原文版權(quán):Copyright (C) The Internet Society (2003).All Rights Reserved.
原文地址:
http://midcom-p2p.sourceforge.net/draft-ford-midcom-p2p-01.txt譯文版權(quán)申明:請引用此文的作者或網(wǎng)站注明出處:
http://blog.csdn.net/hxhbluestar,以尊重譯者的勞動(dòng)成果!
隨著IPv6時(shí)代的到來,我也一直懷疑,是不是還有必要再去學(xué)習(xí)NAT技術(shù)——因?yàn)榫W(wǎng)絡(luò)的資源不再如IPv4時(shí)代匱乏,而NAT技術(shù)正是為解決IP地址的緊缺而存在的,如此,NAT便沒有存在的必要了。
但是,隨著這篇文章的翻譯,我的懷疑慢慢變成慶幸,漸而又變?yōu)榭隙ǎㄟ^翻譯所學(xué)到的東西,不再僅僅是翻譯第一手資料帶來的成就感,更多的是通過翻譯,去領(lǐng)悟技術(shù)前輩們的智慧與經(jīng)驗(yàn),也通過翻譯,養(yǎng)成自己從第一手資料獲得信息的習(xí)慣,從而將視野放得更寬,讓理解更為透徹——至少,很多東西都是要經(jīng)過仔細(xì)斟酌才真正轉(zhuǎn)化為自己思想的一部分的。正是如此,我才堅(jiān)定的要把這篇文章翻譯完,也如之前所提到的,如果時(shí)間允許的話,我會(huì)用C#來寫一些例子,讓大家更好的理解NAT技術(shù),掌握NAT技術(shù)(主要涉及到即時(shí)通訊、文件對等傳輸和語音應(yīng)用三個(gè)方面)。
這篇文章主要是介紹一下“代理”機(jī)制的起因以及給P2P應(yīng)用帶來的不便,不需要任何基礎(chǔ)知識(shí):)
1. Introduction
1、簡介
關(guān)鍵詞:
middleboxe(s) —— 我翻譯成“代理”,也許有更好的翻譯
host —— 我翻譯成“主機(jī)”,希望大家不要理解成服務(wù)器了,主機(jī)就是一臺(tái)普通的終端機(jī)
Present-day Internet has seen ubiquitous deployment of "middleboxes" such as network address translators(NAT), driven primarily by the ongoing depletion of the IPv4 address space. The asymmetric addressing and connectivity regimes established by these middleboxes, however, have created unique problems for peer-to-peer (P2P) applications and protocols, such as teleconferencing and multiplayer on-line gaming. These issues are likely to persist even into the IPv6 world, where NAT is often used as an IPv4 compatibility mechanism [NAT-PT], and firewalls will still be commonplace even after NAT is no longer required.
在當(dāng)今的Internet中,普遍存在使用“代理”設(shè)備來進(jìn)行網(wǎng)絡(luò)地址轉(zhuǎn)換(NAT),導(dǎo)致這種現(xiàn)象的原因是 IPV4 地址空間的資源耗盡危機(jī)。雖然不對稱 asymmetric 的地址分配和連通性制度已經(jīng)在代理中被定義,但是卻給端對端應(yīng)用程序和協(xié)議制定造成了一些特殊的問題。像電話會(huì)議和多媒體網(wǎng)絡(luò)游戲。這些問題即使在IPV6世界中還是會(huì)存在,因?yàn)镹AT作為IPV4的一種兼容性機(jī)制經(jīng)常被使用[NAT-PT],并且防火墻將仍然將普遍存在,即使不再需要NAT技術(shù)。
Currently deployed middleboxes are designed primarily around the client/server paradigm, in which relatively anonymous client machines actively initiate connections to well-connected servers having stable IP addresses and DNS names.
Most middleboxes implement an asymmetric communication model in which hosts on the private internal network can initiate outgoing connections to hosts on the public network, but external hosts cannot initiate connections to internal hosts except as specifically configured by the middlebox's ****istrator. In the common case of NAPT, a client on the internal network does not have a unique IP address on the public Internet, but instead must share a single public IP address, managed by the NAPT, with other hosts on the same private network.The anonymity and inaccessibility of the internal hosts behind a middlebox is not a problem for client software such as web browsers, which only need to initiate outgoing connections. This inaccessibility is sometimes seen as a privacy benefit.
