Network Working Group J. Kempf, Ed.
Request for Comments: 3724 R. Austein, Ed.
Category: Informational IAB
March 2004
Network Working Group J. Kempf, Ed.
Request for Comments: 3724 R. Austein, Ed.
Category: Informational IAB
March 2004
The Rise of the Middle and the Future of End-to-End: Reflections on the Evolution of the Internet Architecture
中部崛起与端到端的未来:对互联网架构演进的思考
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2004). All Rights Reserved.
版权所有(C)互联网协会(2004年)。版权所有。
Abstract
摘要
The end-to-end principle is the core architectural guideline of the Internet. In this document, we briefly examine the development of the end-to-end principle as it has been applied to the Internet architecture over the years. We discuss current trends in the evolution of the Internet architecture in relation to the end-to-end principle, and try to draw some conclusion about the evolution of the end-to-end principle, and thus for the Internet architecture which it supports, in light of these current trends.
端到端原则是互联网的核心架构指南。在本文档中,我们简要介绍了多年来应用于互联网体系结构的端到端原则的发展。我们讨论了与端到端原则相关的互联网体系结构演变的当前趋势,并试图根据这些当前趋势得出一些关于端到端原则演变的结论,从而得出它所支持的互联网体系结构的结论。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. A Brief History of the End-to-End Principle. . . . . . . . . . 2
3. Trends Opposed to the End-to-End Principle . . . . . . . . . . 5
4. Whither the End-to-End Principle?. . . . . . . . . . . . . . . 8
5. Internet Standards as an Arena for Conflict. . . . . . . . . . 10
6. Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . 11
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
8. Security Considerations. . . . . . . . . . . . . . . . . . . . 12
9. Informative References . . . . . . . . . . . . . . . . . . . . 12
10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 13
11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 14
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. A Brief History of the End-to-End Principle. . . . . . . . . . 2
3. Trends Opposed to the End-to-End Principle . . . . . . . . . . 5
4. Whither the End-to-End Principle?. . . . . . . . . . . . . . . 8
5. Internet Standards as an Arena for Conflict. . . . . . . . . . 10
6. Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . 11
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
8. Security Considerations. . . . . . . . . . . . . . . . . . . . 12
9. Informative References . . . . . . . . . . . . . . . . . . . . 12
10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 13
11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 14
One of the key architectural guidelines of the Internet is the end-to-end principle in the papers by Saltzer, Reed, and Clark [1][2]. The end-to-end principle was originally articulated as a question of where best not to put functions in a communication system. Yet, in the ensuing years, it has evolved to address concerns of maintaining openness, increasing reliability and robustness, and preserving the properties of user choice and ease of new service development as discussed by Blumenthal and Clark in [3]; concerns that were not part of the original articulation of the end-to-end principle.
互联网的关键架构指南之一是Saltzer、Reed和Clark[1][2]在论文中提出的端到端原则。端到端原则最初被表述为一个问题,即在通信系统中最好不要将功能放在哪里。然而,在随后的几年中,它已经发展到解决保持开放性、提高可靠性和健壮性、保持用户选择的特性和新服务开发的易用性等问题,正如Blumenthal和Clark在[3]中所讨论的那样;不属于端到端原则最初表述的问题。
In this document, we examine how the interpretation of the end-to-end principle has evolved over the years, and where it stands currently. We examine trends in the development of the Internet that have led to pressure to define services in the network, a topic that has already received some amount of attention from the IAB in RFC 3238 [5]. We describe some considerations about how the end-to-end principle might evolve in light of these trends.
在本文件中,我们将研究多年来对端到端原则的解释是如何演变的,以及它目前所处的位置。我们研究了互联网发展的趋势,这些趋势导致了在网络中定义服务的压力,这一主题在RFC 3238[5]中已经受到了IAB的一些关注。我们描述了一些关于端到端原则如何根据这些趋势发展的考虑。
2.1. In the Beginning...
2.1. 一开始
The end-to-end principle was originally articulated as a question of where best to put functions in a communication system:
端到端原则最初被表述为一个问题,即在通信系统中最好将功能放在何处:
The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the end points of the communication system. Therefore, providing that questioned function as a feature of the communication system itself is not possible. (Sometimes an incomplete version of the function provided by the communication system may be useful as a performance enhancement.) [1].
只有在通信系统端点处的应用程序的知识和帮助下,才能完全正确地实现相关功能。因此,将该功能作为通信系统本身的特征是不可能的。(有时,通信系统提供的功能的不完整版本可能有助于提高性能。)[1]。
A specific example of such a function is delivery guarantees [1]. The original ARPANET returned a message "Request for Next Message" whenever it delivered a packet. Although this message was found to be useful within the network as a form of congestion control, since the ARPANET refused to accept another message to the same destination until the previous acknowledgment was returned, it was never particularly useful as an indication of guaranteed delivery. The problem was that the host stack on the sending host typically doesn't want to know just that the network delivered a packet, but rather the stack layer on the sending host wants to know that the stack layer on the receiving host properly processed the packet. In terms of modern IP stack structure, a reliable transport layer requires an indication that transport processing has successfully completed, such as given
这种功能的一个具体例子是交付保证[1]。最初的ARPANET在发送数据包时返回一条消息“请求下一条消息”。虽然发现该消息在网络中作为拥塞控制的一种形式是有用的,但由于ARPANET拒绝接受发送到同一目的地的另一条消息,直到返回之前的确认,因此它作为保证传递的指示从来都不是特别有用的。问题是,发送主机上的主机堆栈通常不想只知道网络交付了数据包,而是发送主机上的堆栈层想知道接收主机上的堆栈层正确处理了数据包。就现代IP堆栈结构而言,可靠的传输层需要指示传输处理已成功完成,如给定的
by TCP's ACK message [4], and not simply an indication from the IP layer that the packet arrived. Similarly, an application layer protocol may require an application-specific acknowledgement that contains, among other things, a status code indicating the disposition of the request.
