Internet Engineering Task Force (IETF)                        P. Eardley
Request for Comments: 7594                                            BT
Category: Informational                                        A. Morton
ISSN: 2070-1721                                                AT&T Labs
                                                              M. Bagnulo
                                                                    UC3M
                                                            T. Burbridge
                                                                      BT
                                                               P. Aitken
                                                                 Brocade
                                                               A. Akhter
                                                              Consultant
                                                          September 2015
        
Internet Engineering Task Force (IETF)                        P. Eardley
Request for Comments: 7594                                            BT
Category: Informational                                        A. Morton
ISSN: 2070-1721                                                AT&T Labs
                                                              M. Bagnulo
                                                                    UC3M
                                                            T. Burbridge
                                                                      BT
                                                               P. Aitken
                                                                 Brocade
                                                               A. Akhter
                                                              Consultant
                                                          September 2015
        

A Framework for Large-Scale Measurement of Broadband Performance (LMAP)

宽带性能的大规模测量框架(LMAP)

Abstract

摘要

Measuring broadband service on a large scale requires a description of the logical architecture and standardisation of the key protocols that coordinate interactions between the components. This document presents an overall framework for large-scale measurements. It also defines terminology for LMAP (Large-Scale Measurement of Broadband Performance).

大规模测量宽带服务需要描述协调组件之间交互的关键协议的逻辑架构和标准化。本文件介绍了大规模测量的总体框架。它还定义了LMAP(宽带性能的大规模测量)的术语。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7594.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7594.

Copyright Notice

版权公告

Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Outline of an LMAP-Based Measurement System . . . . . . . . .   5
   3.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   9
   4.  Constraints . . . . . . . . . . . . . . . . . . . . . . . . .  12
     4.1.  The Measurement System Is Under the Direction of a Single
           Organisation  . . . . . . . . . . . . . . . . . . . . . .  13
     4.2.  Each MA May Only Have a Single Controller at Any Point in
           Time  . . . . . . . . . . . . . . . . . . . . . . . . . .  13
   5.  Protocol Model  . . . . . . . . . . . . . . . . . . . . . . .  13
     5.1.  Bootstrapping Process . . . . . . . . . . . . . . . . . .  14
     5.2.  Control Protocol  . . . . . . . . . . . . . . . . . . . .  15
       5.2.1.  Configuration . . . . . . . . . . . . . . . . . . . .  15
       5.2.2.  Instruction . . . . . . . . . . . . . . . . . . . . .  16
       5.2.3.  Capabilities, Failure, and Logging Information  . . .  20
     5.3.  Operation of Measurement Tasks  . . . . . . . . . . . . .  22
       5.3.1.  Starting and Stopping Measurement Tasks . . . . . . .  22
       5.3.2.  Overlapping Measurement Tasks . . . . . . . . . . . .  24
     5.4.  Report Protocol . . . . . . . . . . . . . . . . . . . . .  24
       5.4.1.  Reporting of the Subscriber's Service Parameters  . .  26
     5.5.  Operation of LMAP over the Underlying Packet Transfer
           Mechanism . . . . . . . . . . . . . . . . . . . . . . . .  26
     5.6.  Items beyond the Scope of the Initial LMAP Work . . . . .  27
       5.6.1.  End-User-Controlled Measurement System  . . . . . . .  28
   6.  Deployment Considerations . . . . . . . . . . . . . . . . . .  29
     6.1.  Controller and the Measurement System . . . . . . . . . .  29
     6.2.  Measurement Agent . . . . . . . . . . . . . . . . . . . .  30
       6.2.1.  Measurement Agent on a Networked Device . . . . . . .  30
       6.2.2.  Measurement Agent Embedded in a Site Gateway  . . . .  31
       6.2.3.  Measurement Agent Embedded behind a Site NAT or
               Firewall  . . . . . . . . . . . . . . . . . . . . . .  31
        
   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Outline of an LMAP-Based Measurement System . . . . . . . . .   5
   3.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   9
   4.  Constraints . . . . . . . . . . . . . . . . . . . . . . . . .  12
     4.1.  The Measurement System Is Under the Direction of a Single
           Organisation  . . . . . . . . . . . . . . . . . . . . . .  13
     4.2.  Each MA May Only Have a Single Controller at Any Point in
           Time  . . . . . . . . . . . . . . . . . . . . . . . . . .  13
   5.  Protocol Model  . . . . . . . . . . . . . . . . . . . . . . .  13
     5.1.  Bootstrapping Process . . . . . . . . . . . . . . . . . .  14
     5.2.  Control Protocol  . . . . . . . . . . . . . . . . . . . .  15
       5.2.1.  Configuration . . . . . . . . . . . . . . . . . . . .  15
       5.2.2.  Instruction . . . . . . . . . . . . . . . . . . . . .  16
       5.2.3.  Capabilities, Failure, and Logging Information  . . .  20
     5.3.  Operation of Measurement Tasks  . . . . . . . . . . . . .  22
       5.3.1.  Starting and Stopping Measurement Tasks . . . . . . .  22
       5.3.2.  Overlapping Measurement Tasks . . . . . . . . . . . .  24
     5.4.  Report Protocol . . . . . . . . . . . . . . . . . . . . .  24
       5.4.1.  Reporting of the Subscriber's Service Parameters  . .  26
     5.5.  Operation of LMAP over the Underlying Packet Transfer
           Mechanism . . . . . . . . . . . . . . . . . . . . . . . .  26
     5.6.  Items beyond the Scope of the Initial LMAP Work . . . . .  27
       5.6.1.  End-User-Controlled Measurement System  . . . . . . .  28
   6.  Deployment Considerations . . . . . . . . . . . . . . . . . .  29
     6.1.  Controller and the Measurement System . . . . . . . . . .  29
     6.2.  Measurement Agent . . . . . . . . . . . . . . . . . . . .  30
       6.2.1.  Measurement Agent on a Networked Device . . . . . . .  30
       6.2.2.  Measurement Agent Embedded in a Site Gateway  . . . .  31
       6.2.3.  Measurement Agent Embedded behind a Site NAT or
               Firewall  . . . . . . . . . . . . . . . . . . . . . .  31
        
       6.2.4.  Multihomed Measurement Agent  . . . . . . . . . . . .  31
       6.2.5.  Measurement Agent Embedded in an ISP Network  . . . .  32
     6.3.  Measurement Peer  . . . . . . . . . . . . . . . . . . . .  32
     6.4.  Deployment Examples . . . . . . . . . . . . . . . . . . .  33
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  36
   8.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .  38
     8.1.  Categories of Entities with Information of Interest . . .  38
     8.2.  Examples of Sensitive Information . . . . . . . . . . . .  39
     8.3.  Different Privacy Issues Raised by Different Sorts of
           Measurement Methods . . . . . . . . . . . . . . . . . . .  40
     8.4.  Privacy Analysis of the Communication Models  . . . . . .  41
       8.4.1.  MA Bootstrapping  . . . . . . . . . . . . . . . . . .  41
       8.4.2.  Controller <-> Measurement Agent  . . . . . . . . . .  42
       8.4.3.  Collector <-> Measurement Agent . . . . . . . . . . .  43
       8.4.4.  Measurement Peer <-> Measurement Agent  . . . . . . .  43
       8.4.5.  Measurement Agent . . . . . . . . . . . . . . . . . .  45
       8.4.6.  Storage and Reporting of Measurement Results  . . . .  46
     8.5.  Threats . . . . . . . . . . . . . . . . . . . . . . . . .  46
       8.5.1.  Surveillance  . . . . . . . . . . . . . . . . . . . .  46
       8.5.2.  Stored Data Compromise  . . . . . . . . . . . . . . .  47
       8.5.3.  Correlation and Identification  . . . . . . . . . . .  47
       8.5.4.  Secondary Use and Disclosure  . . . . . . . . . . . .  48
     8.6.  Mitigations . . . . . . . . . . . . . . . . . . . . . . .  48
       8.6.1.  Data Minimisation . . . . . . . . . . . . . . . . . .  48
       8.6.2.  Anonymity . . . . . . . . . . . . . . . . . . . . . .  49
       8.6.3.  Pseudonymity  . . . . . . . . . . . . . . . . . . . .  50
       8.6.4.  Other Mitigations . . . . . . . . . . . . . . . . . .  50
   9.  Informative References  . . . . . . . . . . . . . . . . . . .  51
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  54
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  54
        
       6.2.4.  Multihomed Measurement Agent  . . . . . . . . . . . .  31
       6.2.5.  Measurement Agent Embedded in an ISP Network  . . . .  32
     6.3.  Measurement Peer  . . . . . . . . . . . . . . . . . . . .  32
     6.4.  Deployment Examples . . . . . . . . . . . . . . . . . . .  33
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  36
   8.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .  38
     8.1.  Categories of Entities with Information of Interest . . .  38
     8.2.  Examples of Sensitive Information . . . . . . . . . . . .  39
     8.3.  Different Privacy Issues Raised by Different Sorts of
           Measurement Methods . . . . . . . . . . . . . . . . . . .  40
     8.4.  Privacy Analysis of the Communication Models  . . . . . .  41
       8.4.1.  MA Bootstrapping  . . . . . . . . . . . . . . . . . .  41
       8.4.2.  Controller <-> Measurement Agent  . . . . . . . . . .  42
       8.4.3.  Collector <-> Measurement Agent . . . . . . . . . . .  43
       8.4.4.  Measurement Peer <-> Measurement Agent  . . . . . . .  43
       8.4.5.  Measurement Agent . . . . . . . . . . . . . . . . . .  45
       8.4.6.  Storage and Reporting of Measurement Results  . . . .  46
     8.5.  Threats . . . . . . . . . . . . . . . . . . . . . . . . .  46
       8.5.1.  Surveillance  . . . . . . . . . . . . . . . . . . . .  46
       8.5.2.  Stored Data Compromise  . . . . . . . . . . . . . . .  47
       8.5.3.  Correlation and Identification  . . . . . . . . . . .  47
       8.5.4.  Secondary Use and Disclosure  . . . . . . . . . . . .  48
     8.6.  Mitigations . . . . . . . . . . . . . . . . . . . . . . .  48
       8.6.1.  Data Minimisation . . . . . . . . . . . . . . . . . .  48
       8.6.2.  Anonymity . . . . . . . . . . . . . . . . . . . . . .  49
       8.6.3.  Pseudonymity  . . . . . . . . . . . . . . . . . . . .  50
       8.6.4.  Other Mitigations . . . . . . . . . . . . . . . . . .  50
   9.  Informative References  . . . . . . . . . . . . . . . . . . .  51
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  54
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  54
        
1. Introduction
1. 介绍

There is a desire to be able to coordinate the execution of broadband measurements and the collection of measurement results across a large scale set of Measurement Agents (MAs). These MAs could be software-based agents on PCs, embedded agents in consumer devices (such as TVs or gaming consoles), embedded in service-provider-controlled devices such as set-top boxes and home gateways, or simply dedicated probes. MAs may also be embedded on a device that is part of an ISP's network, such as a DSLAM (Digital Subscriber Line Access Multiplexer), router, Carrier Grade NAT (Network Address Translator), or ISP Gateway. It is expected that a measurement system could easily encompass a few hundred thousand or even millions of such MAs. Such a scale presents unique problems in coordination, execution, and measurement result collection. Several use cases have been proposed for large-scale measurements including:

人们希望能够协调宽带测量的执行和跨大规模测量代理(MAs)收集测量结果。这些MAs可以是基于PC的软件代理、消费类设备(如电视或游戏机)中的嵌入式代理、服务提供商控制的设备(如机顶盒和家庭网关)中的嵌入式代理,或者只是专用探头。MAs还可以嵌入到作为ISP网络一部分的设备上,例如DSLAM(数字用户线路接入多路复用器)、路由器、载波级NAT(网络地址转换器)或ISP网关。预计一个测量系统可以很容易地包含几十万甚至数百万这样的毫安时。这种规模在协调、执行和测量结果收集方面存在独特的问题。已针对大规模测量提出了几个用例,包括:

o Operators: to help plan their network and identify faults

o 运营商:帮助规划其网络并识别故障

o Regulators: to benchmark several network operators and support public policy development

o 监管机构:对几家网络运营商进行基准测试,并支持公共政策制定

Further details of the use cases can be found in [RFC7536]. The LMAP framework should be useful for these, as well as other use cases, such as to help end users run diagnostic checks like a network speed test.

有关用例的更多详细信息,请参见[RFC7536]。LMAP框架应该对这些以及其他用例有用,例如帮助最终用户运行诊断检查,如网络速度测试。

The LMAP framework has three basic elements: Measurement Agents, Controllers, and Collectors.

LMAP框架有三个基本元素:测量代理、控制器和收集器。

Measurement Agents (MAs) initiate the actual measurements, which are called Measurement Tasks in the LMAP terminology. In principle, there are no restrictions on the type of device in which the MA function resides.

测量代理(MA)启动实际测量,在LMAP术语中称为测量任务。原则上,MA功能所在的设备类型没有限制。

The Controller instructs one or more MAs and communicates the set of Measurement Tasks an MA should perform and when. For example, it may instruct an MA at a home gateway: "Measure the 'UDP latency' with www.example.org; repeat every hour at xx.05". The Controller also manages an MA by instructing it on how to report the Measurement Results, for example: "Report results once a day in a batch at 4am". We refer to these as the Measurement Schedule and Report Schedule.

控制器指示一个或多个MA,并告知MA应执行的一组测量任务和时间。例如,它可以指示家庭网关上的MA:“使用www.example.org测量‘UDP延迟’;在xx.05每小时重复一次”。控制器还通过指示MA如何报告测量结果来管理MA,例如:“每天早上4点批量报告一次结果”。我们将其称为测量计划和报告计划。

The Collector accepts Reports from the MAs with the Results from their Measurement Tasks. Therefore, the MA is a device that gets Instructions from the Controller, initiates the Measurement Tasks, and reports to the Collector. The communications between these three LMAP functions are structured according to a Control Protocol and a Report Protocol.

收集器接受来自MAs的报告及其测量任务的结果。因此,MA是从控制器获取指令、启动测量任务并向收集器报告的设备。这三个LMAP功能之间的通信是根据控制协议和报告协议构建的。

The design goals are the following large-scale Measurement System features:

设计目标为以下大型测量系统功能:

o Standardised - in terms of the Measurement Tasks that they perform, the components, the data models, and the protocols for transferring information between the components. Amongst other things, standardisation enables meaningful comparisons of measurements made of the same Metric at different times and places, and provides the operator of a Measurement System with criteria for evaluation of the different solutions that can be used for various purposes including buying decisions (such as buying the various components from different vendors). Today's systems are proprietary in some or all of these aspects.

o 标准化-就其执行的测量任务、组件、数据模型以及组件之间传输信息的协议而言。除其他事项外,标准化使同一度量在不同时间和地点进行的测量能够进行有意义的比较,并为测量系统的操作员提供评估不同解决方案的标准,这些解决方案可用于各种目的,包括购买决策(例如从不同的供应商处购买各种组件)。今天的系统在某些或所有这些方面都是专有的。

o Large-scale - [RFC7536] envisages Measurement Agents in every home gateway and edge device such as set-top boxes and tablet computers, and located throughout the Internet as well [RFC7398]. It is expected that a Measurement System could easily encompass a few hundred thousand or even millions of Measurement Agents. Existing systems have up to a few thousand MAs (without judging how much further they could scale).

o 大规模-[RFC7536]设想在每个家庭网关和边缘设备(如机顶盒和平板电脑)中使用测量代理,并在整个互联网中使用[RFC7398]。预计一个测量系统可以很容易地包含几十万甚至数百万个测量代理。现有的系统有几千个MAs(不判断它们可以扩展到多大)。

o Diversity - a Measurement System should handle Measurement Agents from different vendors that are in wired and wireless networks, can execute different sorts of Measurement Tasks, are on devices with IPv4 or IPv6 addresses, and so on.

o 多样性-测量系统应处理来自不同供应商的测量代理,这些供应商位于有线和无线网络中,可以执行不同类型的测量任务,位于具有IPv4或IPv6地址的设备上,等等。

o Privacy Respecting - the protocols and procedures should respect the sensitive information of all those involved in measurements.

o 尊重隐私-协议和程序应尊重所有参与测量的人员的敏感信息。

2. Outline of an LMAP-Based Measurement System
2. 基于LMAP的测量系统概述

In this section, we provide an overview of the whole Measurement System. New LMAP-specific terms are capitalised; Section 3 provides a terminology section with a compilation of all the LMAP terms and their definitions. Section 4 onwards considers the LMAP components in more detail.

