's supernodes in the Microsoft datacentres is about improving performance and not appropriating bandwidth.
There's been a lot of speculation about whether Skype made changes to its architecture that were more about surveillance than performance, based on a Microsoft patent applied for before it even bought Skype. Some of this speculation arose because Microsoft and Skype initially refused to deny these allegations. An unusually combative blog post from Skype chief development officer Mark Gillett today addresses the issue by calling all the allegations false and explains some of the technical reasons for the change; check out this useful analysis by ZDNet's Ed Bott.
But there one point Gillett doesn't make that's worth remembering: anyone paying for business bandwidth should be delighted that the supernodes are now in the cloud, where they belong.
Because Skype is peer-to-peer, it needs a directory of routes for getting from one machine with Skype on to another, and it needs to be able to direct Skype-to-Skype calls between users behind NAT connections (like the firewalls on DSL routers, especially when the IP address is going to change whenever your ISP feels like it). Supernodes are the heart of the distributed directory so there are machines accessing them all the time to get the right route to make a call. As well as managing directory look-ups, Skype supernodes also proxy voice calls and file transfers.
Before moving the supernodes into the cloud, Skype would park them in peer-to-peer fashion on any network with a system running Skype that had particularly good bandwidth. If you were a small business paying for a high-bandwidth internet connection, you might have no idea you'd become a supernode until you found your network slowing down and your traffic allowance getting used up by the peer-to-peer directory look-ups rather sooner than you liked.
In 2010, Skype released a set of Active Directory Group Policies for controlling Skype on a company network: this covered things like locking down the ports used to connect to the Skype network; choosing how the Skype software checked for updates; and whether third-party add-ones could access the Skype API. It also included the DisableSupernodePolicy to stop any Skype client on a network from being elected a supernode.
Once enough businesses started refusing to share the bandwidth they were paying for with all the Skype users around the world, putting the supernodes in fast, well-connected datacentres was the only approach Skype could take. Handily — and perhaps not coincidentally — it was bought by a company with plenty of fast, well-connected datacentres.
Does Skype co-operate with legal surveillance requests even though it encrypts Skype-to-Skype calls? News flash: every communications provider co-operates with legal surveillance requests. It has nothing to do with the architecture.
What's more thought provoking is the question of how well peer-to-peer systems can operate at scale without relying on high-bandwidth boosts from datacentres and the cloud and what that means for the open internet as net neutrality comes under threat. Bandwidth and computation aren't free (and neither is the electricity needed to run them); there are a lot of complex questions about shared resources and access that need to be addressed.
If you want to join the discussion about that and you're in the EU, go take part in the public consultation about net neutrality (before 15 October, 2012). If you prefer a conspiracy theory, please make sure it takes both the technical facts and the law into account.