通过TCP的ACK消息[4],而不仅仅是来自IP层的数据包到达的指示。类似地,应用层协议可能需要特定于应用的确认,该确认除其他外,包含指示请求的处置的状态代码。
The specific examples given in [1] and other references at the time [2] primarily involve transmission of data packets: data integrity, delivery guarantees, duplicate message suppression, per packet encryption, and transaction management. From the viewpoint of today's Internet architecture, we would view most of these as transport layer functions (data integrity, delivery guarantees, duplicate message suppression, and perhaps transaction management), others as network layer functions with support at other layers where necessary (for example, packet encryption), and not application layer functions.
[1]和当时的其他参考文献[2]中给出的具体示例主要涉及数据包的传输:数据完整性、交付保证、重复消息抑制、每包加密和事务管理。从当今互联网体系结构的角度来看,我们将其中的大多数视为传输层功能(数据完整性、交付保证、重复消息抑制,可能还有事务管理),其他则视为网络层功能,必要时在其他层提供支持(例如,数据包加密),而不是应用层功能。
2.2. ...In the Middle...
2.2. 在中间
As the Internet developed, the end-to-end principle gradually widened to concerns about where best to put the state associated with applications in the Internet: in the network or at end nodes. The best example is the description in RFC 1958 [6]:
随着互联网的发展,端到端原则逐渐扩大到关注与互联网中的应用程序相关联的状态的最佳位置:在网络中还是在终端节点。最好的例子是RFC 1958[6]中的描述:
This principle has important consequences if we require applications to survive partial network failures. An end-to-end protocol design should not rely on the maintenance of state (i.e., information about the state of the end-to-end communication) inside the network. Such state should be maintained only in the endpoints, in such a way that the state can only be destroyed when the endpoint itself breaks (known as fate-sharing). An immediate consequence of this is that datagrams are better than classical virtual circuits. The network's job is to transmit datagrams as efficiently and flexibly as possible. Everything else should be done at the fringes.
如果我们要求应用程序在部分网络故障中生存,那么这一原则将产生重要的后果。端到端协议设计不应依赖于网络内部状态的维护(即,关于端到端通信状态的信息)。这样的状态应该只在端点中维护,这样的状态只有在端点本身中断时才能被破坏(称为命运共享)。这样做的直接后果是数据报比经典的虚拟电路更好。网络的任务是尽可能高效灵活地传输数据报。其他一切都应该在边缘进行。
The original articulation of the end-to-end principle - that knowledge and assistance of the end point is essential and that omitting such knowledge and implementing a function in the network without such knowledge and assistance is not possible - took a while to percolate through the engineering community, and had evolved by this point to a broad architectural statement about what belongs in the network and what doesn't. RFC 1958 uses the term "application" to mean the entire network stack on the end node, including network, transport, and application layers, in contrast to the earlier articulation of the end-to-end principle as being about the communication system itself. "Fate-sharing" describes this quite clearly: the fate of a conversation between two applications is only
端到端原则的最初表述——端点的知识和协助是必不可少的,在没有此类知识和协助的情况下,省略此类知识和在网络中实现功能是不可能的——花了一段时间才渗透到工程界,到目前为止,它已经发展成为一个关于什么属于网络和什么不属于网络的广泛的体系结构声明。RFC 1958使用术语“应用程序”来表示终端节点上的整个网络堆栈,包括网络、传输和应用层,这与先前关于通信系统本身的端到端原则的表述不同。“命运共享”非常清楚地描述了这一点:两个应用程序之间的对话的命运只是
shared between the two applications; the fate does not depend on anything in the network, except for the network's ability to get packets from one application to the other.
在两个应用程序之间共享;命运并不取决于网络中的任何东西,除了网络从一个应用程序到另一个应用程序获取数据包的能力。
The end-to-end principle in this formulation is specifically about what kind of state is maintained where:
本公式中的端到端原则具体涉及在以下情况下保持何种状态:
To perform its services, the network maintains some state information: routes, QoS guarantees that it makes, session information where that is used in header compression, compression histories for data compression, and the like. This state must be self-healing; adaptive procedures or protocols must exist to derive and maintain that state, and change it when the topology or activity of the network changes. The volume of this state must be minimized, and the loss of the state must not result in more than a temporary denial of service given that connectivity exists. Manually configured state must be kept to an absolute minimum.[6]
为了执行其服务,网络维护一些状态信息:路由、它所做的QoS保证、在报头压缩中使用的会话信息、用于数据压缩的压缩历史等等。这种状态必须是自愈的;必须存在自适应程序或协议来派生和维护该状态,并在网络拓扑或活动发生变化时对其进行更改。必须将此状态的容量降至最低,并且在连接存在的情况下,该状态的丢失不得导致临时拒绝服务。手动配置的状态必须保持在绝对最小值。[6]
In this formulation of the end-to-end principle, state involved in getting packets from one end of the network to the other is maintained in the network. The state is "soft state," in the sense that it can be quickly dropped and reconstructed (or even required to be periodically renewed) as the network topology changes due to routers and switches going on and off line. "Hard state", state upon which the proper functioning of the application depends, is only maintained in the end nodes. This formulation of the principle is a definite change from the original formulation of the principle, about end node participation being required for proper implementation of most functions.