在本节中,我们将概述整个测量系统。新的LMAP特定条款大写;第3节提供了术语部分,包括所有LMAP术语及其定义的汇编。第4节以后将更详细地讨论LMAP组件。

Other LMAP specifications will define an Information Model, the associated Data Models, and select/extend one or more protocols for the secure communication: firstly, a Control Protocol, for a Controller to instruct Measurement Agents regarding which performance Metrics to measure, when to measure them, and how/when to report the measurement results to a Collector; secondly, a Report Protocol, for a Measurement Agent to report the results to the Collector.

其他LMAP规范将定义信息模型、相关数据模型,并为安全通信选择/扩展一个或多个协议:首先,控制协议,用于控制器指示测量代理测量哪些性能指标,何时测量它们,以及如何/何时向收集器报告测量结果;第二,报告协议,用于测量代理向收集器报告结果。

Figure 1 shows the main components of a Measurement System, and the interactions of those components. Some of the components are outside the scope of initial LMAP work.

图1显示了测量系统的主要组件以及这些组件之间的相互作用。一些组件不在初始LMAP工作范围内。

The MA performs Measurement Tasks. One possibility is that the MA observes existing traffic. Another possibility is for the MA to generate (or receive) traffic specially created for the purpose and measure some Metric associated with its transfer. Figure 1 includes both possibilities (in practice, it may be more usual for an MA to do one) whilst Section 6.4 shows some examples of possible arrangements of the components.

MA执行测量任务。一种可能性是MA观察现有流量。另一种可能性是MA生成(或接收)专门为此目的创建的通信量,并测量与其传输相关的一些度量。图1包括了这两种可能性(实际上,MA可能更常见于此),而第6.4节显示了部件可能布置的一些示例。

The MAs are pieces of code that can be executed in specialised hardware (hardware probe) or on a general-purpose device (like a PC or mobile phone). A device with a Measurement Agent may have multiple physical interfaces (Wi-Fi, Ethernet, DSL (Digital

MAs是可以在专用硬件(硬件探测器)或通用设备(如PC或移动电话)上执行的代码片段。带有测量代理的设备可能具有多个物理接口(Wi-Fi、以太网、DSL(数字

Subscriber Line); and non-physical interfaces such as PPPoE (Point-to-Point Protocol over Ethernet) or IPsec) and the Measurement Tasks may specify any one of these.

用户线);和非物理接口,如PPPoE(以太网点对点协议)或IPsec)以及测量任务可以指定其中任何一个。

The Controller manages an MA through use of the Control Protocol, which transfers the Instruction to the MA. This describes the Measurement Tasks the MA should perform and when. For example the Controller may instruct an MA at a home gateway: "Count the number of TCP SYN packets observed in a 1 minute interval; repeat every hour at xx.05 + Unif[0,180] seconds". The Measurement Schedule determines when the Measurement Tasks are executed. The Controller also manages an MA by instructing it on how to report the Measurement Results, for example: "Report results once a day in a batch at 4am + Unif[0,180] seconds; if the end user is active then delay the report 5 minutes." The Report Schedule determines when the Reports are uploaded to the Collector. The Measurement Schedule and Report Schedule can define one-off (non-recurring) actions (for example, "Do measurement now", "Report as soon as possible"), as well as recurring ones.

控制器通过使用控制协议管理MA,该协议将指令传输给MA。这说明了MA应执行的测量任务和时间。例如,控制器可指示家庭网关处的MA:“计算在1分钟间隔内观察到的TCP SYN数据包的数量;在xx.05+Unif[0180]秒时每小时重复一次”。测量计划确定何时执行测量任务。控制器还通过指示MA如何报告测量结果来管理MA,例如:“在凌晨4点+Unif[0180]秒时,一批每天报告一次结果;如果最终用户处于活动状态,则延迟报告5分钟。”报告时间表确定报告何时上载到收集器。度量计划和报告计划可以定义一次性(非周期性)操作(例如,“立即进行度量”、“尽快报告”),以及周期性操作。

The Collector accepts a Report from an MA with the Measurement Results from its Measurement Tasks. It then provides the Results to a repository.

收集器接受来自MA的报告及其测量任务的测量结果。然后将结果提供给存储库。

A Measurement Method defines how to measure a Metric of interest. It is very useful to standardise Measurement Methods, so that it is meaningful to compare measurements of the same Metric made at different times and places. It is also useful to define a registry for commonly used Metrics [IPPM-REG] so that a Metric and its associated Measurement Method can be referred to simply by its identifier in the registry. The registry will hopefully be referenced by other standards organisations. The Measurement Methods may be defined by the IETF, locally, or by some other standards body.

度量方法定义了如何度量感兴趣的度量。将测量方法标准化非常有用,因此比较在不同时间和地点进行的相同度量的测量结果是有意义的。为常用度量定义注册表[IPPM-REG]也很有用,这样可以通过注册表中的标识符简单地引用度量及其相关测量方法。该注册处有望被其他标准组织引用。测量方法可由IETF、本地或其他一些标准机构定义。

Broadly speaking there are two types of Measurement Methods. In both types, a Measurement Agent measures a particular Observed Traffic Flow. It may involve a single MA simply observing existing traffic -- for example, the Measurement Agent could count bytes or calculate the average loss for a particular flow. On the other hand, a Measurement Method may observe traffic created specifically for the purpose of measurement. This requires multiple network entities, which perform different roles. For example, to measure the round trip delay one possible Measurement Method would consist of an MA sending an ICMP (Internet Control Message Protocol) ECHO request ("ping") to a responder in the Internet. In LMAP terms, the responder is termed a Measurement Peer (MP), meaning that it helps the MA but is not managed by the Controller. Other Measurement Methods involve a second MA, with the Controller instructing the MAs in a coordinated manner. Traffic generated specifically as part of

广义上讲,有两种测量方法。在这两种类型中,测量代理测量特定的观测交通流。它可能只涉及一个MA来观察现有流量——例如,测量代理可以计算字节数或计算特定流量的平均损失。另一方面,测量方法可以观察专门为测量目的而创建的流量。这需要多个网络实体,它们执行不同的角色。例如,为了测量往返延迟,一种可能的测量方法将包括MA向因特网中的响应者发送ICMP(因特网控制消息协议)回送请求(“ping”)。在LMAP术语中,响应者被称为测量对等(MP),这意味着它帮助MA,但不由控制器管理。其他测量方法包括第二次MA,控制器以协调方式指示MAs。专门作为网络的一部分生成的流量

the Measurement Method is termed Measurement Traffic; in the ping example, it is the ICMP ECHO Requests and Replies. The protocols used for the Measurement Traffic are out of the scope of initial LMAP work and fall within the scope of other IETF WGs such as IPPM (IP Performance Metrics).

测量方法称为测量流量;在ping示例中,是ICMP回显请求和回复。用于测量流量的协议不在初始LMAP工作的范围内,并且属于其他IETF工作组的范围,例如IPPM(IP性能度量)。

A Measurement Task is the action performed by a particular MA at a particular time, as the specific instance of its role in a Measurement Method. LMAP is mainly concerned with Measurement Tasks, for instance in terms of its Information Model and Protocols.

测量任务是特定MA在特定时间执行的操作,作为其在测量方法中角色的特定实例。LMAP主要关注测量任务,例如,其信息模型和协议。

For Measurement Results to be truly comparable, as might be required by a regulator, not only do the same Measurement Methods need to be used to assess Metrics, but also the set of Measurement Tasks should follow a similar Measurement Schedule and be of similar number. The details of such a characterisation plan are beyond the scope of IETF work, although it is certainly facilitated by the IETF's work.

为了使测量结果真正具有可比性(监管机构可能要求),不仅需要使用相同的测量方法来评估指标,而且测量任务集也应遵循类似的测量计划,并且具有类似的数量。这种特征化计划的细节超出了IETF的工作范围,尽管IETF的工作确实为其提供了便利。

Both control and report messages are transferred over a secure Channel. A Control Channel is between the Controller and an MA; the Control Protocol delivers Instruction Messages to the MA and Capabilities, Failure, and Logging Information in the reverse direction. A Report Channel is between an MA and Collector, and the Report Protocol delivers Reports to the Collector.

控制和报告消息都通过安全通道传输。控制信道位于控制器和MA之间;控制协议向MA发送指令消息,并以相反方向发送功能、故障和日志信息。报告通道位于MA和收集器之间,报告协议将报告传递给收集器。

Finally, we introduce several components that are outside the scope of initial LMAP work that will be provided through existing protocols or applications. They affect how the Measurement System uses the Measurement Results and how it decides what set of Measurement Tasks to perform. As shown in Figure 1, these components are: the bootstrapper, Subscriber parameter database, data analysis tools, and Results repository.

最后,我们将介绍几个不在初始LMAP工作范围内的组件,这些组件将通过现有协议或应用程序提供。它们影响测量系统如何使用测量结果,以及它如何决定执行哪组测量任务。如图1所示,这些组件是:引导程序、订户参数数据库、数据分析工具和结果存储库。

The MA needs to be bootstrapped with initial details about its Controller, including authentication credentials. The LMAP work considers the Bootstrap process, since it affects the Information Model. However, LMAP does not define a Bootstrap protocol, since it is likely to be technology specific and could be defined by the Broadband Forum, CableLabs, or IEEE depending on the device. Possible protocols are SNMP (Simple Network Management Protocol), NETCONF (Network Configuration Protocol), or (for Home Gateways) CPE WAN Management Protocol (CWMP) from the Auto Configuration Server (ACS) (as specified in TR-069 [TR-069]).

MA需要使用其控制器的初始详细信息(包括身份验证凭据)进行引导。LMAP工作考虑了引导过程,因为它会影响信息模型。然而,LMAP没有定义引导协议,因为它可能是特定于技术的,并且可以由宽带论坛、CableLabs或IEEE根据设备来定义。可能的协议有SNMP(简单网络管理协议)、NETCONF(网络配置协议)或(对于家庭网关)来自自动配置服务器(ACS)的CPE WAN管理协议(CWMP)(如TR-069[TR-069]中所述)。

A Subscriber parameter database contains information about the line, such as the customer's broadband contract (perhaps 2, 40, or 80 Mb/s), the line technology (DSL or fibre), the time zone in which the MA is located, and the type of home gateway and MA. These parameters

用户参数数据库包含有关线路的信息,例如客户的宽带合同(可能为2、40或80 Mb/s)、线路技术(DSL或光纤)、MA所在的时区以及家庭网关和MA的类型。这些参数

are already gathered and stored by existing operations systems. They may affect the choice of what Measurement Tasks to run and how to interpret the Measurement Results. For example, a download test suitable for a line with an 80 Mb/s contract may overwhelm a 2 Mb/s line.

已由现有操作系统收集和存储。它们可能会影响要运行的测量任务的选择以及如何解释测量结果。例如,适用于具有80MB/s合同的线路的下载测试可能会压倒2MB/s线路。

A Results repository records all Measurement Results in an equivalent form, for example an SQL (Structured Query Language) database, so that they can easily be accessed by the data analysis tools.

结果存储库以等效形式记录所有测量结果,例如SQL(结构化查询语言)数据库,以便数据分析工具可以轻松访问这些结果。

The data analysis tools receive the results from the Collector or via the Results repository. They might visualise the data or identify which component or link is likely to be the cause of a fault or degradation. This information could help the Controller decide what follow-up Measurement Task to perform in order to diagnose a fault. The data analysis tools also need to understand the Subscriber's service information, for example, the broadband contract.

数据分析工具从收集器或通过结果存储库接收结果。他们可能会将数据可视化,或确定哪些组件或链路可能是故障或降级的原因。该信息可帮助控制器决定执行何种后续测量任务以诊断故障。数据分析工具还需要了解用户的服务信息,例如宽带合同。

     +--------+      +-----------+              +-----------+      ^
     |End user|      |           |   Observed   | End user  |      |
     |        |<-----|-----------|---Traffic--->|           |      |
     |        |      |           |   Flow       |           |      |
     |        |      |           |              |           |   Non-LMAP
     |        |      |           | Measurement  |           |    Scope
     |        |      |           |<--Traffic--->|           |      |
     +--------+      |           |              +-----------+      |
     ................|...........|.................................V
        <MP>         |Measurement|                  <MP>           ^
                     |Agent:     |                                 |
                     |LMAP       |                                 |
        +----------->|interface  |                                 |
        |            +-----------+                                 |
        |                ^    |                                   LMAP
        |    Instruction |    |  Report                          Scope
        |  (over Control |    | (over Report Channel)              |
        |     Channel)   |    +-----------------------+            |
        |                |                            |            |
        |                |                            |            |
        |                |                            v            |
        |          +------------+               +------------+     |
        |          | Controller |               |  Collector |     |
        |          +------------+               +------------+     v
        |                ^      ^                     |            ^
        |                |      |                     |            |
        |                |      +--------+            |            |
        |                |               |            v            |
     +------------+   +----------+    +--------+    +----------+   |
     |Bootstrapper|   |Subscriber|--->|  data  |<---| Results  |  Non-
     +------------+   |parameter |    |analysis|    |repository|  LMAP
                      |database  |    | tools  |    +----------+ Scope
                      +----------+    +--------+                   |
                                                                   |
                                                                   v
        
     +--------+      +-----------+              +-----------+      ^
     |End user|      |           |   Observed   | End user  |      |
     |        |<-----|-----------|---Traffic--->|           |      |
     |        |      |           |   Flow       |           |      |
     |        |      |           |              |           |   Non-LMAP
     |        |      |           | Measurement  |           |    Scope
     |        |      |           |<--Traffic--->|           |      |
     +--------+      |           |              +-----------+      |
     ................|...........|.................................V
        <MP>         |Measurement|                  <MP>           ^
                     |Agent:     |                                 |
                     |LMAP       |                                 |
        +----------->|interface  |                                 |
        |            +-----------+                                 |
        |                ^    |                                   LMAP
        |    Instruction |    |  Report                          Scope
        |  (over Control |    | (over Report Channel)              |
        |     Channel)   |    +-----------------------+            |
        |                |                            |            |
        |                |                            |            |
        |                |                            v            |
        |          +------------+               +------------+     |
        |          | Controller |               |  Collector |     |
        |          +------------+               +------------+     v
        |                ^      ^                     |            ^
        |                |      |                     |            |
        |                |      +--------+            |            |
        |                |               |            v            |
     +------------+   +----------+    +--------+    +----------+   |
     |Bootstrapper|   |Subscriber|--->|  data  |<---| Results  |  Non-
     +------------+   |parameter |    |analysis|    |repository|  LMAP
                      |database  |    | tools  |    +----------+ Scope
                      +----------+    +--------+                   |
                                                                   |
                                                                   v
        

MP: Measurement Peer

MP:测量对等点

Figure 1: Schematic of main elements of an LMAP-based Measurement System (showing the elements in and out of the scope of initial LMAP work)

图1:基于LMAP的测量系统的主要元件示意图(显示初始LMAP工作范围内和范围外的元件)

3. Terminology
3. 术语

This section defines terminology for LMAP. Please note that defined terms are capitalised throughout.

