Valve is opening up its latency-reducing, DoS-protecting network relay infrastructure to every developer using its Steamworks platform.
A few years ago, large-scale denial of service attacks against game servers were the news and becoming a frequent occurrence in online gaming and e-sports. To protect its own games, Valve has a number of years working on developing a networking infrastructure that makes the system more resilient to denial-of-service attacks and lower latency to boot, and the company is using this system for both Dota 2 and CS: GO
At 30 different locations around the world, Valve has established relaying servers that route networking traffic between clients and servers. These relay points provide DoS resilience in several ways. They are equipped with an aggregate of several types of bandwidth, so they can handle a certain amount of flooding in any case. Games can also switch from one relay to another without necessarily interrupting their connection. This switching can be another relay in the same location or even to another point-of-presence entirely.
The relaying also enables Valve to mask both the IP address of the game server and the IP addresses of clients connected to the server . This prevents direct attacks against another person on the same server.
Valve's system also makes decisions about how to route traffic. The company has a private backbone network with over 2,500 ISPs around the world, used for both Steam downloads and game networking traffic, and it prioritizes the network traffic over the downloads. Clients can estimate latency between two endpoints via the relays without having to send any traffic between those endpoints, enabling the clients to make decisions about which point-of-presence to use to ensure the best ping time. Valve operates STUN / TURN servers, which provide a reliable way for machines, with 1
Additionally, Valve operates STUN / TURN servers. behind firewalls and network address translation systems to send and receive network traffic.
The underlying network protocol, without relaying, has been available as open source for some time. As with many custom network protocols (such as the forthcoming HTTP / 3), this is built on the lightweight, unreliable UDP (User Datagram Protocol) rather than the more complex but reliable TCP (Transmission Control Protocol), with custom reliability features built on top of the UDP layer. The protocol is encrypted and handles many of the various tasks required to build reliable transmission over UDP, making it useful even without the Steamworks relaying features.
As a Dota 2 of, I can report that Valve's network work seems to have done the job admirably. For a time, attacks have been in the common feature of the professional scene, with many pro games being disrupted as both players and servers were flooded with traffic. Those same attacks seem to have disappeared entirely.