在端到端原理的这种表述中,在网络中维护将数据包从网络的一端传送到另一端所涉及的状态。这种状态是“软状态”,也就是说,随着路由器和交换机在线或离线,网络拓扑结构发生变化,它可以快速删除和重建(甚至需要定期更新)。“硬状态”,即应用程序正常运行所依赖的状态,仅在终端节点中维护。该原则的这种表述是对原原则表述的明确改变,即正确实现大多数功能需要终端节点参与。
In summary, the general awareness both of the principle itself and of its implications for how unavoidable state should be handled grew over time to become a (if not the) foundation principle of the Internet architecture.
综上所述,无论是原则本身还是它对如何避免不可避免的状态的影响,人们普遍意识到,随着时间的推移,互联网架构的基础原则已经成为了一个(如果不是)的基础。
2.3. ...And Now.
2.3. …现在。
An interesting example of how the end-to-end principle continues to influence the technical debate in the Internet community is IP mobility. The existing Internet routing architecture severely constrains how closely IP mobility can match the end-to-end principle without making fundamental changes. Mobile IPv6, described in the Mobile IPv6 specification by Johnson, Perkins, and Arkko [7], requires a routing proxy in the mobile node's home network (the Home Agent) for maintaining the mapping between the mobile node's routing locator, the care of address, and the mobile node's node identifier, the home address. But the local subnet routing proxy (the Foreign Agent), which was a feature of the older Mobile IPv4 design [8] that
IP移动性是一个有趣的例子,说明端到端原则如何继续影响互联网社区的技术辩论。现有的Internet路由架构严重限制了IP移动性与端到端原则的匹配程度,而无需进行根本性的更改。Johnson、Perkins和Arkko[7]在移动IPv6规范中描述的移动IPv6要求在移动节点的家庭网络(家庭代理)中使用路由代理,以维护移动节点的路由定位器、转交地址和移动节点的节点标识符(家庭地址)之间的映射。但是本地子网路由代理(外部代理),这是较旧的移动IPv4设计[8]的一个特性
compromised end-to-end routing, has been eliminated. The end node now handles its own care of address. In addition, Mobile IPv6 includes secure mechanisms for optimizing routing to allow end-to-end routing between the mobile end node and the correspondent node, removing the need to route through the global routing proxy at the home agent. These features are all based on end to end considerations. However, the need for the global routing proxy in the Home Agent in Mobile IPv6 is determined by the aliasing of the global node identifier with the routing identifier in the Internet routing architecture, a topic that was discussed in an IAB workshop and reported in RFC 2956 [9], and that hasn't changed in IPv6.
已消除受损的端到端路由。结束节点现在处理自己的转交地址。此外,移动IPv6包括用于优化路由的安全机制,以允许在移动端节点和对应节点之间进行端到端路由,从而消除了在归属代理处通过全局路由代理进行路由的需要。这些特性都基于端到端的考虑。然而,移动IPv6中归属代理中对全局路由代理的需求是由全局节点标识符与Internet路由体系结构中的路由标识符的别名决定的,这一主题在IAB研讨会上讨论过,并在RFC 2956[9]中报告过,在IPv6中没有改变。
Despite this constraint, the vision emerging out of the IETF working groups developing standards for mobile networking is of a largely autonomous mobile node with multiple wireless link options, among which the mobile node picks and chooses. The end node is therefore responsible for maintaining the integrity of the communication, as the end-to-end principle implies. This kind of innovative application of the end-to-end principle derives from the same basic considerations of reliability and robustness (wireless link integrity, changes in connectivity and service availability with movement, etc.) that motivated the original development of the end-to-end principle. While the basic reliability of wired links, routing, and switching equipment has improved considerably since the end-to-end principle was formalized 15 years ago, the reliability or unreliability of wireless links is governed more strongly by the basic physics of the medium and the instantaneous radio propagation conditions.
尽管存在这一限制,IETF工作组在制定移动网络标准时提出的愿景是一个具有多个无线链路选项的高度自治的移动节点,其中移动节点进行挑选和选择。因此,端节点负责维护通信的完整性,正如端到端原则所暗示的那样。这种端到端原则的创新应用源自于驱动端到端原则最初发展的可靠性和鲁棒性(无线链路完整性、连接性和服务可用性随移动而变化等)的相同基本考虑。虽然自15年前端到端原则正式确立以来,有线链路、路由和交换设备的基本可靠性已显著提高,但无线链路的可靠性或不可靠性更受介质基本物理和瞬时无线电传播条件的制约。
While the end-to-end principle continues to provide a solid foundation for much IETF design work, the specific application of the end-to-end principle described in RFC 1958 has increasingly come into question from various directions. The IAB has been concerned about trends opposing the end-to-end principle for some time, for example RFC 2956 [9] and RFC 2775 [12]. The primary focus of concern in these documents is the reduction in transparency due to the introduction of NATs and other address translation mechanisms in the Internet, and the consequences to the end-to-end principle of various scenarios involving full, partial, or no deployment of IPv6. More recently, the topic of concern has shifted to the consequences of service deployment in the network. The IAB opinion on Open Pluggable Edge Services (OPES) in RFC 3238 [5] is intended to assess the architectural desirability of defining services in the network and to raise questions about how such services might result in compromises
虽然端到端的原理继续为IETF的许多设计工作提供坚实的基础,但是在RFC 1958中描述的端到端原理的具体应用越来越受到各个方向的质疑。一段时间以来,IAB一直关注反对端到端原则的趋势,例如RFC 2956[9]和RFC 2775[12]。这些文件中主要关注的焦点是由于在互联网中引入NAT和其他地址转换机制而导致的透明度降低,以及涉及完全、部分或不部署IPv6的各种场景对端到端原则的影响。最近,关注的话题已经转移到网络中服务部署的后果上。RFC 3238[5]中IAB关于开放式可插拔边缘服务(OPE)的意见旨在评估在网络中定义服务的体系结构可取性,并提出有关此类服务如何导致妥协的问题
of privacy, security, and end-to-end data integrity. Clark, et al. in [10] and Carpenter in RFC 3234 [11] also take up the topic of service definition in the network.
