原文版权:Copyright (C) The Internet Society (2003).All Rights Reserved.
原文地址:http://midcom-p2p.sourceforge.net/draft-ford-midcom-p2p-01.txt
译文版权申明:请引用此文的作者或网站注明出处:http://blog.csdn.net/hxhbluestar,以尊重译者的劳动成果!
随着IPv6时代的到来,我也一直怀疑,是不是还有必要再去学习NAT技术——因为网络的资源不再如IPv4时代匮乏,而NAT技术正是为解决IP地址的紧缺而存在的,如此,NAT便没有存在的必要了。
但是,随着这篇文章的翻译,我的怀疑慢慢变成庆幸,渐而又变为肯定,通过翻译所学到的东西,不再仅仅是翻译第一手资料带来的成就感,更多的是通过翻译,去领悟技术前辈们的智慧与经验,也通过翻译,养成自己从第一手资料获得信息的习惯,从而将视野放得更宽,让理解更为透彻——至少,很多东西都是要经过仔细斟酌才真正转化为自己思想的一部分的。正是如此,我才坚定的要把这篇文章翻译完,也如之前所提到的,如果时间允许的话,我会用C#来写一些例子,让大家更好的理解NAT技术,掌握NAT技术(主要涉及到即时通讯、文件对等传输和语音应用三个方面)。
这篇文章主要是介绍一下“代理”机制的起因以及给P2P应用带来的不便,不需要任何基础知识:)
1. Introduction
1、简介
关键词:
middleboxe(s) —— 我翻译成“代理”,也许有更好的翻译
host —— 我翻译成“主机”,希望大家不要理解成服务器了,主机就是一台普通的终端机
Present-day Internet has seen ubiquitous deployment of "middleboxes" such as network address translators(NAT), driven primarily by the ongoing depletion of the IPv4 address space. The asymmetric addressing and connectivity regimes established by these middleboxes, however, have created unique problems for peer-to-peer (P2P) applications and protocols, such as teleconferencing and multiplayer on-line gaming. These issues are likely to persist even into the IPv6 world, where NAT is often used as an IPv4 compatibility mechanism [NAT-PT], and firewalls will still be commonplace even after NAT is no longer required.
在当今的Internet中,普遍存在使用“代理”设备来进行网络地址转换(NAT),导致这种现象的原因是 IPV4 地址空间的资源耗尽危机。虽然不对称 asymmetric 的地址分配和连通性制度已经在代理中被定义,但是却给端对端应用程序和协议制定造成了一些特殊的问题。像电话会议和多媒体网络游戏。这些问题即使在IPV6世界中还是会存在,因为NAT作为IPV4的一种兼容性机制经常被使用[NAT-PT],并且防火墙将仍然将普遍存在,即使不再需要NAT技术。
Currently deployed middleboxes are designed primarily around the client/server paradigm, in which relatively anonymous client machines actively initiate connections to well-connected servers having stable IP addresses and DNS names.
Most middleboxes implement an asymmetric communication model in which hosts on the private internal network can initiate outgoing connections to hosts on the public network, but external hosts cannot initiate connections to internal hosts except as specifically configured by the middlebox's administrator. In the common case of NAPT, a client on the internal network does not have a unique IP address on the public Internet, but instead must share a single public IP address, managed by the NAPT, with other hosts on the same private network.The anonymity and inaccessibility of the internal hosts behind a middlebox is not a problem for client software such as web browsers, which only need to initiate outgoing connections. This inaccessibility is sometimes seen as a privacy benefit.
当前使用的“代理”技术主要是为 客户端/服务端 C/S 结构设计的,为了实现那些需要连接但是又没有固定IP地址的客户端能够连接到一台配置好的拥有固定IP和DNS域名的服务器。
大多数的“代理”使用一种 asymmetric 通信模型,即 私网(局域网) 的主机能发起一个“外出”连接去连接公网上的主机。 但是公网上的主机却无法发送信息给私网上的主机(除非对“代理”进行特殊的配置),NAPT(网络地址端口转换)的普通情况是,一个私网客户端不需要一个公网的固定的IP地址,但是必须要共享一个由NAPT控制的公网的固定IP地址(当然这个NAPT是处于同一个私网内部的)。这样的话,这些匿名的并且看起来难以触及的藏在NAT之后的内网主机对于像 Web浏览器 这种软件来说就不是一个问题,因为内网的主机只需要发起向外部的连接就可以了。这样一来,无法触及也还是有他的优点的——那就是具有保密性。
In the peer-to-peer paradigm, however, Internet hosts that would normally be considered "clients" need to establish communication sessions directly with each other. The initiator and the responder might lie behind different middleboxes with neither endpoint having any permanent IP address or other form of public network presence. A common on-line gaming architecture, for example, is for the participating application hosts to contact a well-known server for initialization and administration purposes. Subsequent to this, the hosts establish direct connections with each other for fast and efficient propagation of updates during game play.
Similarly, a file sharing application might contact a well-known server for resource discovery or searching, but establish direct connections with peer hosts for data transfer. Middleboxes create problems for peer-to-peer connections because hosts behind a middlebox normally have no permanently usable public ports on the Internet to which incoming TCP or UDP connections from other peers can be directed.
briefly addresses this issue, but does not offer any general solutions.
然而,在P2P的应用中,Internet上的“客户机”之间是需要建立一个通信会话直连的。邀请者和响应者也许会处于不同的NAT之后,也许他们都没有固定IP或者即使有也不是公网的IP地址。举例来说,在一个普通的网络游戏体系结构中,都是通过客户端向一个具有公网固定IP的服务器发起申请进行初始化并通过验证的。同时,客户端之间也要建立直连,才使网络间传输的速度加快,保证数据即时更新(不然抢不到装备啊,呵呵)。
同样的,一个文件共享应用程序也必须通过到一个服务器上去查找它想要的资源,然后再到拥有这个数据的主机上去下载(BT网站,走了一个中介),“代理”造成了很多P2P直连的问题,因为藏在“代理”之后的的主机通常没有固定的端口来使其他的客户端发起的TCP或UDP连接能够最终到达。
RFC 3235[NAT-APPL] 简要的提到了这个问题,但是没有给出任何的解决方案。
In this document we address the P2P/middlebox problem in two ways. First, we summarize known methods by which P2P applications can work around the presence of middleboxes. Second, we provide a set of application design guidelines based on these practices to make P2P applications operate more robustly over currently-deployed middleboxes. Further, we provide design guidelines for future middleboxes to allow them to support P2P applications more effectively. Our focus is to enable immediate and wide deployment of P2P applications requiring to traverse middleboxes.
在这篇文章中,我们用两种方式讨论 P2P/代理 的问题。首先,概要的讲叙已有的P2P应用程序能够在现有的代理机制中的工作原理。然后,我们提供一组应用程序设计指南,基于已有的实践,在现有的配置好的代理上,来使得P2P应用程序操作更加有条理。最后,我们提供了设计指南,为以后的代理机制能够更方便支持P2P应用程序。讨论的焦点是如何 直接的、广泛的 配置那些需要经过“代理”的P2P应用程序。
下一章节将介绍 学术术语