Internet Gateway Device Protocol

From Wikipedia, the free encyclopedia
Diagram of the UPnP's discovery phase

Internet Gateway Device (IGD) Protocol is a protocol based on Universal Plug and Play (UPnP) for mapping ports in network address translation (NAT) setups, supported by some NAT-enabled routers. It is a common communications protocol for automatically configuring port forwarding, and is part of an ISO/IEC Standard[1][2][3][4][5][6][7] rather than an Internet Engineering Task Force standard.


Applications using peer-to-peer networks, multiplayer gaming, and remote assistance programs need a way to communicate through home and business gateways. Without IGD one has to manually configure the gateway to allow traffic through, a process which is error-prone and time-consuming. Universal Plug and Play (UPnP) comes with a solution for network address translation traversal (NAT traversal) that implements IGD.

IGD makes it easy to do the following:

The host can allow seeking for available IGDv1/IGDv2 devices with only one M-SEARCH for IGDv1 on the network via Simple Service Discovery Protocol (SSDP) which can be controlled then with the help of a network protocol such as SOAP. A discover request is sent via HTTP and port 1900 to the IPv4 multicast address (for the IPv6 addresses see the Simple Service Discovery Protocol (SSDP)):

MAN: "ssdp:discover"
MX: 2
ST: urn:schemas-upnp-org:device:InternetGatewayDevice:1

Security risks[edit]

Malware can exploit the IGD protocol to bring connected devices under the control of a foreign user.[8][9] The Conficker worm is an example of a botnet created using this vector.[8]

Compatibility issues[edit]

There are numerous compatibility issues due the different interpretations of the very large actually backward compatible IGDv1 and IGDv2 specifications. One of them is the UPnP IGD client integrated with current Microsoft Windows and Xbox systems with certified IGDv2 routers. The compatibility issue still exist since the introduced of the IGDv1 client in Windows XP in 2001, and a IGDv2 router without a workaround that makes router port mapping impossible.[10]

If UPnP is only used to control router port mappings and pinholes, there are alternative, newer much simpler and lightweight protocols such as the PCP and the NAT-PMP, both of which have been standardized as RFCs by the IETF. These alternatives are not yet known to have compatibility issues between different clients and servers, but adoption is still low. For consumer routers, only AVM and the open source router software projects OpenWrt, OPNsense, and pfSense are currently known to support PCP as an alternative to UPnP. AVM's UPnP IGDv2 and PCP implementation has been very buggy since its introduction. In many cases it does not work.[11][12][13][14] The open source router software projects use the MiniUPnPd[15] server, which supports all three protocols.

See also[edit]


  1. ^ "UPnP InternetGatewayDevice v1.0/v2.0". UPnP Forum. 2010-12-10.
  2. ^ "UPnP InternetGatewayDevice v1.0" (PDF). UPnP Forum. 2001-11-12.
  3. ^ "UPnP InternetGatewayDevice v2.0" (PDF). UPnP Forum. 2010-12-10.
  4. ^ "UPnP Device Architecture v1.0" (PDF). UPnP Forum. 2008-10-15.
  5. ^ "UPnP Device Architecture v1.1" (PDF). UPnP Forum. 2008-10-15.
  6. ^ "UPnP Device Architecture v2.0" (PDF). OCF. 2020-04-17.
  7. ^ ISO/IEC 29341,
  8. ^ a b Danny Palmer (2017-07-19). "This sneaky malware will cause headaches even after it is deleted from your PC". ZDNet. Archived from the original on 26 January 2021. Retrieved 2021-02-02.
  9. ^ Mike Barwise (2008-01-15). "Unwanted remote configuration for home routers". Heise Media UK Ltd. Archived from the original on 8 December 2013. Retrieved 2012-07-21.
  10. ^ MiniUPnPd's workaround: Detect FDSSDP as a microsoft client
  11. ^ UPnP not working with my FRITX!Box
  12. ^ UPNP_GetValidIGD returns Temporary IPv6 Address, causing UPNP_AddPinHole to fail with 606 #600
  13. ^ upnpc shows wrong duration for port forward longer than 120 seconds #222
  14. ^ Setting up portforward doesn't work
  15. ^ MiniUPnP is a free, lightweight open source client/server and C-library with support for UPnP IGD and additionally PCP/PMP as server

External links[edit]