隐私、安全和端到端数据完整性。Clark等人在[10]和Carpenter在RFC 3234[11]中也讨论了网络中的服务定义。
Perhaps the best review of the forces militating against the end-to-end principle is by Blumenthal and Clark in [3]. The authors make the point that the Internet originally developed among a community of like-minded technical professionals who trusted each other, and was administered by academic and government institutions who enforced a policy of no commercial use. The major stakeholders in the Internet are quite different today. As a consequence, new requirements have evolved over the last decade. Examples of these requirements are discussed in the following subsections. Other discussions about pressures on the end-to-end principle in today's Internet can be found in the discussion by Reed [13] and Moors' paper in the 2002 IEEE International Communications Conference [14].
或许,布鲁门塔尔和克拉克在[3]中对妨碍端到端原则的力量进行了最好的回顾。作者指出,互联网最初是在一群志同道合的技术专业人士中发展起来的,他们相互信任,并由学术和政府机构管理,这些机构执行一项禁止商业使用的政策。如今,互联网上的主要利益相关者大不相同。因此,在过去十年中,新的需求不断发展。以下小节将讨论这些要求的示例。Reed[13]和Moors在2002年IEEE国际通信会议上发表的论文[14]中对当今互联网中端到端原则的压力进行了讨论。
Perhaps the single most important change from the Internet of 15 years ago is the lack of trust between users. Because the end users in the Internet of 15 years ago were few, and were largely dedicated to using the Internet as a tool for academic research and communicating research results (explicit commercial use of the Internet was forbidden when it was run by the US government), trust between end users (and thus authentication of end nodes that they use) and between network operators and their users was simply not an issue in general. Today, the motivations of some individuals using the Internet are not always entirely ethical, and, even if they are, the assumption that end nodes will always co-operate to achieve some mutually beneficial action, as implied by the end-to-end principle, is not always accurate. In addition, the growth in users who are either not technologically sophisticated enough or simply uninterested in maintaining their own security has required network operators to become more proactive in deploying measures to prevent naive or uninterested users from inadvertently or intentionally generating security problems.
也许15年前互联网最重要的变化是用户之间缺乏信任。因为15年前互联网的最终用户很少,并且主要致力于将互联网用作学术研究和交流研究成果的工具(当互联网由美国政府运营时,禁止显式商业使用互联网),最终用户之间的信任(从而验证他们使用的最终节点)网络运营商和他们的用户之间根本不是一个普遍的问题。如今,一些个人使用互联网的动机并不总是完全合乎道德的,即使是这样,端到端原则所暗示的端节点将始终合作以实现某些互利行动的假设也并不总是准确的。此外,技术不够成熟或对维护自身安全不感兴趣的用户的增长要求网络运营商更加主动地部署措施,以防止天真或不感兴趣的用户无意或有意地产生安全问题。
While the end-to-end principle does not require that users implicitly trust each other, the lack of trust in the Internet today requires that application and system designers make a choice about how to handle authentication, whereas that choice was rarely apparent 15 years ago. One of the most common examples of network elements interposing between end hosts are those dedicated to security: firewalls, VPN tunnel endpoints, certificate servers, etc. These intermediaries are designed to protect the network from unimpeded attack or to allow two end nodes whose users may have no inherent reason to trust each other to achieve some level of authentication.
虽然端到端原则并不要求用户彼此暗中信任,但当今互联网中缺乏信任要求应用程序和系统设计者就如何处理身份验证做出选择,而15年前这种选择很少出现。在终端主机之间插入网络元素的最常见示例之一是那些专用于安全性的组件:防火墙、VPN隧道端点、证书服务器、,等。这些中介机构旨在保护网络免受不受阻碍的攻击,或允许其用户可能没有内在理由相互信任的两个终端节点实现某种程度的身份验证。
At the same time, these measures act as impediments for end-to-end communications. Third party trust intermediaries are not a requirement for security, as end-to-end security mechanisms, such as S/MIME [15], can be used instead, and where third party measures such as PKI infrastructure or keys in DNS are utilized to exchange keying material, they don't necessarily impinge on end-to-end traffic after authentication has been achieved. Even if third parties are involved, ultimately it is up to the endpoints and their users in particular, to determine which third parties they trust.
同时,这些措施阻碍了端到端通信。第三方信任中介不是安全要求,因为可以使用端到端安全机制,如S/MIME[15],并且在使用第三方措施(如PKI基础设施或DNS中的密钥)交换密钥材料的情况下,在实现身份验证后,它们不一定会影响端到端流量。即使涉及第三方,最终也要由端点,尤其是其用户来确定他们信任哪些第三方。
New service models inspired by new applications require achieving the proper performance level as a fundamental part of the delivered service. These service models are a significant change from the original best effort service model. Email, file transfer, and even Web access aren't perceived as failing if performance degrades, though the user may become frustrated at the time required to complete the transaction. However, for streaming audio and video, to say nothing of real time bidirectional voice and video, achieving the proper performance level, whatever that might mean for an acceptable user experience of the service, is part of delivering the service, and a customer contracting for the service has a right to expect the level of performance for which they have contracted. For example, content distributors sometimes release content via content distribution servers that are spread around the Internet at various locations to avoid delays in delivery if the server is topologically far away from the client. Retail broadband and multimedia services are a new service model for many service providers.