本节定义了LMAP的术语。请注意,定义的术语始终大写。

Bootstrap: A process that integrates a Measurement Agent into a Measurement System.

引导:将测量代理集成到测量系统中的过程。

Capabilities: Information about the performance measurement capabilities of the MA, in particular the Measurement Method roles and measurement protocol roles that it can perform, and the device hosting the MA, for example its interface type and speed, but not dynamic information.

能力:有关MA的性能测量能力的信息,特别是它可以执行的测量方法角色和测量协议角色,以及承载MA的设备,例如其接口类型和速度,但不包括动态信息。

Channel: A bidirectional logical connection that is defined by a specific Controller and MA, or Collector and MA, plus associated security.

通道:由特定控制器和MA或收集器和MA以及相关安全性定义的双向逻辑连接。

Collector: A function that receives a Report from an MA.

收集器:从MA接收报告的函数。

Configuration: A process for informing the MA about its MA-ID, (optional) Group-ID, and Control Channel.

配置:通知MA其MA-ID、(可选)组ID和控制通道的过程。

Controller: A function that provides a Measurement Agent with its Instruction.

控制器:为测量代理提供指令的功能。

Control Channel: A Channel between a Controller and an MA over which Instruction Messages and Capabilities, Failure, and Logging Information are sent.

控制通道:控制器和MA之间的通道,通过该通道发送指令消息和功能、故障和日志信息。

Control Protocol: The protocol delivering Instruction(s) from a Controller to a Measurement Agent. It also delivers Capabilities, Failure, and Logging Information from the Measurement Agent to the Controller. It can also be used to update the MA's Configuration. It runs over the Control Channel.

控制协议:从控制器向测量代理发送指令的协议。它还将功能、故障和日志信息从测量代理传递到控制器。它还可用于更新MA的配置。它通过控制通道运行。

Cycle-ID: A tag that is sent by the Controller in an Instruction and echoed by the MA in its Report. The same Cycle-ID is used by several MAs that use the same Measurement Method for a Metric with the same Input Parameters. Hence, the Cycle-ID allows the Collector to easily identify Measurement Results that should be comparable.

周期ID:由控制器在指令中发送并由MA在其报告中回显的标记。相同的周期ID由多个MA使用,这些MA对具有相同输入参数的度量使用相同的测量方法。因此,循环ID允许收集器轻松识别应具有可比性的测量结果。

Data Model: The implementation of an Information Model in a particular data modelling language [RFC3444].

数据模型:用特定数据建模语言实现信息模型[RFC3444]。

Environmental Constraint: A parameter that is measured as part of the Measurement Task, its value determining whether the rest of the Measurement Task proceeds.

环境约束:作为测量任务的一部分进行测量的参数,其值决定是否继续测量任务的其余部分。

Failure Information: Information about the MA's failure to take action or execute an Instruction, whether concerning Measurement Tasks or Reporting.

故障信息:有关MA未能采取行动或执行指令的信息,无论是与测量任务或报告有关的信息。

Group-ID: An identifier of a group of MAs.

组ID:一组MAs的标识符。

Information Model: The protocol-neutral definition of the semantics of the Instructions, the Report, the status of the different elements of the Measurement System, as well of the events in the system [RFC3444].

信息模型:指令语义、报告、测量系统不同元素的状态以及系统中事件的协议中立定义[RFC3444]。

Input Parameter: A parameter whose value is left open by the Metric and its Measurement Method and is set to a specific value in a Measurement Task. Altering the value of an Input Parameter does not change the fundamental nature of the Measurement Task.

输入参数:其值由度量及其测量方法打开,并在测量任务中设置为特定值的参数。改变输入参数的值不会改变测量任务的基本性质。

Instruction: The description of Measurement Tasks for an MA to perform and the details of the Report for it to send. It is the collective description of the Measurement Task configurations, the configuration of the Measurement Schedules, the configuration of the Report Channel(s), the configuration of Report Schedule(s), and the details of any Suppression.

说明:MA要执行的测量任务的说明以及要发送的报告的详细信息。它是测量任务配置、测量计划配置、报告通道配置、报告计划配置以及任何抑制的详细信息的集合描述。

Instruction Message: The message that carries an Instruction from a Controller to a Measurement Agent.

指令消息:将指令从控制器传送到测量代理的消息。

Logging Information: Information about the operation of the Measurement Agent, which may be useful for debugging.

日志信息:有关度量代理操作的信息,可能对调试有用。

Measurement Agent (MA): The function that receives Instruction Messages from a Controller and operates the Instruction by executing Measurement Tasks (using protocols outside the scope of the initial LMAP work and perhaps in concert with one or more other Measurement Agents or Measurement Peers) and (if part of the Instruction) by reporting Measurement Results to a Collector or Collectors.

测量代理(MA):从控制器接收指令消息并通过执行测量任务(使用初始LMAP工作范围之外的协议,可能与一个或多个其他测量代理或测量对等方协调)和(如果是指令的一部分)来操作指令的功能通过向一个或多个收集器报告测量结果。

Measurement Agent Identifier (MA-ID): a Universally Unique IDentifier [RFC4122] that identifies a particular MA and is configured as part of the Bootstrapping process.

测量代理标识符(MA-ID):一个通用唯一标识符[RFC4122],用于标识特定的MA,并作为引导过程的一部分进行配置。

Measurement Method: The process for assessing the value of a Metric; the process of measuring some performance or reliability Metric associated with the transfer of traffic.

测量方法:评估度量值的过程;测量与流量传输相关的某些性能或可靠性指标的过程。

Measurement Peer (MP): The function that assists a Measurement Agent with Measurement Tasks and does not have an interface to the Controller or Collector.

测量对等(MP):协助测量代理执行测量任务的功能,没有与控制器或收集器的接口。

Measurement Result: The output of a single Measurement Task (the value obtained for the Metric).

测量结果:单个测量任务的输出(度量值)。

Measurement Schedule: The schedule for performing Measurement Tasks.

测量计划:执行测量任务的计划。

Measurement System: The set of LMAP-defined and related components that are operated by a single organisation, for the purpose of measuring performance aspects of the network.

测量系统:由单个组织运行的一组LMAP定义和相关组件,用于测量网络的性能方面。

Measurement Task: The action performed by a particular Measurement Agent that consists of the single assessment of a Metric through operation of a Measurement Method role at a particular time, with all of the role's Input Parameters set to specific values.

度量任务:由特定度量代理执行的操作,包括在特定时间通过度量方法角色的操作对度量进行单个评估,并将角色的所有输入参数设置为特定值。

Measurement Traffic: the packet(s) generated by some types of Measurement Method that involve measuring some parameter associated with the transfer of the packet(s).

测量流量:由某些类型的测量方法生成的数据包,这些测量方法涉及测量与数据包传输相关的一些参数。

Metric: The quantity related to the performance and reliability of the network that we'd like to know the value of.

指标:与网络性能和可靠性相关的数量,我们希望了解其价值。

Observed Traffic Flow: In RFC 7011 [RFC7011], a Traffic Flow (or Flow) is defined as "a set of packets or frames passing an Observation Point in the network during a certain time interval. All packets belonging to a particular Flow have a set of common properties," such as packet header fields, characteristics, and treatments. A Flow measured by the LMAP system is termed an Observed Traffic Flow. Its properties are summarised and tabulated in Measurement Results (as opposed to raw capture and export).

观察到的流量:在RFC 7011[RFC7011]中,流量(或流量)定义为“在特定时间间隔内通过网络中观察点的一组数据包或帧。属于特定流量的所有数据包都有一组公共属性”,例如数据包头字段、特征和处理。LMAP系统测量的流量称为观测交通流。其特性在测量结果中汇总并制成表格(与原始捕获和输出相反)。

Report: The set of Measurement Results and other associated information (as defined by the Instruction). The Report is sent by a Measurement Agent to a Collector.

报告:测量结果和其他相关信息的集合(如说明书所定义)。报告由测量代理发送给收集器。

Report Channel: A Channel between a Collector and an MA over which Report messages are sent.

报告通道:收集器和MA之间的通道,通过该通道发送报告消息。

Report Protocol: The protocol delivering Report(s) from a Measurement Agent to a Collector. It runs over the Report Channel.

报告协议:将报告从测量代理传送到收集器的协议。它通过报告通道运行。

Report Schedule: The schedule for sending Reports to a Collector.

报表计划:向收集器发送报表的计划。

Subscriber: An entity (associated with one or more users) that is engaged in a subscription with a service provider.

订户:与服务提供商进行订阅的实体(与一个或多个用户关联)。

Suppression: The temporary cessation of Measurement Tasks.

抑制:测量任务的暂时停止。

4. Constraints
4. 约束条件

The LMAP framework makes some important assumptions, which constrain the scope of the initial LMAP work.

LMAP框架做出了一些重要假设,这些假设限制了LMAP初始工作的范围。

4.1. The Measurement System Is Under the Direction of a Single Organisation

4.1. 测量系统由一个组织指导

In the LMAP framework, the Measurement System is under the direction of a single organisation that is responsible for any impact that its measurements have on a user's quality of experience and privacy. Clear responsibility is critical given that a misbehaving large-scale Measurement System could potentially harm user experience, user privacy, and network security.

在LMAP框架中,测量系统由一个组织指导,该组织负责其测量对用户体验质量和隐私产生的任何影响。鉴于行为不端的大规模测量系统可能会损害用户体验、用户隐私和网络安全,明确责任至关重要。

However, the components of an LMAP Measurement System can be deployed in administrative domains that are not owned by the measuring organisation. Thus, the system of functions deployed by a single organisation constitutes a single LMAP domain, which may span ownership or other administrative boundaries.

但是,LMAP测量系统的组件可以部署在测量组织不拥有的管理域中。因此,由单个组织部署的功能系统构成单个LMAP域,可能跨越所有权或其他管理边界。

4.2. Each MA May Only Have a Single Controller at Any Point in Time
4.2. 每个MA在任何时间点都只能有一个控制器

An MA is instructed by one Controller and is in one Measurement System. The constraint avoids different Controllers giving an MA conflicting instructions and so means that the MA does not have to manage contention between multiple Measurement (or Report) Schedules. This simplifies the design of MAs (critical for a large-scale infrastructure) and allows a Measurement Schedule to be tested on specific types of MAs before deployment to ensure that the end-user experience is not impacted (due to CPU, memory, or broadband-product constraints). However, a Measurement System may have several Controllers.

MA由一个控制器指示,位于一个测量系统中。该约束避免了不同控制器向MA发出相互冲突的指令,因此意味着MA不必管理多个测量(或报告)计划之间的争用。这简化了MAs的设计(对于大型基础设施来说至关重要),并允许在部署之前对特定类型的MAs测试测量计划,以确保最终用户体验不会受到影响(由于CPU、内存或宽带产品的限制)。但是,测量系统可能有多个控制器。

5. Protocol Model
5. 协议模型

A protocol model [RFC4101] presents an architectural model for how the protocol operates and needs to answer three basic questions:

协议模型[RFC4101]提供了协议如何运行的体系结构模型,需要回答三个基本问题:

1. What problem is the protocol trying to address?

1. 协议试图解决什么问题?

2. What messages are being transmitted and what do they mean?

2. 正在传输的信息是什么?它们意味着什么?

3. What are the important, but not obvious [sic], features of the protocol?

3. 协议的重要但不明显的[原文如此]特征是什么?

An LMAP system goes through the following phases:

LMAP系统经历以下阶段:

o a Bootstrapping process before the MA can take part in the other three phases.

o MA可以参与其他三个阶段之前的自举过程。

o a Control Protocol, which delivers Instruction Messages from a Controller to an MA (amongst other things).

o 一种控制协议,它将指令消息从控制器传送到MA(除其他外)。

o the actual Measurement Tasks, which measure some performance or reliability Metric(s) associated with the transfer of packets.

o 实际测量任务,用于测量与数据包传输相关的一些性能或可靠性指标。

o a Report Protocol, which delivers Reports containing the Measurement Results from an MA to a Collector.

o 一种报告协议,它将包含测量结果的报告从MA发送到收集器。

The figures show the various LMAP messages and use the following conventions:

图中显示了各种LMAP消息,并使用以下约定:

o (optional): indicated by round brackets

o (可选):用圆括号表示

o [potentially repeated]: indicated by square brackets

o [可能重复]:用方括号表示

The protocol model is closely related to the Information Model [LMAP-INFO], which is the abstract definition of the information carried by the protocol. (If there is any difference between this document and the Information Model, the latter is definitive.) The purpose of both is to provide a protocol and device-independent view, which can be implemented via specific protocols. LMAP defines a specific Control Protocol and Report Protocol, but others could be defined by other standards bodies or be proprietary. However, it is important that they all implement the same Information Model and protocol model, in order to ease the definition, operation, and interoperability of large-scale Measurement Systems.

协议模型与信息模型[LMAP-INFO]密切相关,后者是协议所承载信息的抽象定义。(如果本文档和信息模型之间存在任何差异,则后者是确定的。)两者的目的都是提供协议和设备独立视图,可通过特定协议实现。LMAP定义了特定的控制协议和报告协议,但其他协议可以由其他标准机构定义,也可以是专有的。然而,为了简化大型测量系统的定义、操作和互操作性,它们必须实现相同的信息模型和协议模型。

5.1. Bootstrapping Process
5.1. 自举过程

The primary purpose of Bootstrapping is to enable an MA to be integrated into a Measurement System. The MA retrieves information about itself (like its identity in the Measurement System) and about the Controller, the Controller learns information about the MA, and they learn about security information to communicate (such as certificates and credentials).

自举的主要目的是使MA能够集成到测量系统中。MA检索有关其自身(如其在测量系统中的身份)和控制器的信息,控制器了解有关MA的信息,并且他们了解要通信的安全信息(如证书和凭证)。

Whilst this memo considers the Bootstrapping process, it is beyond the scope of initial LMAP work to define a Bootstrap mechanism, as it depends on the type of device and access.

