Skype suffered an extended service outage last week. There
were a lot of rumors about how this was the result of
some sort of attack, though Skype
denies it. Here's what they say:
Apologies for the delay, but we can now update you on the Skype
sign-on issue. As we continue to work hard at resolving the problem,
we wanted to dispel some of the concerns that you may have. The Skype
system has not crashed or been victim of a cyber attack. We love our
customers too much to let that happen. This problem occurred because
of a deficiency in an algorithm within Skype networking software. This
controls the interaction between the user's own Skype client and
the rest of the Skype network.
I don't have any more information about this than anyone
else, so it could be either an attack or just a simple error.
In either case, even if you believe Skype's story, it suggests
that the Skype system is fairly brittle. Basically, any
problem with Skype's central servers, whether through
attack or error, has the potential to bring down Skype as
a whole. By contrast, in a more distributed/decentralized
system, global outages tend to be a lot less common.
For instance, if I have an account with SIP server Atlanta
and you have an account with SIP server Biloxi, an outage
at server Chicago doesn't affect us at all. Of course, if
there's some sort of large-scale Internet outage, this can
affect us, but such issues aren't that common and of course
Skype is just as vulnerable to such issues.
I'm not arguing that SIP is somehow inherently superior to
Skype. It's quite possible to build a SIP-based system which
is just as centralized and fragile—if Vonage's servers
go down, then no Vonage customer will be able to make
phone calls. On the other hand, there are other SIP providers
and they aren't affected by Vonage outages. The difference
here is that Skype is inherently centralized, and you
basically can't use Skype without talking to their servers somehow.
1. By contrast, SIP was specifically
designed to be used in a decentralized environment, much like
e-mail is now, and clients and servers from separate vendors
more or less interoperate—though of course some
network operators won't allow direct SIP connections so you sometimes
(often?) need to go through the PSTN for SIP UA A to talk to SIP UA B.
This isn't to say that decentralized systems are inherently better,
of course, but they are generally more resistant to this particular
failure mode.
1. Yes, the Skype protocol has been
reverse
engineered, but as far as I know there aren't any compatible
clients or servers, and Skype's implementation is deliberately
designed to be closed—you shouldn't expect to be able
to use Skype's clients with such a service, which significantly
decreases the value of using the Skype protocol.