受新应用程序启发的新服务模型要求实现适当的性能级别,这是所提供服务的一个基本部分。这些服务模型是对原始尽力而为服务模型的重大改变。如果性能下降,电子邮件、文件传输甚至Web访问都不会被视为失败,尽管用户在完成事务所需的时间可能会感到沮丧。然而,对于流式音频和视频,更不用说实时双向语音和视频了,实现适当的性能水平,无论对服务的可接受用户体验意味着什么,都是提供服务的一部分,签订服务合同的客户有权期望他们所签订合同的绩效水平。例如,如果服务器在拓扑上远离客户端,内容分发服务器有时会通过分布在Internet各个位置的内容分发服务器发布内容,以避免延迟交付。零售宽带和多媒体服务是许多服务提供商的新服务模式。
Academic and government institutions ran the Internet of 15 years ago. These institutions did not expect to make a profit from their investment in networking technology. In contrast, the network operator with which most Internet users deal today is the commercial ISP. Commercial ISPs run their networks as a business, and their investors rightly expect the business to turn a profit. This change in business model has led to a certain amount of pressure on ISPs to increase business prospects by deploying new services.
15年前,学术机构和政府机构运营互联网。这些机构并不期望从网络技术投资中获利。相比之下,如今大多数互联网用户与之打交道的网络运营商是商业ISP。商业ISP将其网络作为一项业务运营,他们的投资者正确地期望该业务能够盈利。这种商业模式的变化给ISP带来了一定的压力,要求他们通过部署新服务来增加业务前景。
In particular, the standard retail dialup bit pipe account with email and shell access has become a commodity service, resulting in low profit margins. While many ISPs are happy with this business model and are able to survive on it, others would like to deploy different service models that have a higher profit potential and provide the customer with more or different services. An example is retail broadband bit pipe access via cable or DSL coupled with streaming
特别是,标准的零售拨号比特管账户(带有电子邮件和外壳访问)已成为一种商品服务,利润率较低。虽然许多ISP对这种商业模式感到满意,并能够在这种模式下生存,但其他ISP希望部署具有更高利润潜力的不同服务模式,并为客户提供更多或不同的服务。例如,通过电缆或DSL与流媒体连接的零售宽带比特管接入
multimedia. Some ISPs that offer broadband access also deploy content distribution networks to increase the performance of streaming media. These services are typically deployed so that they are only accessible within the ISP's network, and as a result, they do not contribute to open, end-to-end service. From an ISP's standpoint, however, offering such service is an incentive for customers to buy the ISP's service.
多媒体一些提供宽带接入的ISP还部署了内容分发网络,以提高流媒体的性能。这些服务通常被部署为只能在ISP的网络中访问,因此,它们不支持开放的端到端服务。然而,从ISP的角度来看,提供此类服务是客户购买ISP服务的动机。
ISPs are not the only third party intermediary that has appeared within the last 10 years. Unlike the previous involvement of corporations and governments in running the Internet, corporate network administrators and governmental officials have become increasingly demanding of opportunities to interpose between two parties in an end-to-end conversation. A benign motivation for this involvement is to mitigate the lack of trust, so the third party acts as a trust anchor or enforcer of good behavior between the two ends. A less benign motivation is for the third parties to insert policy for their own reasons, perhaps taxation or even censorship. The requirements of third parties often have little or nothing to do with technical concerns, but rather derive from particular social and legal considerations.
ISP不是过去10年内出现的唯一第三方中介机构。与以往企业和政府参与互联网运营不同,企业网络管理员和政府官员越来越要求在端到端对话中双方之间进行干预。这种参与的一个良性动机是缓解信任的缺失,因此第三方在双方之间充当信任锚或良好行为的实施者。另一个不太好的动机是第三方出于自己的原因插入政策,可能是税收,甚至是审查制度。第三方的要求通常与技术问题无关,而是源自特定的社会和法律考虑。
Given the pressures on the end-to-end principle discussed in the previous section, a question arises about the future of the end-to-end principle. Does the end-to-end principle have a future in the Internet architecture or not? If it does have a future, how should it be applied? Clearly, an unproductive approach to answering this question is to insist upon the end-to-end principle as a fundamentalist principle that allows no compromise. The pressures described above are real and powerful, and if the current Internet technical community chooses to ignore these pressures, the likely result is that a market opportunity will be created for a new technical community that does not ignore these pressures but which may not understand the implications of their design choices. A more productive approach is to return to first principles and re-examine what the end-to-end principle is trying to accomplish, and then update our definition and exposition of the end-to-end principle given the complexities of the Internet today.
鉴于上一节讨论的端到端原则所面临的压力,出现了一个关于端到端原则未来的问题。端到端原则在互联网架构中是否有前途?如果它确实有未来,应该如何应用?显然,回答这个问题的一种徒劳无益的方法是坚持将端到端原则作为不允许妥协的原教旨主义原则。上述压力是真实而强大的,如果当前的互联网技术社区选择忽略这些压力,可能的结果是,将为新的技术社区创造一个市场机会,该技术社区不会忽略这些压力,但可能不理解其设计选择的含义。更有效的方法是回到首要原则,重新审视端到端原则试图实现的目标,然后更新我们对端到端原则的定义和阐述,考虑到当今互联网的复杂性。
In this section, we consider the two primary desirable consequences of the end-to-end principle: protection of innovation and provision of reliability and robustness.