虽然本备忘录考虑了引导过程,但定义引导机制超出了初始LMAP工作的范围,因为它取决于设备和访问的类型。

As a result of the Bootstrapping process, the MA learns the following information ([LMAP-INFO] defines the consequent list of information elements):

作为引导过程的结果,MA学习以下信息([LMAP-INFO]定义了随后的信息元素列表):

o its identifier, either its MA-ID or a device identifier such as one of its Media Access Control (MAC) addresses or both.

o 其标识符,其MA-ID或设备标识符,如其媒体访问控制(MAC)地址之一或两者。

o (optionally) a Group-ID, shared by several MAs and could be useful for privacy reasons. For instance, reporting the Group-ID and not the MA-ID could hinder tracking of a mobile device.

o (可选)由多个MA共享的组ID,出于隐私原因可能有用。例如,报告组ID而不是MA-ID可能会妨碍对移动设备的跟踪。

o the Control Channel, which is defined by:

o 控制通道,其定义如下:

* the address that identifies the Control Channel, such as the Controller's FQDN (Fully Qualified Domain Name) [RFC1035]).

* 标识控制通道的地址,例如控制器的FQDN(完全限定域名)[RFC1035])。

* security information (for example, to enable the MA to decrypt the Instruction Message and encrypt messages sent to the Controller).

* 安全信息(例如,使MA能够解密指令消息并加密发送给控制器的消息)。

The details of the Bootstrapping process are device/access specific. For example, the information could be in the firmware, manually configured, or transferred via a protocol like that described in TR-069 [TR-069]. There may be a multi-stage process where the MA contacts a 'hard-coded' address, which replies with the Bootstrapping information.

引导过程的详细信息是特定于设备/访问的。例如,信息可以在固件中,手动配置,或通过TR-069[TR-069]中描述的协议传输。可能存在一个多阶段过程,其中MA联系一个“硬编码”地址,该地址用引导信息进行回复。

The MA must learn its MA-ID before getting an Instruction, either during Bootstrapping or via Configuration (Section 5.2.1).

在引导过程中或通过配置(第5.2.1节)获取指令之前,MA必须学习其MA-ID。

5.2. Control Protocol
5.2. 控制协议

The primary purpose of the Control Protocol is to allow the Controller to configure a Measurement Agent with an Instruction about what Measurement Tasks to do, when to do them, and how to report the Measurement Results (Section 5.2.2). The Measurement Agent then acts on the Instruction autonomously. The Control Protocol also enables the MA to inform the Controller about its Capabilities and any Failure and Logging Information (Section 5.2.3). Finally, the Control Protocol allows the Controller to update the MA's Configuration.

控制协议的主要目的是允许控制器配置测量代理,并提供关于执行哪些测量任务、何时执行以及如何报告测量结果的说明(第5.2.2节)。然后,测量代理自动执行指令。控制协议还使MA能够通知控制器其能力以及任何故障和日志信息(第5.2.3节)。最后,控制协议允许控制器更新MA的配置。

5.2.1. Configuration
5.2.1. 配置

Configuration allows the Controller to update the MA about some or all of the information that it obtained during the Bootstrapping process: the MA-ID, the (optional) Group-ID, and the Control Channel. Figure 2 outlines the Configuration process. The Measurement System might use Configuration for several reasons. For example, the Bootstrapping process could 'hard code' the MA with details of an initial Controller, and then the initial Controller could configure the MA with details about the Controller that sends Instruction Messages. (Note that an MA only has one Control Channel, so it is associated with only one Controller, at any moment.)

配置允许控制器更新MA在引导过程中获得的部分或全部信息:MA-ID(可选)组ID和控制通道。图2概述了配置过程。测量系统可能出于几个原因使用配置。例如,引导过程可以使用初始控制器的详细信息“硬编码”MA,然后初始控制器可以使用发送指令消息的控制器的详细信息配置MA。(请注意,MA只有一个控制通道,因此它在任何时候都只与一个控制器关联。)

Note that an implementation may choose to combine Configuration information and an Instruction Message into a single message.

注意,实现可以选择将配置信息和指令消息组合成单个消息。

   +-----------------+                                   +-------------+
   |                 |                                   | Measurement |
   |  Controller     |===================================|  Agent      |
   +-----------------+                                   +-------------+
        
   +-----------------+                                   +-------------+
   |                 |                                   | Measurement |
   |  Controller     |===================================|  Agent      |
   +-----------------+                                   +-------------+
        
   Configuration information:               ->
   (MA-ID),
   (Group-ID),
   (Control Channel)
                                            <-        Response(details)
        
   Configuration information:               ->
   (MA-ID),
   (Group-ID),
   (Control Channel)
                                            <-        Response(details)
        

MA: Measurement Agent

MA:测量代理

Figure 2: Outline of Configuration

图2:配置概要

5.2.2. Instruction
5.2.2. 指示

The Instruction is the description of the Measurement Tasks for a Measurement Agent to do and the details of the Measurement Reports for it to send. Figure 3 outlines the Instruction process. In order to update the Instruction, the Controller uses the Control Protocol to send an Instruction Message over the Control Channel.

本说明描述了测量代理要执行的测量任务以及要发送的测量报告的详细信息。图3概述了教学过程。为了更新指令,控制器使用控制协议通过控制通道发送指令消息。

   +-----------------+                                   +-------------+
   |                 |                                   | Measurement |
   |  Controller     |===================================|  Agent      |
   +-----------------+                                   +-------------+
        
   +-----------------+                                   +-------------+
   |                 |                                   | Measurement |
   |  Controller     |===================================|  Agent      |
   +-----------------+                                   +-------------+
        

Instruction: -> [(Measurement Task configuration URI of Metric( [Input Parameter], (role) (interface), (Cycle-ID) (measurement point)), (Report Channel), (Schedule), (Suppression information)] <- Response(details)

说明:->[(度量的测量任务配置URI([输入参数],(角色)(接口),(周期ID)(测量点)),(报告通道),(计划),(抑制信息)]<-响应(详细信息)

Figure 3: Outline of Instruction

图3:教学大纲

The Instruction defines the following information ([LMAP-INFO] defines the consequent list of information elements):

该指令定义了以下信息([LMAP-INFO]定义了随后的信息元素列表):

o the Measurement Task configurations, each of which needs:

o 测量任务配置,每个配置都需要:

* the Metric, specified as a URI to a registry entry; it includes the specification of a Measurement Method. The registry could be defined by a standards organisation or locally by the operator of the Measurement System. Note that, at the time of writing, the IETF is working on such a registry specification [IPPM-REG].

* 指标,指定为注册表项的URI;它包括测量方法的规范。登记处可由标准组织或测量系统的运营商在当地定义。请注意,在撰写本文时,IETF正在研究此类注册表规范[IPPM-REG]。

* the Measurement Method role. For some Measurement Methods, different parties play different roles; for example, an iperf sender and receiver (see Section 6.4). Each Metric and its associated Measurement Method will describe all measurement roles involved in the process.

* 测量方法的作用。对于某些测量方法,不同的方扮演不同的角色;例如,iperf发送器和接收器(见第6.4节)。每个度量及其相关的度量方法将描述流程中涉及的所有度量角色。

* a boolean flag (suppress or do-not-suppress) indicating if such a Measurement Task is impacted by a Suppression message (see Section 5.2.2.1). Thus, the flag is an Input Parameter.

* 布尔标志(抑制或不抑制),指示此类测量任务是否受到抑制消息的影响(见第5.2.2.1节)。因此,该标志是一个输入参数。

* any Input Parameters that need to be set for the Metric and the Measurement Method. For example, the address of a Measurement Peer (or other Measurement Agent) that may be involved in a Measurement Task, or traffic filters associated with the Observed Traffic Flow.

* 需要为度量和测量方法设置的任何输入参数。例如,可能涉及测量任务的测量对等方(或其他测量代理)的地址,或与观察到的流量相关联的流量过滤器的地址。

* the interface to use (if not defined, then the default interface is used), if the device with the MA has multiple interfaces.

* 如果具有MA的设备具有多个接口,则要使用的接口(如果未定义,则使用默认接口)。

* optionally, a Cycle-ID.

* 可选地,循环ID。

* optionally, the measurement point designation [RFC7398] of the MA and, if applicable, of the MP or other MA. This can be useful for reporting.

* 可选地,MA的测量点名称[RFC7398],如适用,MP或其他MA的测量点名称。这对于报告非常有用。

o configuration of the Schedules, each of which needs:

o 计划的配置,每个计划都需要:

* the timing of when the Measurement Tasks are to be performed or the Measurement Reports are to be sent. Possible types of timing are periodic, calendar-based periodic, one-off immediate, and one-off at a future time.

* 执行测量任务或发送测量报告的时间。可能的计时类型有周期性、基于日历的周期性、即时一次性和将来一次性。

o configuration of the Report Channel(s), each of which needs:

o 报告通道的配置,每个通道都需要:

* the address of the Collector, for instance its URL.

* 收集器的地址,例如其URL。

* security for this Report Channel, for example, the X.509 certificate.

* 此报告通道的安全性,例如,X.509证书。

o Suppression information, if any (see Section 5.2.2.1).

o 抑制信息(如有)(见第5.2.2.1节)。

A single Instruction Message may contain some or all of the above parts. The finest level of granularity possible in an Instruction Message is determined by the implementation and operation of the Control Protocol. For example, a single Instruction Message may add or update an individual Measurement Schedule -- or it may only update the complete set of Measurement Schedules; a single Instruction Message may update both Measurement Schedules and Measurement Task configurations -- or only one at a time; and so on. However, Suppression information always replaces (rather than adds to) any previous Suppression information.

单个指令消息可能包含上述部分或全部。指令消息中可能的最佳粒度级别由控制协议的实现和操作决定。例如,单个指令消息可能会添加或更新单个测量计划,也可能只会更新整个测量计划集;单个指令消息可以同时更新测量计划和测量任务配置,或者一次只更新一个;等等但是,抑制信息始终替换(而不是添加)任何以前的抑制信息。

The MA informs the Controller that it has successfully understood the Instruction Message, or that it cannot take action on the Instruction -- for example, if it doesn't include a parameter that is mandatory for the requested Metric and Measurement Method, or if it is missing details of the target Collector.

MA通知控制器它已成功理解指令消息,或者它无法对指令采取操作——例如,如果它不包含请求的度量和测量方法所必需的参数,或者如果它缺少目标收集器的详细信息。

The Instruction Message instructs the MA; the Control Protocol does not allow the MA to negotiate, as this would add complexity to the MA, Controller, and Control Protocol for little benefit.

指示消息指示MA;控制协议不允许MA进行协商,因为这会增加MA、控制器和控制协议的复杂性,但好处不大。

5.2.2.1. Suppression
5.2.2.1. 压制

The Instruction may include Suppression information. The main motivation for Suppression is to enable the Measurement System to eliminate Measurement Traffic, because there is some unexpected network issue, for example. There may be other circumstances when Suppression is useful, for example, to eliminate inessential Reporting traffic (even if there is no Measurement Traffic). Figure 4 outlines the Suppression process.

该指令可以包括抑制信息。抑制的主要动机是使测量系统能够消除测量流量,例如,因为存在一些意外的网络问题。当抑制有用时,可能存在其他情况,例如,消除不必要的报告流量(即使没有测量流量)。图4概述了抑制过程。

The Suppression information may include any of the following optional fields:

抑制信息可以包括以下任意可选字段:

o a set of Measurement Tasks to suppress; the others are not suppressed. For example, this could be useful if a particular Measurement Task is overloading a Measurement Peer with Measurement Traffic.

o 一组要抑制的测量任务;其他人没有被压制。例如,如果一个特定的测量任务正在使用测量流量重载一个测量对等点,那么这可能很有用。

o a set of Measurement Schedules to suppress; the others are not suppressed. For example, suppose the Measurement System has defined two Schedules, one with the most critical Measurement Tasks and the other with less critical ones that create a lot of Measurement Traffic, in which case it may only want to suppress the second.

o 要抑制的一组测量计划;其他人没有被压制。例如,假设度量系统定义了两个计划,一个是最关键的度量任务,另一个是创建大量度量流量的不太关键的任务,在这种情况下,它可能只想抑制第二个。

o a set of Reporting Schedules to suppress; the others are not suppressed. This can be particularly useful in the case of a Measurement Method that doesn't generate Measurement Traffic; it may need to continue observing traffic flows but temporarily suppress Reports due to the network footprint of the Reports.

o 一组要抑制的报告计划;其他人没有被压制。这在不产生测量流量的测量方法的情况下特别有用;它可能需要继续观察流量,但由于报告的网络占用空间,暂时禁止报告。

o if all the previous fields are included then the MA suppresses the union -- in other words, it suppresses the set of Measurement Tasks, the set of Measurement Schedules, and the set of Reporting Schedules.

o 如果前面的所有字段都包含在内,那么MA将取消联合--换句话说,它将取消测量任务集、测量计划集和报告计划集。

o if the Suppression information includes neither a set of Measurement Tasks nor a set of Measurement Schedules, then the MA does not begin new Measurement Tasks that have the boolean flag set to suppress; however, the MA does begin new Measurement Tasks that have the flag set to do-not-suppress.

o 如果抑制信息既不包括一组测量任务,也不包括一组测量计划,则MA不开始布尔标志设置为抑制的新测量任务;但是,MA确实开始新的测量任务,该任务的标志设置为“不抑制”。

o a start time, at which Suppression begins. If absent, then Suppression begins immediately.

o 开始时间,从该时间开始抑制。如果不存在,则立即开始抑制。

o an end time, at which Suppression ends. If absent, then Suppression continues until the MA receives an Un-suppress message.

o 结束时间,此时抑制结束。如果不存在,则抑制将继续,直到MA收到取消抑制消息。

o a demand that the MA immediately end on-going Measurement Task(s) that are tagged for Suppression. (Most likely it is appropriate to delete the associated partial Measurement Result(s).) This could be useful in the case of a network emergency so that the operator can eliminate all inessential traffic as rapidly as possible. If absent, the MA completes on-going Measurement Tasks.

o 要求MA立即结束标记为抑制的持续测量任务。(最有可能的是删除相关的部分测量结果。)这在网络紧急情况下非常有用,以便运营商能够尽快消除所有不必要的流量。如果没有,MA将完成正在进行的测量任务。

An Un-suppress message instructs the MA to no longer suppress, meaning that the MA once again begins new Measurement Tasks, according to its Measurement Schedule.

取消抑制消息指示MA不再抑制,这意味着MA根据其测量计划再次开始新的测量任务。

Note that Suppression is not intended to permanently stop a Measurement Task (instead, the Controller should send a new Measurement Schedule), nor to permanently disable an MA (instead, some kind of management action is suggested).

请注意,抑制的目的不是永久停止测量任务(相反,控制器应发送新的测量计划),也不是永久禁用MA(相反,建议采取某种管理措施)。

   +-----------------+                              +-------------+
   |                 |                              | Measurement |
   |  Controller     |==============================|  Agent      |
   +-----------------+                              +-------------+
        
   +-----------------+                              +-------------+
   |                 |                              | Measurement |
   |  Controller     |==============================|  Agent      |
   +-----------------+                              +-------------+
        

Suppress: [(Measurement Task), -> (Measurement Schedule), (start time), (end time), (on-going suppressed?)]

抑制:[(测量任务),->(测量计划),(开始时间),(结束时间),(正在抑制?)]

Un-suppress ->

联合国禁止->

Figure 4: Outline of Suppression

图4:抑制轮廓

5.2.3. Capabilities, Failure, and Logging Information
5.2.3. 功能、故障和日志信息

The Control Protocol also enables the MA to inform the Controller about various information, such as its Capabilities and any Failures. Figure 5 outlines the process for Capabilities, Failure, and Logging Information. It is also possible to use a device-specific mechanism, which is beyond the scope of the initial LMAP work.

