Peer Name Resolution (PNRP) - netsh

Background

This is the second article of many where I will talk about the practical use of Microsoft's Peer-to-Peer technology. The first article introduces the concepts of clouds, peer names and peer name resolution (a server-less DNS). This article describes a useful tool called netsh that Microsoft includes for general network diagnostics and management. Besides firewall management, this tool has been updated to help with diagnosing peer-to-peer communication. When developing peer-to-peer applications, this tool is useful for diagnosing clouds and peer names.

Introduction

On a Windows XP Service Pack 2 computer with Peer-to-Peer network services installed, open a command prompt and type netsh to start the network diagnostics utility.

Next type p2p to move into its peer-to-peer capabilities. Then type pnrp to move into the Peer Name Resolution capabilities.

At this level there are three useful commands; cloud, peer and diag. Let's explore cloud first by typing cloud.

Cloud

The cloud command contains three useful sub-commands; repair, sync and show.

Repair

Repair is used to check if the network has been partitioned and attempts to correct this or any inconsistencies in the peer-to-peer network graph. Rather than repeat a detailed explanation of what this means, check out the links below in the Links to Resources section. The "Introduction to Windows Peer-to-Peer Networking" page provides a step-by-step example of Detecting and Repairing a Graph Partition. Also, Microsoft's Patent Application for "Peer-to-peer cloud-split detection and repair methods" provides an in-depth description of the algorithm used to maintain a consistent and optimal peer network topology.

Sync

Sync contains two sub-commands; host and seed. Syncing updates the local cache of a cloud with PNRP IDs from either a specified host or a seed server.

Microsoft maintains a seed server (DNS name pnrp.ipv6.microsoft.com). This server acts as an "always on", well known server that peers can use to bootstrap into the Global_ PNRP cloud. Using the standard ping or ping6 command results in a reply from an IPv6 address. If you type "sync seed" and the number of returned IDs is greater than 1, then you have connectivity to the PNRP seed server. The returned IDs are other nodes in the Global_ cloud.

The "sync host" command requires an additional host name parameter and optional cloud name. Typing "sync host pnrp.ipv6.microsoft.com Global_" is the equivalent to sync seed. Sync host allows synchronizing the PNRP IDs with an arbitrary host assuming it is running the PNRP service and is a member of the same cloud.

By now you might be wondering; what is a PNRP ID? PNRP IDs are 256 bits long and are composed of the following:

• The high-order 128 bits, known as the peer-to-peer (P2P) ID, is a hash of a peer name. Recall from the first article that a peer name has the format Authority.Classifier. 0.test is an example of an unsecured peer name.
• The low-order 128 bits is a generated number that uniquely identifies different instances of the same P2P ID in the same cloud.

The 256-bit combination of the P2P ID and the instance allows multiple PNRP IDs to be registered from a single computer. You will see some PNRP IDs below.

Show

The Show command has four sub-commands; init, list, names and stats.

The "show init" command displays the cloud bootstrap configuration and status.

Scope Id    Addr  State            Name
----- ----- ----- ---------------- -----
1     0     1     Virtual          Global_

Synchronize server: pnrp.ipv6.microsoft.com
Use Server: Not used
Use SSDP: Not used
Use Persisted cache: Not used


Scope Id   Addr  State    Name
----- ---- ----- -------- -----
3     4    1     Virtual  LinkLocal_{D18BDF3B-A236-4949-9C1D-AC85D97955FC}

Synchronize server:
Use Server: Disabled
Use SSDP: Not used
Use Persisted cache: Not used

• Scope is an internal PNRP_SCOPE value indicating the cloud's scope (Any=0, 1=Global, 2=Site, 3=Local).
• State is an internal PNRP_CLOUD_STATE value indicating the state of the cloud. In this example, Virtual indicates the cloud has not been initialized. Running the start command (from within the cloud context of netsh) will synchronize the local node with the cloud and change the state to Active. Typically though, starting your first peer-to-peer application will initialize the cloud.
• Synchronize Server indicates the seed server to use to locate peers and synchronize.
• Use Server indicates the DNS name of a caching server to use during startup to load the current state of the cloud.
• Use SSDP indicates the address or addresses of nearby nodes that support the Universal Plug-and-Play (UPnP) Simple Service Discovery Protocol (SSDP). A node joining a cloud can use this protocol to locate nearby nodes. This is useful when a seed server is not available.
• Use Persisted Cache indicates that the previous cache entries that were present when the node was shut down are loaded from hard disk.