在本节中,我们考虑端到端原则的两个主要的期望结果:保护创新和提供可靠性和稳健性。
One desirable consequence of the end-to-end principle is protection of innovation. Requiring modification in the network in order to deploy new services is still typically more difficult than modifying end nodes. The counterargument - that many end nodes are now essentially closed boxes which are not updatable and that most users don't want to update them anyway - does not apply to all nodes and all users. Many end nodes are still user configurable and a sizable percentage of users are "early adopters," who are willing to put up with a certain amount of technological grief in order to try out a new idea. And, even for the closed boxes and uninvolved users, downloadable code that abides by the end-to-end principle can provide fast service innovation. Requiring someone with a new idea for a service to convince a bunch of ISPs or corporate network administrators to modify their networks is much more difficult than simply putting up a Web page with some downloadable software implementing the service.
端到端原则的一个可取结果是保护创新。为了部署新服务而需要在网络中进行修改通常比修改终端节点更加困难。相反的论点——许多终端节点现在基本上是封闭的,不可更新,而且大多数用户无论如何都不想更新它们——并不适用于所有节点和所有用户。许多终端节点仍然是用户可配置的,相当大比例的用户是“早期采用者”,他们愿意忍受一定程度的技术痛苦,以尝试新想法。而且,即使对于封闭的盒子和未参与的用户,遵守端到端原则的可下载代码也可以提供快速的服务创新。要求对服务有新想法的人说服一群ISP或公司网络管理员修改他们的网络比简单地在网页上放一些可下载的软件来实现服务要困难得多。
Of increasing concern today, however, is the decrease in reliability and robustness that results from deliberate, active attacks on the network infrastructure and end nodes. While the original developers of the Internet were concerned by large-scale system failures, attacks of the subtlety and variety that the Internet experiences today were not a problem during the original development of the Internet. By and large, the end-to-end principle was not addressed to the decrease in reliability resulting from attacks deliberately engineered to take advantage of subtle flaws in software. These attacks are part of the larger issue of the trust breakdown discussed in Section 3.1. Thus, the issue of the trust breakdown can be considered another forcing function on the Internet architecture.
然而,如今越来越令人担忧的是,对网络基础设施和终端节点的蓄意主动攻击导致可靠性和鲁棒性降低。虽然最初的互联网开发者担心大规模的系统故障,但在互联网最初的发展过程中,当今互联网经历的微妙和多样的攻击并不是问题。总的来说,端到端原则并不是针对故意设计攻击以利用软件中的细微缺陷而导致的可靠性降低。这些攻击是第3.1节讨论的更大的信任崩溃问题的一部分。因此,信任崩溃的问题可以被认为是互联网架构上的另一个强制功能。
The immediate reaction to this trust breakdown has been to try to back fit security into existing protocols. While this effort is necessary, it is not sufficient. The issue of trust must become as firm an architectural principle in protocol design for the future as the end-to-end principle is today. Trust isn't simply a matter of adding some cryptographic protection to a protocol after it is designed. Rather, prior to designing the protocol, the trust relationships between the network elements involved in the protocol must be defined, and boundaries must be drawn between those network elements that share a trust relationship. The trust boundaries should be used to determine what type of communication occurs between the network elements involved in the protocol and which network elements signal each other. When communication occurs across a trust boundary, cryptographic or other security protection of some sort may
对这种信任崩溃的直接反应是尝试将安全性重新纳入现有协议。虽然这一努力是必要的,但还不够。在未来的协议设计中,信任问题必须像今天的端到端原则一样成为坚定的体系结构原则。信任不仅仅是在协议设计完成后向其添加一些加密保护。相反,在设计协议之前,必须定义协议中涉及的网络元素之间的信任关系,并且必须在共享信任关系的网络元素之间绘制边界。信任边界应用于确定协议中涉及的网络元素之间发生的通信类型,以及哪些网络元素相互发出信号。当跨信任边界进行通信时,可能需要某种加密或其他安全保护
be necessary. Additional measures may be necessary to secure the protocol when communicating network elements do not share a trust relationship. For example, a protocol might need to minimize state in the recipient prior to establishing the validity of the credentials from the sender in order to avoid a memory depletion DoS attack.
这是必要的。当通信网络元件不共享信任关系时,可能需要额外的措施来保护协议。例如,协议可能需要在从发送方建立凭据的有效性之前最小化接收方的状态,以避免内存耗尽的DoS攻击。
The concern expressed by the end-to-end principle is applicable to applications design too. Two key points in designing application protocols are to ensure they don't have any dependencies that would break the end-to-end principle and to ensure that they can identify end points in a consistent fashion. An example of the former is layer violations - creating dependencies that would make it impossible for the transport layer, for example, to do its work appropriately. Another issue is the desire to insert more applications infrastructure into the network. Architectural considerations around this issue are discussed in RFC 3238 [5]. This desire need not result in a violation of the end-to-end principle if the partitioning of functioning is done so that services provided in the network operate with the explicit knowledge and involvement of endpoints, when such knowledge and involvement is necessary for the proper functioning of the service. The result becomes a distributed application, in which the end-to-end principle applies to each connection involved in implementing the application.
端到端原则所表达的担忧也适用于应用程序设计。设计应用程序协议的两个关键点是确保它们没有任何会破坏端到端原则的依赖关系,并确保它们能够以一致的方式识别端点。前者的一个例子是层冲突——例如,创建依赖项会使传输层无法适当地执行其工作。另一个问题是希望在网络中插入更多的应用程序基础设施。RFC 3238[5]中讨论了围绕此问题的体系结构考虑。如果功能划分是为了使网络中提供的服务在端点的明确知识和参与下运行,而这种知识和参与对于服务的正常运行是必要的,则这种愿望不必导致违反端到端原则。结果变成了一个分布式应用程序,其中端到端原则适用于实现应用程序所涉及的每个连接。
Internet standards have increasingly become an arena for conflict [10]. ISPs have certain concerns, businesses and government have others, and vendors of networking hardware and software still others. Often, these concerns conflict, and sometimes they conflict with the concerns of the end users. For example, ISPs are reluctant to deploy interdomain QoS services because, among other reasons, every known instance creates a significant and easily exploited DoS/DDoS vulnerability. However, some end users would like to have end-to-end, Diffserv or Intserv-style QoS available to improve support for voice and video multimedia applications between end nodes in different domains, as discussed by Huston in RFC 2990 [16]. In this case, the security, robustness, and reliability concerns of the ISP conflict with the desire of users for a different type of service.