控制协议还使MA能够通知控制器各种信息,例如其能力和任何故障。图5概述了功能、故障和日志信息的流程。也可以使用特定于设备的机制,这超出了初始LMAP工作的范围。

Capabilities are information about the MA that the Controller needs to know in order to correctly instruct the MA, such as:

能力是控制器需要知道的有关MA的信息,以便正确指示MA,例如:

o the Measurement Method (roles) that the MA supports.

o MA支持的测量方法(角色)。

o the measurement protocol types and roles that the MA supports.

o MA支持的测量协议类型和角色。

o the interfaces that the MA has.

o MA拥有的接口。

o the version of the MA.

o MA的版本。

o the version of the hardware, firmware, or software of the device with the MA.

o 具有MA的设备的硬件、固件或软件版本。

o its Instruction (this could be useful if the Controller thinks something has gone wrong and wants to check what Instruction the MA is using).

o 它的指令(如果控制器认为出现了问题,并希望检查MA正在使用的指令,这可能很有用)。

o but not dynamic information like the currently unused CPU, memory, or battery life of the device with the MA.

o 但不包括动态信息,如当前未使用的CPU、内存或MA设备的电池寿命。

Failure Information concerns why the MA has been unable to execute a Measurement Task or deliver a Report, for example:

故障信息涉及MA无法执行测量任务或交付报告的原因,例如:

o the Measurement Task failed to run properly because the MA (unexpectedly) has no spare CPU cycles.

o 测量任务无法正常运行,因为MA(意外)没有备用CPU周期。

o the MA failed to record the Measurement Results because it (unexpectedly) is out of spare memory.

o MA未能记录测量结果,因为它(意外)的备用内存不足。

o a Report failed to deliver Measurement Results because the Collector (unexpectedly) is not responding.

o 报告无法传递测量结果,因为收集器(意外)没有响应。

o but not if a Measurement Task correctly doesn't start. For example, the first step of some Measurement Methods is for the MA to check that there is no cross-traffic.

o 但如果测量任务没有正确启动,则不会。例如,某些测量方法的第一步是让MA检查是否存在交叉流量。

Logging Information concerns how the MA is operating and may help debugging, for example:

记录信息涉及MA的运行方式,可能有助于调试,例如:

o the last time the MA ran a Measurement Task.

o 上次MA运行测量任务时。

o the last time the MA sent a Measurement Report.

o 上次MA发送测量报告时。

o the last time the MA received an Instruction Message.

o MA上次收到指令消息的时间。

o whether the MA is currently suppressing Measurement Tasks.

o MA当前是否正在抑制测量任务。

Capabilities, Failure, and Logging Information are sent by the MA, either in response to a request from the Controller (for example, if the Controller forgets what the MA can do or otherwise wants to resynchronise what it knows about the MA), or on its own initiative (for example, when the MA first communicates with a Controller or if it becomes capable of a new Measurement Method). Another example of the latter case is if the device with the MA re-boots, then the MA should notify its Controller in case its Instruction needs to be updated; to avoid a "mass calling event" after a widespread power restoration affecting many MAs, it is sensible for an MA to pause for a random delay, perhaps in the range of one minute or so.

能力、故障和日志信息由MA发送,或者响应控制器的请求(例如,如果控制器忘记MA可以做什么,或者希望重新同步其知道的MA信息),或者主动发送(例如,当MA第一次与控制器通信时,或者如果它能够使用新的测量方法)。后一种情况的另一个例子是,如果具有MA的设备重新引导,则MA应通知其控制器,以防其指令需要更新;以避免“大规模呼叫事件”在影响多个MA的广泛功率恢复后,MA暂停一个随机延迟是明智的,可能在一分钟左右的范围内。

   +-----------------+                                  +-------------+
   |                 |                                  | Measurement |
   |  Controller     |==================================|  Agent      |
   +-----------------+                                  +-------------+
        
   +-----------------+                                  +-------------+
   |                 |                                  | Measurement |
   |  Controller     |==================================|  Agent      |
   +-----------------+                                  +-------------+
        

(Request Capabilities), (Request Failure Information), (Request Logging Information), (Request Instruction) -> <- (Capabilities), (Failure Information), (Logging Information), (Instruction)

(请求能力),(请求失败信息),(请求日志记录信息),(请求指令)-><-(能力),(故障信息),(日志记录信息),(指令)

Figure 5: Outline of Capabilities, Failure, and Logging Information

图5:功能、故障和日志信息概述

5.3. Operation of Measurement Tasks
5.3. 测量任务的操作

This LMAP framework is neutral to what the actual Measurement Task is. It does not define Metrics and Measurement Methods; these are defined elsewhere.

该LMAP框架与实际测量任务无关。它没有定义度量和测量方法;这些都是在别处定义的。

The MA carries out the Measurement Tasks as instructed, unless it gets an updated Instruction. The MA acts autonomously, in terms of operation of the Measurement Tasks and reporting of the Results; it doesn't do a 'safety check' with the Controller to ask whether it should still continue with the requested Measurement Tasks.

MA按照指示执行测量任务,除非收到更新的指示。MA在测量任务操作和结果报告方面自主行动;它不会与控制器进行“安全检查”,以询问是否仍应继续执行请求的测量任务。

The MA may operate Measurement Tasks sequentially or in parallel (see Section 5.3.2).

MA可按顺序或并行方式操作测量任务(见第5.3.2节)。

5.3.1. Starting and Stopping Measurement Tasks
5.3.1. 启动和停止测量任务

This LMAP framework does not define a generic start and stop process, since the correct approach depends on the particular Measurement Task; the details are defined as part of each Measurement Method. This section provides some general hints. The MA does not inform the Controller about Measurement Tasks starting and stopping.

该LMAP框架没有定义通用的启动和停止过程,因为正确的方法取决于特定的测量任务;详细信息定义为每种测量方法的一部分。本节提供一些一般提示。MA不会通知控制器测量任务的启动和停止。

Before beginning a Measurement Task, the MA may want to run a pre-check. (The pre-check could be defined as a separate, preceding Task or as the first part of a larger Task.)

在开始测量任务之前,MA可能需要运行预检查。(预检查可以定义为一个单独的、在前的任务,也可以定义为更大任务的第一部分。)

For Measurement Tasks that observe existing traffic, action could include:

对于观察现有交通的测量任务,行动可包括:

o checking that there is traffic of interest.

o 检查是否存在感兴趣的流量。

o checking that the device with the MA has enough resources to execute the Measurement Task reliably. Note that the designer of the Measurement System should ensure that the device's resources are normally sufficient to comfortably operate the Measurement Tasks.

o 检查具有MA的设备是否有足够的资源可靠地执行测量任务。请注意,测量系统的设计者应确保设备的资源通常足以舒适地操作测量任务。

For Measurement Tasks that generate Measurement Traffic, a pre-check could include:

对于产生测量流量的测量任务,预检查可包括:

o the MA checking that there is no cross-traffic. In other words, a check that the end-user isn't already sending traffic.

o MA正在检查是否存在交叉交通。换句话说,检查最终用户是否尚未发送流量。

o the MA checking with the Measurement Peer (or other Measurement Agent) involved in the Measurement Task that it can handle a new Measurement Task. For example, the Measurement Peer may already be handling many Measurement Tasks with other MAs.

o MA向参与测量任务的测量对等方(或其他测量代理)检查其是否可以处理新的测量任务。例如,测量对等方可能已经在处理其他MAs的许多测量任务。

o sending traffic that probes the path to check it isn't overloaded.

o 发送探测路径以检查其是否过载的流量。

o checking that the device with the MA has enough resources to execute the Measurement Task reliably.

o 检查具有MA的设备是否有足够的资源可靠地执行测量任务。

Similar checks may continue during the Measurement Task, in particular for a Measurement Task that is long-running and/or creates a lot of Measurement Traffic. If, for example, the check detects that the end-user has started sending traffic, then the Measurement Task can be abandoned. A Measurement Task could also be abandoned in response to a "suppress" message (see Section 5.2.2.1). Action could include:

类似的检查可能会在测量任务期间继续进行,特别是对于长时间运行和/或创建大量测量流量的测量任务。例如,如果检查检测到最终用户已开始发送流量,则可以放弃测量任务。为了响应“抑制”消息,也可以放弃测量任务(见第5.2.2.1节)。行动可包括:

o for 'upload' tests, the MA not sending traffic.

o 对于“上传”测试,MA不发送流量。

o for 'download' tests, the MA closing the TCP connection or sending a TWAMP (Two-Way Active Measurement Protocol) Stop-Sessions command [RFC5357].

o 对于“下载”测试,MA关闭TCP连接或发送TWAMP(双向主动测量协议)停止会话命令[RFC5357]。

The Controller may want an MA to run the same Measurement Task indefinitely (for example, "run the 'upload speed' Measurement Task once an hour until further notice"). To prevent the MA continuously generating traffic after a Controller has permanently failed (or communications with the Controller have failed), the MA can be configured with a time limit; if the MA doesn't hear from the Controller for this length of time, then it stops operating Measurement Tasks.

控制器可能希望MA无限期地运行相同的测量任务(例如,“每小时运行一次‘上传速度’测量任务,直到另行通知”)。为了防止MA在控制器永久失效(或与控制器的通信失效)后持续产生业务,MA可以配置时间限制;如果MA在这段时间内没有收到来自控制器的信息,则会停止运行测量任务。

5.3.2. Overlapping Measurement Tasks
5.3.2. 重叠测量任务

An MA may start a new Measurement Task before another Measurement Task has completed. This may be intentional (the way that the Measurement System has designed the Measurement Schedules), but it could also be unintentional -- for instance, if a Measurement Task has a 'wait for X' step that pauses for an unexpectedly long time. This document makes no assumptions about the impact of one Measurement Task on another.

MA可以在另一个测量任务完成之前启动新的测量任务。这可能是有意的(测量系统设计测量时间表的方式),但也可能是无意的——例如,如果测量任务有一个“等待X”步骤,该步骤会意外地暂停很长时间。本文件不假设一项测量任务对另一项测量任务的影响。

The operator of the Measurement System can handle (or not) overlapping Measurement Tasks in any way they choose -- it is a policy or implementation issue and not the concern of LMAP. Some possible approaches are: to configure the MA to not begin the second Measurement Task; to start the second Measurement Task as usual; for the action to be an Input Parameter of the Measurement Task; and so on.

测量系统的操作员可以以他们选择的任何方式处理(或不处理)重叠的测量任务——这是一个政策或实施问题,而不是LMAP关心的问题。一些可能的方法是:将MA配置为不开始第二次测量任务;正常启动第二次测量任务;将动作作为测量任务的输入参数;等等

It may be important for the Measurement Report to include the fact that the Measurement Tasks overlapped.

测量报告应包括测量任务重叠的事实,这一点可能很重要。

5.4. Report Protocol
5.4. 报告协议

The primary purpose of the Report Protocol is to allow a Measurement Agent to report its Measurement Results to a Collector, along with the context in which they were obtained. Figure 6 outlines the Report process.

报告协议的主要目的是允许测量代理向收集器报告其测量结果,以及获得测量结果的上下文。图6概述了报告过程。

   +-----------------+                                  +-------------+
   |                 |                                  | Measurement |
   |   Collector     |==================================|  Agent      |
   +-----------------+                                  +-------------+
        
   +-----------------+                                  +-------------+
   |                 |                                  | Measurement |
   |   Collector     |==================================|  Agent      |
   +-----------------+                                  +-------------+
        
                                     <-    Report:
                                                  [MA-ID &/or Group-ID],
                                                   [Measurement Result],
                                          [details of Measurement Task],
                                                             (Cycle-ID)
   ACK                               ->
        
                                     <-    Report:
                                                  [MA-ID &/or Group-ID],
                                                   [Measurement Result],
                                          [details of Measurement Task],
                                                             (Cycle-ID)
   ACK                               ->
        

MA: Measurement Agent

MA:测量代理

Figure 6: Outline of the Report

图6:报告概要

The Report contains:

报告包括:

o the MA-ID or a Group-ID (to anonymise results).

o MA-ID或组ID(用于匿名结果)。

o the actual Measurement Results, including the time they were measured. In general, the time is simply the MA's best estimate and there is no guarantee on the accuracy or granularity of the information. It is possible that some specific analysis of a particular Measurement Method's Results will impose timing requirements.

o 实际测量结果,包括测量时间。一般来说,时间只是MA的最佳估计,无法保证信息的准确性或粒度。对特定测量方法结果的某些特定分析可能会施加时间要求。

o the details of the Measurement Task (to avoid the Collector having to ask the Controller for this information later), for example, the interface used for the measurements.

o 测量任务的详细信息(以避免采集器以后必须向控制器询问此信息),例如,用于测量的接口。

o the Cycle-ID, if one was included in the Instruction.

o 如果指令中包含循环ID,则为循环ID。

o perhaps the Subscriber's service parameters (see Section 5.4.1).

o 可能是用户的服务参数(见第5.4.1节)。

o the measurement point designation of the MA and, if applicable, the MP or other MA, if the information was included in the Instruction. This numbering system is defined in [RFC7398] and allows a Measurement Report to describe the path measured abstractly (for example, "from a measurement agent at a home gateway to a measurement peer at a DSLAM"). Also, the MA can anonymise results by including measurement point designations instead of IP addresses (Section 8.6.2).

o MA的测量点名称,以及MP或其他MA(如果适用)的测量点名称(如果说明中包含该信息)。该编号系统在[RFC7398]中定义,允许测量报告描述抽象测量的路径(例如,“从家庭网关的测量代理到DSLAM的测量对等点”)。此外,MA可以通过包括测量点名称而不是IP地址来匿名结果(第8.6.2节)。

The MA sends Reports as defined by the Instruction. The Instruction may tell the MA to report the same Results to more than one Collector, or to report a different subset of Results to different Collectors. Also, a Measurement Task may create two (or more) Measurement Results, which could be reported differently (for example, one Result could be reported periodically, whilst the second Result could be an alarm that is created as soon as the measured value of the Metric crosses a threshold and that is reported immediately).

MA发送指令定义的报告。该指令可以告诉MA向多个收集器报告相同的结果,或者向不同的收集器报告不同的结果子集。此外,测量任务可能会创建两个(或更多)测量结果,这些结果可能会以不同的方式报告(例如,一个结果可能会定期报告,而第二个结果可能是一个警报,当度量的测量值超过阈值时会立即创建并报告)。

Optionally, a Report is not sent when there are no Measurement Results.

(可选)如果没有测量结果,则不发送报告。

In the initial LMAP Information Model and Report Protocol, for simplicity we assume that all Measurement Results are reported as-is, but allow extensibility so that a Measurement System (or perhaps a second phase of LMAP) could allow an MA to:

在初始LMAP信息模型和报告协议中,为简单起见,我们假设所有测量结果都按原样报告,但允许扩展性,以便测量系统(或LMAP的第二阶段)可以允许MA:

o label, or perhaps not include, Measurement Results impacted by, for instance, cross-traffic or a Measurement Peer (or other Measurement Agent) being busy.

o 标记或可能不包括受交叉流量或测量对等方(或其他测量代理)繁忙等影响的测量结果。

o label Measurement Results obtained by a Measurement Task that overlapped with another.

o 标记由与另一测量任务重叠的测量任务获得的测量结果。

o not report the Measurement Results if the MA believes that they are invalid.

o 如果MA认为测量结果无效,则不报告测量结果。

o detail when Suppression started and ended.

o 抑制开始和结束时的详细信息。

As discussed in Section 6.1, data analysis of the Results should carefully consider potential bias from any Measurement Results that are not reported, or from Measurement Results that are reported but may be invalid.