To understand more about the multi-level caching schema PNRP uses for clouds containing a large number of nodes, refer to the Scaling Peer Name Resolution with a Multi-Level Cache section in the "Introduction to Windows Peer-to-Peer Networking" link below.

Note that one LinkLocal_{GUID} entry will appear for each network adapter you have installed. On corporate networks, you may also see a SiteLocal_{GUID} entry listed. Also, the GUID is unique for every link.

The "show list" command shows a simple list of clouds to which the node is connected.

Scope Id    Addr  State            Name
----- ----- ----- ---------------- -----
1     0     1     Active           Global_
3     4     1     Virtual          LinkLocal_{D18BDF3B-A236-4949-9C1D-AC85D97955FC}

The "show names" shows a list of registered peer names. The next section discusses how to register a peer name using netsh.

P2P Name:     0.test
Identity:     Default
Comment:      test
PNRP ID:      6e91887ad830b250369ce44241135dcf.000000000000000026db5841f8689978
State:        OK
IP Addresses: [0000:0000:0000:0000:0000:0000:0000:0001]:8350 udp
              192.168.2.27:8350 tcp

In this example, 0.test was registered. Since it's an unsecured peer name, the default identity is used. The corresponding 256-bit PNRP ID is shown. Finally, the addresses and ports (also known as end-points) associated with this name are listed.

The "show stats" command displays the following additional information when a cloud is Active.

IP Addresses: [3ffe:831f:4004:1950:8000:4039:bb6f:38ea]:3540

Number of cache entries: 41
Estimated cloud size: 1250
Number of registered names: 1
Throttled resolves: 0
Throttled solicits: 0
Throttled floods: 0
Throttled repairs: 0

• IP Addresses shows the list of IP addresses used to connect to the cloud. In this case, the IPv6 address of the node on port 3540 (teredo) is shown.
• The remaining entries are useful statistics indicating cache and cloud sizes and any throttling that may be occurring within the cloud.

Peer

While in the cloud context, just type "peer" to move to the peer capabilities of the netsh utility. The peer command contains five useful sub-commands: add, delete, list, resolve and tracert.

Add

The Add command allows you to register a peer name in a cloud. For example, type "add 0.test" to register an unsecured peer name in the Global_ cloud.

Delete

The Delete command deletes a previously registered peer name in a cloud. For example, type "delete 0.test" to delete the peer name just registered.

List

The List command simply lists any registered peer name in the Global_ cloud. There is no way to list names registered in other clouds.

Resolve

The Resolve command lets you resolve or lookup a peer name within a cloud. However, the application that registered the name must be running. Names registered using the Add command cannot be resolved. To see this working, use the PnrpViewer application included with my first article to register a name. Once registered, type "resolve 0.Me".

netsh p2p pnrp peer>resolve 0.Me

Resolve started...

Found: Comment: It worked!
Addresses: [0000:0000:0000:0000:0000:0000:0000:0001]:0 tcp

Tracert

The Tracert command lets you lookup a peer name within a cloud, but includes the path or hops taken to each node in the cloud. For example, "tracert 0.Me" has the same output as above if the name is registered. However, if the name is not registered, you see an output something like this:

netsh p2p pnrp peer>tracert 0.Me

Resolve started...

Not Found.