互联网标准日益成为冲突的舞台[10]。ISP有某些顾虑,企业和政府有其他顾虑,网络硬件和软件供应商还有其他顾虑。通常,这些关注点会发生冲突,有时还会与最终用户的关注点发生冲突。例如,ISP不愿意部署域间QoS服务,因为除其他原因外,每个已知实例都会产生一个重要且易于利用的DoS/DDoS漏洞。然而,正如Huston在RFC 2990[16]中所讨论的,一些终端用户希望提供端到端、区分服务或Intserv风格的QoS,以改善对不同域中终端节点之间语音和视频多媒体应用程序的支持。在这种情况下,ISP的安全性、健壮性和可靠性问题与用户对不同类型服务的需求相冲突。
These conflicts will inevitably be reflected in the Internet architecture going forward. Some of these conflicts are impossible to resolve on a technical level, and would not even be desirable, because they involve social and legal choices that the IETF is not empowered to make (for a counter argument in the area of privacy, see
这些冲突将不可避免地反映在未来的互联网架构中。其中一些冲突无法在技术层面上解决,甚至不可取,因为它们涉及IETF无权做出的社会和法律选择(有关隐私领域的反驳,请参见
Goldberg, et al. [17]). But for those conflicts that do involve technical choices, the important properties of user choice and empowerment, reliability and integrity of end-to-end service, supporting trust and "good network citizen behavior," and fostering innovation in services should be the basis upon which resolution is made. The conflict will then play out on the field of the resulting architecture.
Goldberg等人[17])。但对于那些确实涉及技术选择的冲突,用户选择和授权的重要属性、端到端服务的可靠性和完整性、支持信任和“良好的网络公民行为”以及促进服务创新应该成为解决冲突的基础。然后,冲突将在最终的体系结构领域中展开。
The end-to-end principle continues to guide technical development of Internet standards, and remains as important today for the Internet architecture as in the past. In many cases, unbundling of the end-to-end principle into its consequences leads to a distributed approach in which the end-to-end principle applies to interactions between the individual pieces of the application, while the unbundled consequences, protection of innovation, reliability, and robustness, apply to the entire application. While the end-to-end principle originated as a focused argument about the need for the knowledge and assistance of end nodes to properly implement functions in a communication system, particular second order properties developed by the Internet as a result of the end-to-end principle have come to be recognized as being as important, if not more so, than the principle itself. End user choice and empowerment, integrity of service, support for trust, and "good network citizen behavior" are all properties that have developed as a consequence of the end-to-end principle. Recognizing these properties in a particular proposal for modifications to the Internet has become more important than before as the pressures to incorporate services into the network have increased. Any proposal to incorporate services in the network should be weighed against these properties before proceeding.
端到端原则继续指导着互联网标准的技术发展,今天对互联网体系结构的重要性与过去一样。在许多情况下,将端到端原则分解为其结果会导致分布式方法,其中端到端原则适用于应用程序各个部分之间的交互,而分解的结果、创新保护、可靠性和健壮性适用于整个应用程序。虽然端到端原则最初是关于需要端节点的知识和协助来正确实现通信系统中的功能的一个重点论点,但由于端到端原则,互联网开发的特定二阶属性已经被认为是同样重要的,如果不是更重要的话,而不是原则本身。最终用户的选择和授权、服务的完整性、对信任的支持以及“良好的网络公民行为”都是端到端原则的结果。随着将服务纳入网络的压力增加,在修改互联网的特定提案中认识到这些特性变得比以前更为重要。在继续之前,应根据这些属性权衡将服务纳入网络的任何建议。
Many of the ideas presented here originally appeared in the works of Dave Clark, John Wroclawski, Bob Braden, Karen Sollins, Marjory Blumenthal, and Dave Reed on forces currently influencing the evolution of the Internet. The authors would particularly like to single out the work of Dave Clark, who was the original articulator of the end-to-end principle and who continues to inspire and guide the evolution of the Internet architecture, and John Wroclawski, with whom conversations during the development of this paper helped to clarify issues involving tussle and the Internet.
这里提出的许多想法最初出现在戴夫·克拉克、约翰·沃克罗夫斯基、鲍勃·布拉登、卡伦·索林斯、马乔里·布卢门塔尔和戴夫·里德关于当前影响互联网发展的力量的著作中。作者特别想挑出Dave Clark和John Wroclawski的作品,Dave Clark是端到端原则的最初阐述者,他继续激励和指导互联网架构的发展,在这篇论文的撰写过程中,与谁的对话有助于澄清涉及争斗和互联网的问题。
This document does not propose any new protocols, and therefore does not involve any security considerations in that sense. However, throughout this document, there are discussions of the privacy and integrity issues and the architectural requirements created by those issues.
本文件未提出任何新协议,因此不涉及该意义上的任何安全考虑。然而,在本文档中,讨论了隐私和完整性问题以及这些问题所产生的体系结构要求。
[1] Saltzer, J.H., Reed, D.P., and Clark, D.D., "End-to-End Arguments in System Design," ACM TOCS, Vol 2, Number 4, November 1984, pp 277-288.