如第6.1节中所讨论的,结果的数据分析应该仔细考虑未报告的任何测量结果的潜在偏差,或者从报告的结果可能无效的测量结果。

5.4.1. Reporting of the Subscriber's Service Parameters
5.4.1. 报告订阅服务器的服务参数

The Subscriber's service parameters are information about his/her broadband contract, line rate and so on. Such information is likely to be needed to help analyse the Measurement Results, for example to help decide whether the measured download speed is reasonable.

用户的服务参数是有关其宽带合同、线路速率等的信息。可能需要此类信息来帮助分析测量结果,例如帮助确定测量的下载速度是否合理。

The information could be transferred directly from the Subscriber parameter database to the data analysis tools. If the Subscriber's service parameters are available to the MAs, they could be reported with the Measurement Results in the Report Protocol. How (and if) the MA knows such information is likely to depend on the device type. The MA could either include the information in a Measurement Report or separately.

信息可以直接从订户参数数据库传输到数据分析工具。如果用户的服务参数可供MAs使用,则可以在报告协议中随测量结果一起报告这些参数。MA如何(以及是否)知道此类信息可能取决于设备类型。MA可以将信息包含在测量报告中,也可以单独包含。

5.5. Operation of LMAP over the Underlying Packet Transfer Mechanism
5.5. LMAP在底层数据包传输机制上的操作
   The above sections have described LMAP's protocol model.  Other
   specifications will define the actual Control and Report Protocols,
   possibly operating over an existing protocol, such as REST-style
   [REST] HTTP(S).  It is also possible that a different choice is made
   for the Control and Report Protocols, for example NETCONF-YANG
   [RFC6241] and IPFIX (Internet Protocol Flow Information Export)
   [RFC7011], respectively.
        
   The above sections have described LMAP's protocol model.  Other
   specifications will define the actual Control and Report Protocols,
   possibly operating over an existing protocol, such as REST-style
   [REST] HTTP(S).  It is also possible that a different choice is made
   for the Control and Report Protocols, for example NETCONF-YANG
   [RFC6241] and IPFIX (Internet Protocol Flow Information Export)
   [RFC7011], respectively.
        

From an LMAP perspective, the Controller needs to know that the MA has received the Instruction Message, or at least that it needs to be re-sent as it may have failed to be delivered. Similarly the MA needs to know about the delivery of Capabilities, Failure, and Logging Information to the Controller and Reports to the Collector. How this is done depends on the design of the Control and Report Protocols and the underlying packet transfer mechanism.

从LMAP的角度来看,控制器需要知道MA已经接收到指令消息,或者至少需要重新发送指令消息,因为它可能无法被发送。类似地,MA需要了解向控制器传递功能、故障和日志信息的情况,并向收集器报告。如何做到这一点取决于控制和报告协议的设计以及底层数据包传输机制。

For the Control Protocol, the underlying packet transfer mechanism could be:

对于控制协议,底层数据包传输机制可以是:

o a 'push' protocol (that is, from the Controller to the MA).

o “推送”协议(即从控制器到MA)。

o a multicast protocol (from the Controller to a group of MAs).

o 多播协议(从控制器到一组MAs)。

o a 'pull' protocol. The MA periodically checks with Controller if the Instruction has changed and pulls a new Instruction if necessary. A pull protocol seems attractive for an MA behind a NAT or firewall (as is typical for an MA on an end-user's device) so that it can initiate the communications. It also seems attractive for an MA on a mobile device, where the Controller might not know how to reach the MA. A pull mechanism is likely to require that the MA be configured with how frequently it should check in with the Controller, and perhaps what it should do if the Controller is unreachable after a certain number of attempts.

o “拉”协议。MA定期与控制器检查指令是否已更改,并在必要时提取新指令。对于NAT或防火墙后面的MA(终端用户设备上的MA的典型情况),pull协议似乎很有吸引力,因此它可以启动通信。这对于移动设备上的MA也很有吸引力,因为控制器可能不知道如何到达MA。拉机制可能要求MA配置其应与控制器签入的频率,以及如果在一定次数的尝试后无法访问控制器,它应该做什么。

o a hybrid protocol. In addition to a pull protocol, the Controller can also push an alert to the MA that it should immediately pull a new Instruction.

o 一种混合协议。除了拉取协议外,控制器还可以向MA发送警报,告知其应立即拉取新指令。

For the Report Protocol, the underlying packet transfer mechanism could be:

对于报告协议,底层数据包传输机制可以是:

o a 'push' protocol (that is, from the MA to the Collector)

o “推送”协议(即从MA到收集器)

o perhaps supplemented by the ability for the Collector to 'pull' Measurement Results from an MA.

o 也许还可以通过收集器从MA“提取”测量结果的能力来补充。

5.6. Items beyond the Scope of the Initial LMAP Work
5.6. 超出初始LMAP工作范围的项目

There are several potential interactions between LMAP elements that are beyond the scope of the initial LMAP work, which are as follows:

LMAP元素之间存在几个超出初始LMAP工作范围的潜在相互作用,如下所示:

1. It does not define a coordination process between MAs. Whilst a Measurement System may define coordinated Measurement Schedules across its various MAs, there is no direct coordination between MAs.

1. 它没有定义MAs之间的协调过程。虽然测量系统可以在其各个MAs之间定义协调的测量计划,但MAs之间没有直接的协调。

2. It does not define interactions between the Collector and Controller. It is quite likely that there will be such interactions, optionally intermediated by the data analysis tools. For example, if there is an "interesting" Measurement Result, then the Measurement System may want to trigger extra Measurement Tasks that explore the potential cause in more detail; or if the Collector unexpectedly does not hear from an MA, then the Measurement System may want to trigger the Controller to send a fresh Instruction Message to the MA.

2. 它不定义收集器和控制器之间的交互。很可能会有这样的交互,可以选择由数据分析工具进行中介。例如,如果有一个“有趣的”测量结果,那么测量系统可能希望触发额外的测量任务,以更详细地探索潜在原因;或者,如果收集器意外地没有听到MA的声音,则测量系统可能希望触发控制器向MA发送新的指令消息。

3. It does not define coordination between different Measurement Systems. For example, it does not define the interaction of an MA in one Measurement System with a Controller or Collector in a different Measurement System. Whilst it is likely that the Control and Report Protocols could be re-used or adapted for this scenario, any form of coordination between different organisations involves difficult commercial and technical issues and so, given the novelty of large-scale measurement efforts, any form of inter-organisation coordination is outside the scope of the initial LMAP work. Note that a single MA is instructed by a single Controller and is only in one Measurement System.

3. 它没有定义不同测量系统之间的协调。例如,它没有定义一个测量系统中的MA与另一个测量系统中的控制器或采集器之间的相互作用。虽然控制和报告协议可能会被重新使用或调整以适应这种情况,但不同组织之间的任何形式的协调都涉及到困难的商业和技术问题,因此,鉴于大规模测量工作的新颖性,任何形式的组织间协调均不在初始LMAP工作范围内。注意,单个MA由单个控制器指示,并且仅在一个测量系统中。

* An interesting scenario is where a home contains two independent MAs, for example one controlled by a regulator and one controlled by an ISP. Then the Measurement Traffic of one MA is treated by the other MA just like any other end-user traffic.

* 一个有趣的场景是,一个家庭包含两个独立的MAs,例如一个由调节器控制,一个由ISP控制。然后,一个MA的测量流量被另一个MA处理,就像其他终端用户流量一样。

4. It does not consider how to prevent a malicious party "gaming the system". For example, where a regulator is running a Measurement System in order to benchmark operators, a malicious operator could try to identify the broadband lines that the regulator was measuring and prioritise that traffic. It is assumed that this is a policy issue and would be dealt with through a code of conduct for instance.

4. 它不考虑如何防止恶意方“玩弄系统”。例如,当监管机构运行测量系统以对运营商进行基准测试时,恶意运营商可能试图识别监管机构正在测量的宽带线路,并对该流量进行优先级排序。假设这是一个政策问题,将通过行为守则等方式处理。

5. It does not define how to analyse Measurement Results, including how to interpret missing Results.

5. 它没有定义如何分析测量结果,包括如何解释缺失的结果。

6. It does not specifically define a end-user-controlled Measurement System, see Section 5.6.1.

6. 未明确定义最终用户控制的测量系统,见第5.6.1节。

5.6.1. End-User-Controlled Measurement System
5.6.1. 终端用户控制测量系统

This framework concentrates on the cases where an ISP or a regulator runs the Measurement System. However, we expect that LMAP functionality will also be used in the context of an end-user-controlled Measurement System. There are at least two ways this could happen (they have various pros and cons):

该框架集中于ISP或调节器运行测量系统的情况。然而,我们预计LMAP功能也将在最终用户控制的测量系统中使用。至少有两种方法可以实现这一点(它们有各种利弊):

1. an end-user could somehow request the ISP-run (or regulator-run) Measurement System to test his/her line. The ISP (or regulator) Controller would then send an Instruction to the MA in the usual LMAP way.

1. 最终用户可以要求ISP运行(或调节器运行)测量系统测试其线路。然后,ISP(或调节器)控制器将以通常的LMAP方式向MA发送指令。

2. an end-user could deploy their own Measurement System, with their own MA, Controller, and Collector. For example, the user could implement all three functions onto the same end-user-owned end device, perhaps by downloading the functions from the ISP or regulator. Then the LMAP Control and Report Protocols do not need to be used, but using LMAP's Information Model would still be beneficial. A Measurement Peer (or other MA involved in a Measurement Task) could be in the home gateway or outside the home network; in the latter case, the Measurement Peer is highly likely to be run by a different organisation, which raises extra privacy considerations.

2. 最终用户可以使用自己的MA、控制器和收集器部署自己的测量系统。例如,用户可以通过从ISP或调节器下载功能,在同一最终用户拥有的终端设备上实现所有三个功能。然后,不需要使用LMAP控制和报告协议,但是使用LMAP的信息模型仍然是有益的。测量对等方(或测量任务中涉及的其他MA)可以位于家庭网关中或家庭网络之外;在后一种情况下,测量对等方很可能由不同的组织运行,这会引起额外的隐私考虑。

In both cases, there will be some way for the end-user to initiate the Measurement Task(s). The mechanism is outside the scope of the initial LMAP work, but could include the user clicking a button on a GUI or sending a text message. Presumably the user will also be able to see the Measurement Results, perhaps summarised on a webpage. It is suggested that these interfaces conform to the LMAP guidance on privacy in Section 8.

在这两种情况下,最终用户都可以通过某种方式启动测量任务。该机制不在最初的LMAP工作范围内,但可能包括用户单击GUI上的按钮或发送文本消息。据推测,用户还可以看到测量结果,可能会在网页上进行总结。建议这些接口符合第8节中关于隐私的LMAP指南。

6. Deployment Considerations
6. 部署注意事项
6.1. Controller and the Measurement System
6.1. 控制器与测量系统

The Controller should understand both the MA's LMAP Capabilities (for example, what Metrics and Measurement Methods it can perform) and the MA's other capabilities like processing power and memory. This allows the Controller to ensure that the Measurement Schedule of Measurement Tasks and the Reporting Schedule are sensible for each MA that it instructs.

控制器应了解MA的LMAP能力(例如,它可以执行哪些度量和测量方法)以及MA的其他能力,如处理能力和内存。这允许控制器确保测量任务的测量计划和报告计划对于其指示的每个MA都是合理的。

An Instruction is likely to include several Measurement Tasks. Typically these run at different times, but it is also possible for them to run at the same time. Some Tasks may be compatible in that they do not affect each other's Results, whilst with others great care would need to be taken. Some Tasks may be complementary. For example, one Task may be followed by a traceroute Task to the same destination address, in order to learn the network path that was measured.

一个指令可能包括几个测量任务。通常,它们在不同的时间运行,但也可能同时运行。有些任务可能是兼容的,因为它们不会影响彼此的结果,而对于其他任务,则需要非常小心。有些任务可能是互补的。例如,一个任务之后可能会有一个到同一目标地址的跟踪路由任务,以便了解测量的网络路径。

The Controller should ensure that the Measurement Tasks do not have an adverse effect on the end user. Tasks, especially those that generate a substantial amount of Measurement Traffic, will often include a pre-check that the user isn't already sending traffic (Section 5.3.1). Another consideration is whether Measurement Traffic will impact a Subscriber's bill or traffic cap.

控制员应确保测量任务不会对最终用户产生不利影响。任务,特别是那些产生大量测量流量的任务,通常包括预先检查用户是否已经发送流量(第5.3.1节)。另一个考虑因素是,测量流量是否会影响用户的账单或流量上限。

A Measurement System may have multiple Controllers (but note the overriding principle that a single MA be instructed by a single Controller at any point in time (Section 4.2)). For example, there could be different Controllers for different types of MA (for example, home gateways, tablets) or locations (for example, Ipswich, Edinburgh, Paris), for load balancing or to cope with failure of one Controller.

一个测量系统可能有多个控制器(但请注意,最重要的原则是单个控制器在任何时间点指示单个MA(第4.2节))。例如,对于不同类型的MA(例如,家庭网关、平板电脑)或位置(例如,伊普斯维奇、爱丁堡、巴黎),可以有不同的控制器,用于负载平衡或处理一个控制器的故障。

The measurement system also needs to consider carefully how to interpret missing Results. The correct interpretation depends on why the Results are missing (perhaps related to measurement Suppression or delayed Report submission) and potentially on the specifics of the Measurement Task and Measurement Schedule. For example, an Observed Traffic Flow may be empty, but the Measurement Report may still be sent according to the Report Schedule.

测量系统还需要仔细考虑如何解释缺失的结果。正确的解释取决于结果缺失的原因(可能与测量抑制或延迟报告提交有关),也可能取决于测量任务和测量时间表的具体情况。例如,观察到的交通流可能是空的,但是测量报告仍然可以根据报告时间表发送。

6.2. Measurement Agent
6.2. 测量代理

The MA should be cautious about resuming Measurement Tasks if it reboots or has been offline for some time, as its Instruction may be stale. In the former case, it also needs to ensure that its clock has reset correctly, so that it interprets the Schedule correctly.

MA在重新启动或离线一段时间后,应谨慎恢复测量任务,因为其指令可能已过时。在前一种情况下,它还需要确保其时钟已正确重置,以便正确解释时间表。

If the MA runs out of storage space for Measurement Results or can't contact the Controller, then the appropriate action is specific to the device and Measurement System.

如果MA的测量结果存储空间不足或无法联系控制器,则应针对设备和测量系统采取适当的措施。

The Measurement Agent could take a number of forms. For example, an MA could be a dedicated probe or software on a PC; it could also be embedded into an appliance or even embedded into a gateway. A single site (for example, home, branch office, etc.) that is participating in a measurement could make use of one or multiple Measurement Agents or Measurement Peers in a single measurement.

