Not
Bu sayfaya erişim yetkilendirme gerektiriyor. Oturum açmayı veya dizinleri değiştirmeyi deneyebilirsiniz.
Bu sayfaya erişim yetkilendirme gerektiriyor. Dizinleri değiştirmeyi deneyebilirsiniz.
Delivery Optimization is a cloud-managed solution that coordinates downloads from multiple sources: the original HTTP source (CDN), Microsoft Connected Cache, and peer-to-peer (P2P) devices. This article explains how these sources work together, including peer discovery, content exchange, security, and client-service communication.
Overview
Delivery Optimization uses a cloud-coordinated, multi-source download model. The Delivery Optimization client can download content in parallel from the original HTTP source (CDN), Microsoft Connected Cache servers, and eligible peers. Every piece received from a peer is cryptographically verified before use.
Peer-to-peer is enabled by default in Windows client using LAN download mode (Download Mode 1). In this mode, peer activity is restricted to the local network only, and devices don't attempt to download from or upload to internet peers. Not all content types support peer-to-peer. For a full list, see Types of download content supported by Delivery Optimization.
Key principles:
- Cloud-coordinated: The Delivery Optimization cloud service matches peers. Devices don't discover each other directly, except through local peer discovery on Windows 11.
- Peer-untrusted: Content received from peers is never trusted until each piece is hash-verified against known-good metadata.
- CDN fallback always available: Peer-to-peer is an optimization layer. The HTTP source (CDN) is always available as a fallback.
- P2P uses a custom protocol: Peer-to-peer transfers use a Delivery Optimization binary protocol over TCP (port 7680), not SMB, UNC paths, or file shares.
How we help keep your data safe
Delivery Optimization can't be used to download or send personal content. Delivery Optimization doesn't access personal files or folders, and it doesn't change any files on the device.
Delivery Optimization downloads the same updates and apps that you would get through Windows Update, Microsoft Store apps, and other Microsoft updates using the same security measures. To make sure you're getting authentic updates, Delivery Optimization gets information securely from Microsoft to check the authenticity of each part of an update or app that it downloads from other PCs. The authenticity of the downloads is checked again before installing it.
Peer discovery
When a download begins, the Delivery Optimization client contacts the Delivery Optimization cloud service to find other devices that have the same content.
How devices register with the Delivery Optimization cloud service
The client registers with the Delivery Optimization cloud service, reporting the following information:
- Content identifiers, such as the content URL
- A randomly generated GUID that uniquely identifies the device
- The device's private/internal IP address and subnet mask
- Group ID string, if Group download mode is configured and a Group ID is set
- A profile bit mask for additional device attributes, such as platform (PC/Server), SKU (Desktop/Enterprise), and whether the device is a VM
- Download attributes such as priority, bytes downloaded and uploaded, and transfer speeds
The client registers itself periodically with the service while the content remains active in the Delivery Optimization cache.
How peers are matched
The Delivery Optimization cloud service matches peers based on:
- ContentID: Only devices downloading or caching the same content are candidates.
- GroupID: Peers must belong to the same group (determined by Download Mode and group policy settings).
- External IP and geo-location: Used to collocate nearby devices.
The Discovery service directs the client to a nearby Array service instance. The Array service is the core peer-matching component: it maintains a registry of which devices have which content and returns a list of matched peers.
How peer groups are formed
How the peer group is determined depends on the configured Download Mode:
| Download Mode | Value | Peer group scope |
|---|---|---|
| HTTP Only | 0 | No peer-to-peer. The Delivery Optimization cloud service is still used for metadata. |
| LAN (default) | 1 | Devices that share the same public IP address (behind the same NAT). |
| Group | 2 | Devices that share the same GroupID. Can span NAT boundaries using Teredo. |
| Internet | 3 | All peers, including internet peers. Uses Teredo for NAT traversal. |
| Simple | 99 | No peer-to-peer and no Delivery Optimization cloud service contact. For air-gapped environments. |
For details on how the group ID is determined and fallback behavior, see DOGroupID and DOGroupIDSource.
For more information on configuring peer groups, see Delivery Optimization configuration considerations.