[1] Saltzer,J.H.,Reed,D.P.,和Clark,D.D.,“系统设计中的端到端参数”,ACM TOCS,第2卷,第4期,1984年11月,第277-288页。
[2] Clark, D., "The Design Philosophy of the DARPA Internet Protocols," Proc SIGCOMM 88, ACM CCR Vol 18, Number 4, August 1988, pp. 106-114.
[2] Clark,D.,“DARPA互联网协议的设计理念”,Proc SIGCOMM 88,ACM CCR第18卷,第4期,1988年8月,第106-114页。
[3] Blumenthal, M., Clark, D.D., "Rethinking the design of the Internet: The end-to-end arguments vs. the brave new world", ACM Transactions on Internet Technology, Vol. 1, No. 1, August 2001, pp 70-109.
[3] Blumenthal,M.,Clark,D.D.,“重新思考互联网的设计:端到端的争论与勇敢的新世界”,ACM互联网技术交易,第一卷,第一期,2001年8月,第70-109页。
[4] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, September 1981.
[4] 《传输控制协议》,标准7,RFC 793,1981年9月。
[5] Floyd, S. and L. Daigle, "IAB Architectural and Policy Considerations for Open Pluggable Edge Services", RFC 3238, January 2002.
[5] Floyd,S.和L.Daigle,“开放可插拔边缘服务的IAB架构和政策考虑”,RFC 3238,2002年1月。
[6] Carpenter, B., Ed., "Architectural Principles of the Internet", RFC 1958, June 1996.
[6] Carpenter,B.,Ed.,“互联网的架构原则”,RFC 19581996年6月。
[7] Johnson, D., Perkins, C. and J. Arkko, "Mobility Support in IPv6", Work in Progress.
[7] Johnson,D.,Perkins,C.和J.Arkko,“IPv6中的移动支持”,正在进行中。
[8] Perkins, C., Ed., "IP Mobility Support for IPv4", RFC 3344, August 2002.
[8] Perkins,C.,编辑,“IPv4的IP移动支持”,RFC 3344,2002年8月。
[9] Kaat, M., "Overview of 1999 IAB Network Layer Workshop," RFC 2956, October 2000.
[9] Kaat,M.,“1999年IAB网络层研讨会概述”,RFC 2956,2000年10月。
[10] Clark, D.D., Wroclawski, J., Sollins, K., and Braden, B., "Tussle in Cyberspace: Defining Tomorrow's Internet", Proceedings of Sigcomm 2002.
[10] Clark,D.D.,Wroclawski,J.,Sollins,K.,和Braden,B.,“网络空间中的争斗:定义明天的互联网”,SIGCOM2002年会议记录。
[11] Carpenter, B. and S. Brim, "Middleboxes: Taxonomy and Issues", RFC 3234, February, 2002.
[11] Carpenter,B.和S.Brim,“中间盒:分类和问题”,RFC 32342002年2月。
[12] Carpenter, B., "Internet Transparency", RFC 2775, February 2000.
[12] Carpenter,B.,“互联网透明度”,RFC 27752000年2月。
[13] Reed, D., "The End of the End-to-End Argument?", http://www.reed.com/dprframeweb/ dprframe.asp?section=paper&fn=endofendtoend.html, April 2000.
[13] 里德,D.,“端到端论证的结尾?”,http://www.reed.com/dprframeweb/ dprframe.asp?section=paper&fn=endofendtoend.html,2000年4月。
[14] Moors, T., "A Critical Review of End-to-end Arguments in System Design," Proc. 2000 IEEE International Conference on Communications, pp. 1214-1219, April, 2002.
[14] Moors,T.,“系统设计中端到端参数的批判性评论”,Proc。2000年IEEE国际通信会议,第1214-1219页,2002年4月。
[15] Ramsdell, B., Ed., "S/MIME Version 3 Message Specification", RFC 2633, June 1999.
[15] Ramsdell,B.,编辑,“S/MIME版本3消息规范”,RFC 2633,1999年6月。
[16] Huston, G., "Next Steps for the IP QoS Architecture", RFC 2990, November 2000.
[16] Huston,G.“IP QoS架构的下一步”,RFC 29902000年11月。
[17] Goldberg, I., Wagner, D., and Brewer, E., "Privacy-enhancing technologies for the Internet," Proceedings of IEEE COMPCON 97, pp. 103-109, 1997.
[17] Goldberg,I.,Wagner,D.,和Brewer,E.,“互联网隐私增强技术”,IEEE COMPCON 97会议录,第103-109页,1997年。
Internet Architecture Board EMail: iab@iab.org
互联网架构委员会电子邮件:iab@iab.org
IAB Membership at time this document was completed:
本文件完成时的IAB成员资格:
Bernard Aboba Harald Alvestrand Rob Austein Leslie Daigle Patrik Faltstrom Sally Floyd Jun-ichiro Itojun Hagino Mark Handley Geoff Huston Charlie Kaufman James Kempf Eric Rescorla Mike St. Johns
伯纳德·阿博巴·哈拉尔·阿尔维斯特兰德·罗布·奥斯汀·莱斯利·戴格尔·帕特里克·法尔茨特罗姆·萨利·弗洛伊德·朱尼·伊特罗·伊藤俊哈吉诺·马克·汉德利·杰夫·休斯顿、查理·考夫曼、詹姆斯·坎普夫、埃里克·雷斯科拉、迈克·圣约翰
Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78 and except as set forth therein, the authors retain all their rights.
版权所有(C)互联网协会(2004年)。本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。