测量代理可以采取多种形式。例如,MA可以是PC上的专用探针或软件;它还可以嵌入到设备中,甚至可以嵌入到网关中。参与测量的单个站点(例如,总部、分支机构等)可以在单个测量中使用一个或多个测量代理或测量对等点。

The Measurement Agent could be deployed in a variety of locations. Not all deployment locations are available to every kind of Measurement Agent. There are also a variety of limitations and trade-offs depending on the final placement. The next sections outline some of the locations a Measurement Agent may be deployed. This is not an exhaustive list and combinations may also apply.

测量代理可以部署在各种位置。并非所有部署位置都可用于每种度量代理。根据最终位置,还存在各种限制和权衡。下一节概述了可能部署测量代理的一些位置。这不是一个详尽的列表,组合也可能适用。

6.2.1. Measurement Agent on a Networked Device
6.2.1. 网络设备上的测量代理

An MA may be embedded on a device that is directly connected to the network, such as an MA on a smartphone. Other examples include an MA downloaded and installed on a subscriber's laptop computer or tablet when the network service is provided on wired or other wireless radio technologies, such as Wi-Fi.

MA可以嵌入到直接连接到网络的设备上,例如智能手机上的MA。其他示例包括在有线或其他无线无线电技术(如Wi-Fi)上提供网络服务时下载并安装在订户的笔记本电脑或平板电脑上的MA。

6.2.2. Measurement Agent Embedded in a Site Gateway
6.2.2. 嵌入在站点网关中的测量代理

One of the better places the Measurement Agent could be deployed is embedded within the site gateway (for example, a home router or the edge router of a branch office in a managed service environment). All site-to-ISP traffic would traverse through the gateway. So, Measurement Methods that measure user traffic could easily be performed. Similarly, due to this user traffic visibility, a Measurement Method that generates Measurement Traffic could ensure it does not compete with user traffic. Generally NAT and firewall services are built into the gateway, allowing the Measurement Agent the option to offer its Controller-facing management interface outside of the NAT/firewall. This placement of the management interface allows the Controller to unilaterally contact the Measurement Agent with Instructions. However, a Measurement Agent on a site gateway (whether end-user or service-provider owned) will generally not be directly available for over-the-top providers, the regulator, end users, or enterprises.

测量代理可以部署的较好位置之一是嵌入在站点网关中(例如,托管服务环境中的家庭路由器或分支办公室的边缘路由器)。所有站点到ISP的流量都将通过网关。因此,可以很容易地执行测量用户流量的测量方法。类似地,由于这种用户流量可见性,生成测量流量的测量方法可以确保它不会与用户流量竞争。通常,NAT和防火墙服务内置于网关中,允许测量代理选择在NAT/防火墙之外提供其面向控制器的管理接口。管理界面的这种布置允许控制器单方面联系测量代理,并给出指示。但是,站点网关上的测量代理(无论是最终用户还是服务提供商所有)通常不会直接用于顶级提供商、监管机构、最终用户或企业。

6.2.3. Measurement Agent Embedded behind a Site NAT or Firewall
6.2.3. 嵌入在站点NAT或防火墙后面的测量代理

The Measurement Agent could also be embedded behind a NAT, a firewall, or both. In this case, the Controller may not be able to unilaterally contact the Measurement Agent unless either static port forwarding or firewall pin holing is configured. Configuring port forwarding could use protocols such as the Port Control Protocol [RFC6887], the CPE WAN Management Protocol [TR-069], or Universal Plug and Play [UPnP]. To open a pin hole in the firewall, the Measurement Agent could send keepalives towards the Controller (and perhaps use these also as a network reachability test).

测量代理也可以嵌入NAT、防火墙或两者的后面。在这种情况下,除非配置了静态端口转发或防火墙pin孔,否则控制器可能无法单方面联系测量代理。配置端口转发可以使用端口控制协议[RFC6887]、CPE WAN管理协议[TR-069]或通用即插即用[UPnP]等协议。为了在防火墙上打开一个针孔,测量代理可以向控制器发送keepalives(也许还可以将其用作网络可达性测试)。

6.2.4. Multihomed Measurement Agent
6.2.4. 多宿主测量代理

If the device with the Measurement Agent is single homed, then there is no confusion about what interface to measure. Similarly, if the MA is at the gateway and the gateway only has a single WAN-side and a single LAN-side interface, there is little confusion -- for Measurement Methods that generate Measurement Traffic, the location of the other MA or Measurement Peer determines whether the WAN or LAN is measured.

如果带有测量代理的设备是单宿设备,那么就不会混淆要测量的接口。类似地,如果MA位于网关,并且网关只有一个WAN端和一个LAN端接口,那么就不会有什么混淆——对于生成测量流量的测量方法,另一个MA或测量对等方的位置决定是否测量WAN或LAN。

However, the device with the Measurement Agent may be multihomed. For example, a home or campus may be connected to multiple broadband ISPs, such as a wired and wireless broadband provider, perhaps for redundancy or load sharing. It may also be helpful to think of dual stack IPv4 and IPv6 broadband devices as multihomed. More generally, Section 3.2 of [RFC7368] describes dual-stack and multihoming topologies that might be encountered in a home network, [RFC6419]

但是,带有测量代理的设备可能是多址的。例如,家庭或校园可以连接到多个宽带isp,例如有线和无线宽带提供商,可能是为了冗余或负载共享。将双栈IPv4和IPv6宽带设备视为多址设备也可能会有所帮助。更一般而言,[RFC7368]的第3.2节描述了家庭网络[RFC6419]中可能遇到的双栈和多宿拓扑

provides the current practices of multi-interfaces hosts, and the Multiple Interfaces (mif) working group covers cases where hosts are either directly attached (for example, physical or virtual) or indirectly (for example, multiple default routers, etc.) to multiple networks. In these cases, there needs to be clarity on which network connectivity option is being measured.

提供多接口主机的当前实践,多接口(mif)工作组涵盖主机直接连接(例如,物理或虚拟)或间接连接(例如,多个默认路由器等)到多个网络的情况。在这些情况下,需要明确衡量哪种网络连接选项。

One possibility is to have a Measurement Agent per interface. Then the Controller's choice of MA determines which interface is measured. However, if an MA can measure any of the interfaces, then the Controller defines in the Instruction which interface the MA should use for a Measurement Task. If the choice of interface is not defined, then the MA uses the default one. Explicit definition is preferred if the Measurement System wants to measure the performance of a particular network, whereas using the default is better if the Measurement System wants to include the impact of the MA's interface selection algorithm. In any case, the Measurement Result should include the network that was measured.

一种可能性是每个接口都有一个测量代理。然后,控制器对MA的选择决定了测量哪个接口。但是,如果MA可以测量任何接口,则控制器在指令中定义MA应用于测量任务的接口。如果未定义接口选择,则MA使用默认接口。如果测量系统想要测量特定网络的性能,则首选显式定义,而如果测量系统想要包括MA接口选择算法的影响,则使用默认定义更好。在任何情况下,测量结果应包括被测量的网络。

6.2.5. Measurement Agent Embedded in an ISP Network
6.2.5. ISP网络中的测量代理

An MA may be embedded on a device that is part of an ISP's network, such as a router or switch. Usually the network devices with an embedded MA will be strategically located, such as a Carrier-Grade NAT or ISP Gateway. [RFC7398] gives many examples where an MA might be located within a network to provide an intermediate measurement point on the end-to-end path. Other examples include a network device whose primary role is to host MA functions and the necessary measurement protocol.

MA可以嵌入在作为ISP网络一部分的设备上,如路由器或交换机。通常,具有嵌入式MA的网络设备将位于战略位置,如运营商级NAT或ISP网关。[RFC7398]给出了许多示例,其中MA可能位于网络内,以在端到端路径上提供中间测量点。其他示例包括网络设备,其主要作用是承载MA功能和必要的测量协议。

6.3. Measurement Peer
6.3. 测量同行

A Measurement Peer participates in some Measurement Methods. It may have specific functionality to enable it to participate in a particular Measurement Method. On the other hand, other Measurement Methods may require no special functionality. For example, if the Measurement Agent sends a ping to example.com, then the server at example.com plays the role of a Measurement Peer; or if the MA monitors existing traffic, then the existing end points are Measurement Peers.

测量同伴参与一些测量方法。它可能具有特定的功能,使其能够参与特定的测量方法。另一方面,其他测量方法可能不需要特殊功能。例如,如果测量代理向example.com发送ping,那么example.com上的服务器将扮演测量对等方的角色;或者,如果MA监控现有流量,则现有端点是测量对等点。

A device may participate in some Measurement Methods as a Measurement Agent and in others as a Measurement Peer.

设备可以作为测量代理参与某些测量方法,也可以作为测量对等方参与其他测量方法。

Measurement Schedules should account for limited resources in a Measurement Peer when instructing an MA to execute measurements with a Measurement Peer. In some measurement protocols, such as [RFC4656] and [RFC5357], the Measurement Peer can reject a measurement session

当指示MA与测量对等执行测量时,测量计划应考虑测量对等中的有限资源。在某些测量协议中,例如[RFC4656]和[RFC5357],测量对等方可以拒绝测量会话

or refuse a control connection prior to setting up a measurement session and so protect itself from resource exhaustion. This is a valuable capability because the MP may be used by more than one organisation.

或者在建立度量会话之前拒绝控制连接,从而保护自身不受资源耗尽的影响。这是一项有价值的能力,因为MP可由多个组织使用。

6.4. Deployment Examples
6.4. 部署示例

In this section, we describe some deployment scenarios that are feasible within the LMAP framework defined in this document.

在本节中,我们将描述一些在本文定义的LMAP框架内可行的部署场景。

A very simple example of a Measurement Peer (MP) is a web server from which the MA downloads a web page (such as www.example.com) in order to perform a speed test. The web server is an MP and from its perspective the MA is just another client; the MP doesn't have a specific function for assisting measurements. This is described in Figure 7.

测量对等机(MP)的一个非常简单的示例是一个web服务器,MA从该服务器下载一个网页(如www.example.com),以便执行速度测试。web服务器是一个MP,从它的角度来看,MA只是另一个客户端;MP没有用于辅助测量的特定功能。图7对此进行了描述。

                                                              ^
      +------------------+  web traffic +----------------+ non-LMAP
      |     web client   |<------------>|   web server   |  Scope
      |                  |              +----------------+    |
   ...|..................|....................................V...
      |MA:LMAP interface |                     <MP>           ^
      +------------------+                                    |
               ^     |                                        |
   Instruction |     |  Report                                |
               |     +-----------------+                      |
               |                       |                      |
               |                       v                     LMAP
         +------------+         +------------+               Scope
         | Controller |         |  Collector |                |
         +------------+         +------------+                V
        
                                                              ^
      +------------------+  web traffic +----------------+ non-LMAP
      |     web client   |<------------>|   web server   |  Scope
      |                  |              +----------------+    |
   ...|..................|....................................V...
      |MA:LMAP interface |                     <MP>           ^
      +------------------+                                    |
               ^     |                                        |
   Instruction |     |  Report                                |
               |     +-----------------+                      |
               |                       |                      |
               |                       v                     LMAP
         +------------+         +------------+               Scope
         | Controller |         |  Collector |                |
         +------------+         +------------+                V
        

MA: Measurement Agent MP: Measurement Peer

MA:测量代理MP:测量对等方

Figure 7: LMAP deployment example, with Web server as Measurement Peer

图7:LMAP部署示例,使用Web服务器作为测量对等点

Another example of an MP is a TWAMP Server and TWAMP Session-Reflector. This form of MP is deployed to assist the MAs that perform TWAMP tests, where the MA is co-located with the TWAMP Control-Client and Session-Sender. Another example, which was described in Section 2, has a ping server as the Measurement Peer.

MP的另一个示例是TWAMP服务器和TWAMP会话反射器。部署这种形式的MP是为了协助执行TWAMP测试的MA,其中MA与TWAMP控制客户端和会话发送方位于同一位置。第2节中描述的另一个示例将ping服务器作为测量对等点。

A further example is the case of a traceroute-like measurement. In this case, for each packet sent, the router where the TTL expires is performing the MP function. So for a given Measurement Task, there is one MA involved and several MPs, one per hop.

另一个例子是类似示踪路线的测量。在这种情况下,对于发送的每个数据包,TTL过期的路由器正在执行MP功能。因此,对于给定的测量任务,涉及一个MA和几个MPs,每跳一个。

In Figure 8, we depict the case of an OWAMP (One-Way Active Measurement Protocol) Server and Session-Receiver acting as an MP. In this case, the OWAMP Server conveys results back to the OWAMP Fetch-Client, thus the MP conducts both control-plane and data-plane communications with its OWAMP counterparts co-located with the MA.

在图8中,我们描述了OWAMP(单向主动测量协议)服务器和会话接收器作为MP的情况。在这种情况下,OWAMP服务器将结果传回OWAMP Fetch客户端,因此MP与其与MA位于同一位置的OWAMP对应方进行控制平面和数据平面通信。

      +------------------+    OWAMP     +-----------------+    ^
      | OWAMP            |<--control--->|                 |    |
      | control-client   |-test-traffic>| OWAMP server &  | non-LMAP
      | fetch-client &   |<----fetch----| session-receiver|  Scope
      | session-sender   |              |                 |    |
      |                  |              +-----------------+    |
   ...|..................|.....................................v...
      |MA:LMAP interface |                    <MP>             ^
      +------------------+                                     |
               ^     |                                         |
   Instruction |     |  Report                                 |
               |     +-----------------+                       |
               |                       |                       |
               |                       v                     LMAP
         +------------+         +------------+               Scope
         | Controller |         |  Collector |                 |
         +------------+         +------------+                 v
        
      +------------------+    OWAMP     +-----------------+    ^
      | OWAMP            |<--control--->|                 |    |
      | control-client   |-test-traffic>| OWAMP server &  | non-LMAP
      | fetch-client &   |<----fetch----| session-receiver|  Scope
      | session-sender   |              |                 |    |
      |                  |              +-----------------+    |
   ...|..................|.....................................v...
      |MA:LMAP interface |                    <MP>             ^
      +------------------+                                     |
               ^     |                                         |
   Instruction |     |  Report                                 |
               |     +-----------------+                       |
               |                       |                       |
               |                       v                     LMAP
         +------------+         +------------+               Scope
         | Controller |         |  Collector |                 |
         +------------+         +------------+                 v
        

MA: Measurement Agent MP: Measurement Peer

MA:测量代理MP:测量对等方

Figure 8: LMAP deployment example, with OWAMP server as Measurement Peer

图8:LMAP部署示例,使用OWAMP服务器作为测量对等点

However, it is also possible to use two Measurement Agents when performing one-way Measurement Tasks, as described in Figure 9. Both MAs are instructed by the Controller: MA-1 to send the traffic and MA-2 to measure the received traffic and send Reports to the Collector. Note that the Measurement Task at MA-2 can listen for traffic from MA-1 and respond multiple times without having to be rescheduled.