Local peer discovery (Windows 11)
On Windows 11, Delivery Optimization also supports DNS-SD (mDNS) for local peer discovery using the local networking stack instead of the Delivery Optimization cloud service. Local peer discovery works even when a VPN connection is active. To enable this feature, configure the Select a method to restrict peer selection policy to Local Peer Discovery (2).
Content exchange
Content metadata (Pieces Hash File)
Before any peer-to-peer transfer begins, the client obtains a content metadata file known as the Pieces Hash File (PHF). The PHF contains SHA-256 hashes for each piece of the content.
- Piece size: Typically 1 MB per piece
- Hash algorithm: SHA-256
- The PHF is delivered from
*.dl.delivery.mp.microsoft.comor*.windowsupdate.com - The authenticity of the PHF itself is verified through a hash obtained via an SSL channel from the Delivery Optimization service
If the PHF can't be obtained or fails verification, the download falls back to Simple mode: HTTP-only with no peer-to-peer. This behavior is a security safeguard: without verified metadata, content from peers can't be trusted.
Parallel download from multiple sources
Once the PHF is available, peer discovery and content download can happen in parallel. The Delivery Optimization client downloads pieces from multiple sources simultaneously:
- Peers: Via the Delivery Optimization peer protocol over TCP port 7680
- Microsoft Connected Cache: If configured via DOCacheHost, DOCacheHostSource, or DHCP Option 235
- HTTP source (CDN): Microsoft's content delivery endpoints (always available as fallback)
Each 1-MB piece can come from a different source. The client assembles the complete file from all sources.
Delay-related policies can control how long Delivery Optimization waits before favoring HTTP source downloads. For more information, see Improve P2P efficiency.
Delivery Optimization automatically throttles peer-to-peer activity to avoid saturating your network. For details on how bandwidth is measured and the policies available to control it, see Bandwidth throttling options.
Content verification
Every piece received from a peer is verified against its SHA-256 hash in the PHF before being accepted:
| Scenario | Behavior |
|---|---|
| Valid piece | Stored in local cache and available for upload to other peers |
| Invalid piece | Discarded immediately |
| Multiple invalid pieces from same peer | Peer is banned for the next few hours |
This creates a two-layer verification chain:
- PHF authenticity: Verified via SSL channel from the Delivery Optimization service
- Piece integrity: Each piece hash-verified against the PHF (SHA-256)
Download request workflow
This workflow summarizes how Delivery Optimization securely and efficiently delivers requested content, combining the peer discovery, content exchange, and verification steps:
- When a download starts, the Delivery Optimization client attempts to get its content metadata. This content metadata is a hash file containing the SHA-256 block-level hashes of each piece in the file (typically one piece = 1 MB).
- The authenticity of the content metadata file itself is verified prior to any content being downloaded using a hash that is obtained via an SSL channel from the Delivery Optimization service. The same channel is used to ensure the content is curated and authorized to use peer-to-peer.
- When Delivery Optimization pulls a certain piece of the hash from another peer, it verifies the hash against the known hash in the content metadata file.
- If a peer provides an invalid piece, that piece is discarded. When a peer sends multiple bad pieces, it's banned and will no longer be used as a source by the Delivery Optimization client performing the download.
- If Delivery Optimization is unable to obtain the content metadata file, or if the verification of the hash file itself fails, the download will fall back to simple mode. Simple mode will only pull content from the HTTP source and peer-to-peer won't be allowed.
- Once downloading is complete, Delivery Optimization uses all retrieved pieces of the content to assemble the requested file.
Network requirements for peer-to-peer
Required ports
| Port | Protocol | Purpose |
|---|---|---|
| 443 | TCP (HTTPS) | Delivery Optimization cloud service communication (discovery, peer matching, geo, configuration) |
| 80 | TCP (HTTP) | Content metadata and CDN payload delivery |
| 7680 | TCP | Peer-to-peer content sharing between Delivery Optimization clients |
Important
Blocking port 7680 disables all peer-to-peer sharing. Downloads continue to work via CDN fallback.
Proxy considerations
For current proxy support and limitations, see Using a proxy with Delivery Optimization.