Resolve Path: [3ffe:831f:4004:1956:8000:4b39:bb6f:38ea]:3540 Accepted
              [3ffe:831f:4004:1950:0000:3659:b89f:441d]:3540 Rejected 
                                                (Dead end) Suspicious
              [3ffe:831f:4004:1950:0000:b80c:306e:cd9d]:3540 Rejected 
                                                (Dead end) Suspicious
              [3ffe:831f:4004:1950:0000:304e:3746:0bcd]:3540 Accepted
                                                           Suspicious
              [3ffe:831f:4004:1956:0000:1724:b95d:d0ef]:3540 Rejected
                                                (Dead end) Suspicious
              [3ffe:831f:4004:1954:8000:0fc0:7eea:81f6]:3540 Rejected 
                                                (Dead end) Suspicious
              [3ffe:831f:4004:1952:0000:23bb:b9e4:276b]:3540 Rejected
                                                (Dead end) Suspicious
              [3ffe:831f:4004:1956:0000:2477:2722:8954]:3540 Rejected
                                                (Dead end) Suspicious
              [3ffe:831f:4004:1952:0000:345f:aea5:5e77]:3540 Accepted
                                                           Suspicious
              [3ffe:831f:4004:1954:0000:1756:aeaf:9aa2]:3540 Rejected 
                                                (Dead end) Suspicious

Any address that Accepts can be pinged (see next section). Addresses that Reject are nodes that have left the cloud or are not responding to pings.

Diag

The final command of the prnp capabilities is diag. Diag contains one useful sub-command: ping.

Ping

Ping is like the TCP/IP utility. It lets you ping an address. But in this case, it lets you ping an IPv6 node address in the cloud. There are two sub-commands for ping: host and seed.

The "ping host" requires a host name or IP address and an optional cloud name. As mentioned above, use the tracert command to discover a list of nodes in the cloud. The address of any node that Accepts can be pinged. For example:

netsh p2p pnrp diag>ping host 3ffe:831f:4004:1956:0000:fbab:ad03:038c

SOLICIT sent to address: [3ffe:831f:4004:1956:0000:fbab:ad03:038c]:3540.
ADVERTISE returned 5 ID(s) in 500 milliseconds.
          eec26ea69f8e7453ea2f2a2c0370b164.3ffe831f40041950ecdda2c2f0f8975f
          b85bec395d965258bc3f459b4523b0ef.77006600550044005ba1b9c9d11d9fd4
          ce7a7621b3121d342e82e1ac04967aa4.2002cb51ec2b0000b8a93f738e3f351f
          d346f4c416b9c761f590f0227c22e72c.7700660055004400ad6a7394f7f283e2
          daf9fa3ac213a9098cbb45bf22c15355.fe80000000000000cfd0772ab1e14b88

The "ping seed" command pings the configured seed server.

Point of Interest

If your computer is on an isolated network, it is possible to setup a machine as a well-known PNRP node to bootstrap other nodes on the network. Registry keys for each IPv6 scope (local, site and global) allow the "SeedServer" to be set. Its value must contain either a well-qualified IPv6 address and port or a DNS resolvable name. Use the Windows regedit tool and navigate to HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/PeerNet/PNRP/IPV6-<scope> to set the SeedServer values.

Finally, the netsh command in Windows Vista has several additional commands for PNRP capabilities. Once the peer-to-peer features are working, I will update this article.

Links to Resources

I have found the following resources to be very useful in understanding the netsh utility:

• How to Enable Peer Name Resolution
• Introduction to Windows Peer-to-Peer Networking
• Windows Peer-to-Peer Networking FAQ
• Microsoft's Patent Application for "Peer-to-peer cloud-split detection and repair methods"

Conclusion

I hope you have found this article a useful complement to my first article. I'm considering writing more articles on the following subjects to further your understanding of Microsoft's Peer-to-Peer technology:

1. Peer Name Resolution - Windows Vista Enhancements

2. Peer Graph - The Basics
3. Peer Graph - Nodes and Connections
4. Peer Graph - Records
5. Peer Graph - Attributes
6. Peer Graph - Searching

7. Peer Groups and Identity

8. Peer Collaboration - People Near Me
9. Peer Collaboration - EndPoints
10. Peer Collaboration - Capabilities
11. Peer Collaboration - Presence
12. Peer Collaboration - Invitations

If you have suggestions for other topics, please leave a comment. Oh! and don't forget to vote.

History

Initial revision.