Valve is opening up its latency-reducing, DoS-protecting network relay infrastructure to every developer using its Steamworks platform.
A few years ago, large-scale denial-of-service attacks against game servers were making the news and becoming a frustratingly frequent occurrence in online gaming and e-sports. To protect its own games, Valve has for a number of years been working on developing a networking infrastructure that makes the system more resilient against denial-of-service attacks and lower latency to boot, and the company is using this system for both Dota 2 and CS:GO.
At 30 different locations around the world, Valve has established relaying servers that route networking traffic between clients and servers. These relay points provide DoS-resilience in several ways. They’re equipped with an aggregate of several terabits of bandwidth, so they can handle a certain amount of flooding in any case. Games can also switch from one relay to another without necessarily interrupting their connection. This switching can be to another relay in the same location or even to another point-of-presence entirely.
The relaying also enables Valve to mask both the IP address of the game server and the IP addresses of clients connected to the server. This prevents direct attacks against another person on the same server.
Valve’s system also makes decisions about how to route traffic. The company has a private backbone network peered with more than 2,500 ISPs around the world, used for both Steam downloads and game networking traffic, and it prioritizes the network traffic over the downloads. Clients can estimate latency between two endpoints via the relays without having to send any traffic between those endpoints, enabling the clients to make decisions about which point-of-presence to use to ensure the best ping time. Valve says that this has enabled some 43 percent of players to see some reduction in their ping times, with 10 percent seeing an improvement of 40ms or more.
Additionally, Valve operates STUN/TURN servers, which provide a reliable way for machines behind firewalls and network address translation systems to send and receive network traffic.
This relaying system is now available to any developer building a game using Valve’s Steamworks toolkit. The underlying network protocol, without the relaying, has been available as open source for some time. As with many custom network protocols (such as the forthcoming HTTP/3), this is built on the lightweight, unreliable UDP (User Datagram Protocol) rather than the more complex but reliable TCP (Transmission Control Protocol), with custom reliability features built on top of the UDP layer. The protocol is encrypted and handles many of the various tasks required to build reliable transmission over UDP, making it useful even without the Steamworks relaying features.
As a Dota 2 fan, I can report that Valve’s network work seems to have done the job admirably. For a time, attacks were a common feature of the professional scene, with many pro games being disrupted as both players and servers were flooded with traffic. Those same attacks seem to have disappeared entirely.
- Looks like Steam’s getting dedicated servers for non-Valve games
- DDoS attacks “are going to happen,” according to Valve
- North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data
- Valve appears to be working on a “Steam Cloud Gaming” service
- NordVPN Breach FAQ – What Happened and What’s At Stake?