NAT traversal
- LAN mode (1): Peers must share the same public IP (behind the same NAT). No traversal needed.
- Group mode (2) and Internet mode (3): Peers can be behind different NATs. Delivery Optimization uses Teredo for NAT traversal. See the Teredo documentation for firewall configuration details.
Local cache
Content downloaded by Delivery Optimization is stored in a local cache and can be shared with other peers. The following table shows the default values. Each of these defaults can be overridden by policy. For details on all cache-related settings, see Delivery Optimization reference.
| Setting | Default value |
|---|---|
| Cache location | %SYSTEMDRIVE%\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Cache |
| Cache expiration | 259,200 seconds (3 days) |
| Maximum cache size | 20% of disk capacity |
| Minimum free disk space | 5% |
| Minimum disk size | 32 GB |
| Minimum RAM | 4 GB |
Cached content is shared with peers when the file is above the DOMinFileSizeToCache threshold (default 50 MB), hasn't expired, and the device has sufficient disk, RAM, and battery resources.
Delivery Optimization service endpoint and data information
| Endpoint hostname | Port | Name | Description | Data sent from the computer to the endpoint |
|---|---|---|---|---|
| geover-prod.do.dsp.mp.microsoft.com geo-prod.do.dsp.mp.microsoft.com geo.prod.do.dsp.mp.microsoft.com geover.prod.do.dsp.mp.microsoft.com |
443 | Geo | Service used to identify the location of the device in order to direct it to the nearest data center. | Profile: The device type (for example, PC or Xbox) doClientVersion: The version of the DoSvc client groupID: Group the device belongs to (set with DownloadMode = '2' (Group download mode) + groupID group policy / MDM policies) |
| kv*.prod.do.dsp.mp.microsoft.com | 443 | KeyValue | Bootstrap service provides endpoints for all other services and device configs. | countryCode: The country or region the client is connected from doClientVersion: The version of the DoSvc client Profile: The device type (for example, PC or Xbox) eId: Client grouping ID CacheHost: Cache host ID |
| cp*.prod.do.dsp.mp.microsoft.com |
443 | Content Policy | Provides content specific policies and as content metadata URLs. | Profile: The device type (for example, PC or Xbox) ContentId: The content identifier doClientVersion: The version of the DoSvc client countryCode: The country the client is connected from altCatalogID: If ContentID isn't available, use the download URL instead eID: Client grouping ID CacheHost: Cache host ID |
| disc*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupID and external IP. | Profile: The device type (for example, PC or Xbox) ContentID: The content identifier doClientVersion: The version of the DoSvc client partitionID: Client partitioning hint altCatalogID: If ContentID isn't available, use the download URL instead eID: Client grouping ID |
| array*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | Profile: The device type (for example, PC or Xbox) ContentID: The content identifier doClientVersion: The version of the DoSvc client altCatalogID: If ContentID isn't available, use the download URL instead PeerID: Identity of the device running DO client ReportedIp: The internal / private IP Address IsBackground: Is the download interactive or background Uploaded: Total bytes uploaded to peers Downloaded: Total bytes downloaded from peers DownloadedCdn: Total bytes downloaded from CDN Left: Bytes left to download Peers Wanted: Total number of peers wanted Group ID: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) Scope: The Download mode UploadedBPS: The upload speed in bytes per second DownloadBPS: The download speed in Bytes per second eID: Client grouping ID |
| dl.delivery.mp.microsoft.com *.windowsupdate.com |
80 | Delivery Optimization metadata file hosting | CDN hostnames for Delivery Optimization content metadata files | Metadata download can come from different hostnames, but it's required for peer to peer. |
Related articles
- Delivery Optimization overview - supported content types, default behavior, and how to turn off peer-to-peer
- Configure Delivery Optimization - network topology guidance, bandwidth throttling, and policy recommendations
- Delivery Optimization settings reference - full list of policies including download mode, bandwidth, and peer selection
- Monitor Delivery Optimization - verify peer-to-peer is working using PowerShell and reporting
- Delivery Optimization frequently asked questions - common questions about VPNs, congestion handling, P2P efficiency, and disabling peer-to-peer
- Troubleshoot Delivery Optimization - diagnose and resolve download issues