a common but rarely-named systems concept

An introduction to "introduction": a common but rarely-named systems concept

Introduction is simple to describe: It's when you (A) talk to some server B, which gives you a way to communicate directly to (introduces you to) some other server C.

A few things which do introduction:

• A webserver (B) returns HTML which contains URLs which introduce you to other servers (C)
• A query to a DNS server (B) can return an IP address which introduces you to another server (C)
• In general, a query to a service discovery server (B) can introduce you to someone providing that service (C)

Introduction is not always simple to implement. In fact, it's more interesting when it's not simple.

• Consider a video game matchmaking server. You (A) talk to the matchmaking server (B), and it identifies some other player (C) who you should play a match against.

  But both you and the other player might be behind a NAT, which means the matchmaking server can't just give you the IP address of the other player and let you talk directly.

  Instead, a more complex process of introduction (such as STUN) has to happen, coordinated by the matchmaking server (and possibly more servers), which establishes a bidirectional direct connection, passing through the NAT, between you and the other player.

  The presence of a NAT means there's not a single globally accessible address space where anyone can reach anyone else. Instead, you have to go through a more complicated process to establish a channel for communication.

• Another example is Unix domain sockets, which like Internet sockets support sending and receiving raw bytes to a local Unix server, but which also, through a feature called SCM_RIGHTS, allow you to send and receive connections to servers, in the form of file descriptors.

  So if you (A) send a request to a Unix server (B), then it can introduce you to another Unix server (C) by sending you an already open connection to that server, even if the server is inside a different container or is otherwise inaccessible to you.

• With SIP, you (A) call some user by contacting a SIP server (B), and get back an IP address and cryptographic key for the user you want to call (C). You can then securely send and receive media to and from that IP address, using that key, over SRTP.

Note that introduction can be iterated. Once I'm introduced to C, C might in turn introduce me to still more servers: D and E, which introduce F and G, and so on. For example, an NS record pointing to another DNS server, or a URL pointing to another webpage with still more URLs on it.

An example of something that is not introduction is a typical load-balancer. You (A) talk to a load-balancer (B), and then send and receive some data from another server, but you're typically not in direct communication with the other server: All your communication with that server is proxied through the load-balancer. Among other differences, this creates a performance overhead.

Once you know what introduction is, you begin to see it everywhere. Some more examples of introduction:

• When you use mosh, you ssh (A) to an sshd (B) which then tells you the secrets for connecting to mosh (C).
• Some forms of end-to-end encrypted messaging involve your client (A) connecting to some central server (B) and receiving a key for communicating with another client (C).
• If you (A) call a method on an object (B) it might return to you another object (C).
• The term "introduction" comes from Mark S. Miller's work on capabilities, where the full term is "three-vat introduction". Three-vat introduction is when you in vat A receive a message from vat B containing a reference to an object in vat C. If that sounds like gibberish to you, no problem: That's why I wrote this page.