當(dāng)前使用的“代理”技術(shù)主要是為 客戶端/服務(wù)端 C/S 結(jié)構(gòu)設(shè)計(jì)的,為了實(shí)現(xiàn)那些需要連接但是又沒有固定IP地址的客戶端能夠連接到一臺(tái)配置好的擁有固定IP和DNS域名的服務(wù)器。
大多數(shù)的“代理”使用一種 asymmetric 通信模型,即 私網(wǎng)(局域網(wǎng)) 的主機(jī)能發(fā)起一個(gè)“外出”連接去連接公網(wǎng)上的主機(jī)。 但是公網(wǎng)上的主機(jī)卻無法發(fā)送信息給私網(wǎng)上的主機(jī)(除非對“代理”進(jìn)行特殊的配置),NAPT(網(wǎng)絡(luò)地址端口轉(zhuǎn)換)的普通情況是,一個(gè)私網(wǎng)客戶端不需要一個(gè)公網(wǎng)的固定的IP地址,但是必須要共享一個(gè)由NAPT控制的公網(wǎng)的固定IP地址(當(dāng)然這個(gè)NAPT是處于同一個(gè)私網(wǎng)內(nèi)部的)。這樣的話,這些匿名的并且看起來難以觸及的藏在NAT之后的內(nèi)網(wǎng)主機(jī)對于像 Web瀏覽器 這種軟件來說就不是一個(gè)問題,因?yàn)閮?nèi)網(wǎng)的主機(jī)只需要發(fā)起向外部的連接就可以了。這樣一來,無法觸及也還是有他的優(yōu)點(diǎn)的——那就是具有保密性。
In the peer-to-peer paradigm, however, Internet hosts that would normally be considered "clients" need to establish communication sessions directly with each other. The initiator and the responder might lie behind different middleboxes with neither endpoint having any permanent IP address or other form of public network presence. A common on-line gaming architecture, for example, is for the participating application hosts to contact a well-known server for initialization and ****istration purposes. Subsequent to this, the hosts establish direct connections with each other for fast and efficient propagation of updates during game play.
Similarly, a file sharing application might contact a well-known server for resource discovery or searching, but establish direct connections with peer hosts for data transfer. Middleboxes create problems for peer-to-peer connections because hosts behind a middlebox normally have no permanently usable public ports on the Internet to which incoming TCP or UDP connections from other peers can be directed.
RFC 3235 [NAT-APPL] briefly addresses this issue, but does not offer any general solutions.
然而,在P2P的應(yīng)用中,Internet上的“客戶機(jī)”之間是需要建立一個(gè)通信會(huì)話直連的。邀請者和響應(yīng)者也許會(huì)處于不同的NAT之后,也許他們都沒有固定IP或者即使有也不是公網(wǎng)的IP地址。舉例來說,在一個(gè)普通的網(wǎng)絡(luò)游戲體系結(jié)構(gòu)中,都是通過客戶端向一個(gè)具有公網(wǎng)固定IP的服務(wù)器發(fā)起申請進(jìn)行初始化并通過驗(yàn)證的。同時(shí),客戶端之間也要建立直連,才使網(wǎng)絡(luò)間傳輸?shù)乃俣燃涌欤WC數(shù)據(jù)即時(shí)更新(不然搶不到裝備啊,呵呵)。
同樣的,一個(gè)文件共享應(yīng)用程序也必須通過到一個(gè)服務(wù)器上去查找它想要的資源,然后再到擁有這個(gè)數(shù)據(jù)的主機(jī)上去下載(BT網(wǎng)站,走了一個(gè)中介),“代理”造成了很多P2P直連的問題,因?yàn)椴卦凇按怼敝蟮牡闹鳈C(jī)通常沒有固定的端口來使其他的客戶端發(fā)起的TCP或UDP連接能夠最終到達(dá)。
RFC 3235[NAT-APPL] 簡要的提到了這個(gè)問題,但是沒有給出任何的解決方案。
In this document we address the P2P/middlebox problem in two ways. First, we summarize known methods by which P2P applications can work around the presence of middleboxes. Second, we provide a set of application design guidelines based on these practices to make P2P applications operate more robustly over currently-deployed middleboxes. Further, we provide design guidelines for future middleboxes to allow them to support P2P applications more effectively. Our focus is to enable immediate and wide deployment of P2P applications requiring to traverse middleboxes.
在這篇文章中,我們用兩種方式討論 P2P/代理 的問題。首先,概要的講敘已有的P2P應(yīng)用程序能夠在現(xiàn)有的代理機(jī)制中的工作原理。然后,我們提供一組應(yīng)用程序設(shè)計(jì)指南,基于已有的實(shí)踐,在現(xiàn)有的配置好的代理上,來使得P2P應(yīng)用程序操作更加有條理。最后,我們提供了設(shè)計(jì)指南,為以后的代理機(jī)制能夠更方便支持P2P應(yīng)用程序。討論的焦點(diǎn)是如何 直接的、廣泛的 配置那些需要經(jīng)過“代理”的P2P應(yīng)用程序。