但是,在执行单向测量任务时,也可以使用两个测量代理,如图9所示。控制器指示两个MA:MA-1发送流量,MA-2测量接收到的流量并向收集器发送报告。请注意,MA-2处的测量任务可以侦听来自MA-1的流量并多次响应,而无需重新调度。

      +----------------+              +-------------------+    ^
      |                |              |                   | non-LMAP
      | iperf -u sender|-UDP traffic->| iperf -u receiver |  Scope
      |                |              |                   |    v
   ...|................|..............|...................|........
      |  MA-1:         |              |  MA-2:            |    ^
      | LMAP interface |              | LMAP interface    |    |
      +----------------+              +-------------------+    |
               ^                        ^   |                  |
   Instruction |    Instruction{Report} |   | Report           |
   {Task,      |    +-------------------+   |                  |
    Schedule}  |    |                       |                  |
               |    |                       v                 LMAP
          +------------+             +------------+          Scope
          | Controller |             |  Collector |            |
          +------------+             +------------+            v
        
      +----------------+              +-------------------+    ^
      |                |              |                   | non-LMAP
      | iperf -u sender|-UDP traffic->| iperf -u receiver |  Scope
      |                |              |                   |    v
   ...|................|..............|...................|........
      |  MA-1:         |              |  MA-2:            |    ^
      | LMAP interface |              | LMAP interface    |    |
      +----------------+              +-------------------+    |
               ^                        ^   |                  |
   Instruction |    Instruction{Report} |   | Report           |
   {Task,      |    +-------------------+   |                  |
    Schedule}  |    |                       |                  |
               |    |                       v                 LMAP
          +------------+             +------------+          Scope
          | Controller |             |  Collector |            |
          +------------+             +------------+            v
        

MA: Measurement Agent

MA:测量代理

Figure 9: Schematic of LMAP-based Measurement System, with two Measurement Agents cooperating to measure UDP traffic

图9:基于LMAP的测量系统示意图,两个测量代理协作测量UDP流量

Next, we consider Measurement Methods that meter the Observed Traffic Flow. Traffic generated in one point in the network is flowing towards a given destination and the traffic is observed in some point along the path. One way to implement this is that the endpoints generating and receiving the traffic are not instructed by the Controller; hence they are MPs. The MA is located along the path with a monitor function that measures the traffic. The MA is instructed by the Controller to monitor that particular traffic and to send the Report to the Collector. It is depicted in Figure 10.

接下来,我们考虑测量观测流量的测量方法。在网络中的一个点上生成的流量流向给定的目的地,并且在路径上的某个点上观察到流量。实现这一点的一种方法是,生成和接收通信量的端点不受控制器的指示;因此他们是议员。MA位于路径沿线,具有测量流量的监控功能。控制器指示MA监控特定流量,并将报告发送给收集器。如图10所示。

   +--------+   +------------------+            +--------+      ^
   |End user|   |      monitor     | Observed   |End user|      |
   |        |<--|------------------|--Traffic-->|        |  non-LMAP
   |        |   |                  |   Flow     |        |    Scope
   +--------+   |                  |            +--------+      |
    ............|..................|............................v..
      <MP>      |MA:LMAP interface |               <MP>         ^
                +------------------+                            |
                        ^     |                                 |
            Instruction |     |  Report                         |
                        |     +-----------------+               |
                        |                       |               |
                        |                       v              LMAP
                  +------------+         +------------+        Scope
                  | Controller |         |  Collector |         |
                  +------------+         +------------+         v
        
   +--------+   +------------------+            +--------+      ^
   |End user|   |      monitor     | Observed   |End user|      |
   |        |<--|------------------|--Traffic-->|        |  non-LMAP
   |        |   |                  |   Flow     |        |    Scope
   +--------+   |                  |            +--------+      |
    ............|..................|............................v..
      <MP>      |MA:LMAP interface |               <MP>         ^
                +------------------+                            |
                        ^     |                                 |
            Instruction |     |  Report                         |
                        |     +-----------------+               |
                        |                       |               |
                        |                       v              LMAP
                  +------------+         +------------+        Scope
                  | Controller |         |  Collector |         |
                  +------------+         +------------+         v
        

MA: Measurement Agent MP: Measurement Peer

MA:测量代理MP:测量对等方

Figure 10: LMAP deployment example, with a Measurement Agent monitoring traffic

图10:LMAP部署示例,带有监测流量的测量代理

7. Security Considerations
7. 安全考虑

The security of the LMAP framework should protect the interests of the measurement operator(s), the network user(s), and other actors who could be impacted by a compromised measurement deployment. The Measurement System must secure the various components of the system from unauthorised access or corruption. Much of the general advice contained in Section 6 of [RFC4656] is applicable here.

LMAP框架的安全性应保护测量操作员、网络用户和其他可能受到受损测量部署影响的参与者的利益。测量系统必须确保系统的各个组件不受未经授权的访问或损坏。[RFC4656]第6节中的大部分一般建议适用于此处。

The process to upgrade the firmware in an MA is outside the scope of the initial LMAP work, just as is the protocol to Bootstrap the MAs. However, systems that provide remote upgrades must secure authorised access and integrity of the process.

升级MA中固件的过程不在初始LMAP工作的范围内,就像引导MAs的协议一样。但是,提供远程升级的系统必须确保授权访问和过程的完整性。

We assume that each Measurement Agent (MA) will receive its Instructions from a single organisation, which operates the Controller. These Instructions must be authenticated (to ensure that they come from the trusted Controller), checked for integrity (to ensure no one has tampered with them), and not vulnerable to replay attacks. If a malicious party can gain control of the MA, they can use it to launch denial-of-service (DoS) attacks at targets, create a platform for pervasive monitoring [RFC7258], reduce the end-user's quality of experience, and corrupt the Measurement Results that are reported to the Collector. By altering the Measurement Tasks and/or the address that Results are reported to, they can also compromise

我们假设每个测量代理(MA)将从一个单独的组织接收其指令,该组织负责操作控制器。这些指令必须经过身份验证(以确保它们来自受信任的控制器),检查完整性(以确保没有人篡改它们),并且不易受到重播攻击。如果恶意方能够获得MA的控制权,他们就可以利用它对目标发起拒绝服务(DoS)攻击,创建普及监控平台[RFC7258],降低最终用户的体验质量,并破坏报告给收集器的测量结果。通过改变测量任务和/或向其报告结果的地址,它们也可能会造成损害

the confidentiality of the network user and the MA environment (such as information about the location of devices or their traffic). The Instruction Messages also need to be encrypted to maintain confidentiality, as the information might be useful to an attacker.

网络用户和MA环境的机密性(例如关于设备位置或其流量的信息)。指令消息还需要加密以保持机密性,因为这些信息可能对攻击者有用。

Reporting by the MA must be encrypted to maintain confidentiality, so that only the authorised Collector can decrypt the results to prevent the leakage of confidential or private information. Reporting must also be authenticated (to ensure that it comes from a trusted MA and that the MA reports to a genuine Collector) and not vulnerable to tampering (which can be ensured through integrity and replay checks). It must not be possible to fool an MA into injecting falsified data and the results must also be held and processed securely after collection and analysis. See Section 8.5.2 for additional considerations on stored data compromise, and Section 8.6 on potential mitigations for compromise.

金融管理专员的报告必须加密以保持机密性,以便只有授权催收员才能解密结果,以防止机密或私人信息泄露。报告还必须经过身份验证(以确保它来自受信任的MA,并且MA向真正的收集器报告),并且不易被篡改(可以通过完整性和重播检查来确保)。不可能欺骗金融管理专员注入伪造数据,而且在收集和分析后,还必须安全地保存和处理结果。有关存储数据泄露的其他注意事项,请参见第8.5.2节,关于泄露的潜在缓解措施,请参见第8.6节。

Since Collectors will be contacted repeatedly by MAs using the Report Protocol to convey their recent results, a successful attack to exhaust the communication resources would prevent a critical operation: reporting. Therefore, all LMAP Collectors should implement technical mechanisms to:

由于MAs将使用报告协议反复联系收集器,以传达其最近的结果,因此成功攻击以耗尽通信资源将阻止关键操作:报告。因此,所有LMAP收集器应实施技术机制,以:

o limit the number of reporting connections from a single MA (simultaneous and established in some time period).

o 限制来自单个MA的报告连接数(同时并在某个时间段内建立)。

o limit the transmission rate from a single MA.

o 限制单个MA的传输速率。

o limit the memory/storage consumed by a single MA's reports.

o 限制单个MA报告所消耗的内存/存储。

o efficiently reject reporting connections from unknown sources.

o 有效地拒绝来自未知来源的报告连接。

o separate resources if multiple authentication strengths are used, where the resources should be separated according to each class of strength.

o 如果使用了多个身份验证强度,则应使用单独的资源,其中应根据每个强度类别将资源分开。

A corrupted MA could report falsified information to the Collector. Whether this can be effectively mitigated depends on the platform on which the MA is deployed. However, where the MA is deployed on a customer-controlled device, then the reported data is to some degree inherently untrustworthy. Further, a sophisticated party could distort some Measurement Methods, perhaps by dropping or delaying packets for example. This suggests that the network operator should be cautious about relying on Measurement Results for action such as refunding fees if a service level agreement is not met.

损坏的MA可能会向催收员报告伪造的信息。这是否可以有效缓解取决于部署MA的平台。然而,如果MA部署在客户控制的设备上,那么报告的数据在某种程度上本质上是不可信的。此外,复杂的一方可能会扭曲某些测量方法,例如丢弃或延迟数据包。这表明,网络运营商应谨慎,不要依赖测量结果采取行动,例如,如果不符合服务水平协议,则退还费用。

As part of the protocol design, it will be decided how LMAP operates over the underlying protocol (Section 5.5). The choice raises

作为协议设计的一部分,将决定LMAP如何在基础协议上运行(第5.5节)。这一选择引起了争议

various security issues, such as how to operate through a NAT and how to protect the Controller and Collector from DoS attacks.

各种安全问题,例如如何通过NAT操作以及如何保护控制器和收集器免受DoS攻击。

The security mechanisms described above may not be strictly necessary if the network's design ensures the LMAP components and their communications are already secured, for example potentially if they are all part of an ISP's dedicated management network.

如果网络的设计确保LMAP组件及其通信已经安全,例如如果它们都是ISP的专用管理网络的一部分,则上述安全机制可能不是严格必要的。

Finally, there are three other issues related to security: privacy (considered in Section 8), availability, and "gaming the system". While the loss of some MAs may not be considered critical, the unavailability of the Collector could mean that valuable business data or data critical to a regulatory process is lost. Similarly, the unavailability of a Controller could mean that the MAs do not operate a correct Measurement Schedule.

最后,还有三个与安全相关的其他问题:隐私(在第8节中考虑)、可用性和“游戏系统”。虽然某些MAs的丢失可能并不重要,但收集器的不可用可能意味着有价值的业务数据或对监管流程至关重要的数据丢失。类似地,控制器不可用可能意味着MAs无法运行正确的测量计划。

A malicious party could "game the system". For example, where a regulator is running a Measurement System in order to benchmark operators, an operator could try to identify the broadband lines that the regulator was measuring and prioritise that traffic. Normally, this potential issue is handled by a code of conduct. It is outside the scope of the initial LMAP work to consider the issue.

恶意的一方可能“操纵系统”。例如,当监管机构运行测量系统以对运营商进行基准测试时,运营商可以尝试识别监管机构正在测量的宽带线路,并对该流量进行优先级排序。通常,这一潜在问题由行为准则处理。这是对LMAP工作以外的范围进行初步考虑的问题。

8. Privacy Considerations
8. 隐私考虑

The LMAP work considers privacy a core requirement and will ensure that by default the Control and Report Protocols operate in a privacy-sensitive manner and that privacy features are well defined.

LMAP工作将隐私视为一项核心要求,并将确保默认情况下,控制和报告协议以隐私敏感的方式运行,且隐私功能定义良好。

This section provides a set of privacy considerations for LMAP. This section benefits greatly from the publication of [RFC6973]. Privacy and security (Section 7) are related. In some jurisdictions, privacy is called data protection.

本节提供了LMAP的一组隐私注意事项。本节从[RFC6973]的出版中获益匪浅。隐私和安全(第7节)是相关的。在某些司法管辖区,隐私被称为数据保护。

We begin with a set of assumptions related to protecting the sensitive information of individuals and organisations participating in LMAP-orchestrated measurement and data collection.

我们从一组与保护参与LMAP协调测量和数据收集的个人和组织的敏感信息相关的假设开始。

8.1. Categories of Entities with Information of Interest
8.1. 具有相关信息的实体类别

LMAP protocols need to protect the sensitive information of the following entities, including individuals and organisations who participate in measurement and collection of results.

LMAP协议需要保护以下实体的敏感信息,包括参与测量和结果收集的个人和组织。

o Individual Internet users: Persons who utilise Internet access services for communications tasks, according to the terms of service of a service agreement. Such persons may be a service

o 个人互联网用户:根据服务协议的服务条款,将互联网接入服务用于通信任务的人员。这些人可能是一种服务

Subscriber, or have been given permission by the Subscriber to use the service.

订阅服务器,或已被订阅服务器授予使用该服务的权限。

o Internet service providers: Organisations that offer Internet access service subscriptions, and thus have access to sensitive information of individuals who choose to use the service. These organisations desire to protect their Subscribers and their own sensitive information, which may be stored in the process of performing Measurement Tasks and collecting Results.

o 互联网服务提供商:提供互联网接入服务订阅的组织,因此可以访问选择使用该服务的个人的敏感信息。这些组织希望保护他们的订户和他们自己的敏感信息,这些信息可能存储在执行测量任务和收集结果的过程中。

o Regulators: Public authorities responsible for exercising supervision of the electronic communications sector, and which may have access to sensitive information of individuals who participate in a measurement campaign. Similarly, regulators desire to protect the participants and their own sensitive information.

o 监管机构:负责对电子通信行业实施监管的公共机构,可获取参与计量活动的个人的敏感信息。同样,监管机构希望保护参与者及其自身的敏感信息。

o Other LMAP system operators: Organisations who operate Measurement Systems or participate in measurements in some way.

o 其他LMAP系统运营商:运营测量系统或以某种方式参与测量的组织。

Although privacy is a protection extended to individuals, we discuss data protection by ISPs and other LMAP system operators in this section. These organisations have sensitive information involved in the LMAP system, and many of the same dangers and mitigations are applicable. Further, the ISPs store information on their Subscribers beyond that used in the LMAP system (for example, billing information), and there should be a benefit in considering all the needs and potential solutions coherently.

虽然隐私保护延伸到个人,但我们在本节讨论ISP和其他LMAP系统运营商的数据保护。这些组织在LMAP系统中涉及敏感信息,许多相同的危险和缓解措施也适用。此外,ISP存储的用户信息超出了LMAP系统中使用的信息(例如,计费信息),因此,连贯地考虑所有需求和潜在解决方案应该会有好处。

8.2. Examples of Sensitive Information
8.2. 敏感信息示例

This section gives examples of sensitive information that may be measured or stored in a Measurement System, and that is to be kept private by default in the LMAP core protocols.

本节给出了可在测量系统中测量或存储的敏感信息的示例,这些敏感信息在LMAP核心协议中默认为保密。

Examples of Subscriber or authorised Internet user sensitive information:

订户或授权互联网用户敏感信息示例:

o Sub-IP-layer addresses and names (MAC address, base station ID, SSID)

o 子IP层地址和名称(MAC地址、基站ID、SSID)

o IP address in use

o 正在使用的IP地址

o Personal Identification (real name)

o 个人身份(真实姓名)

o Location (street address, city)

o 位置(街道地址、城市)

o Subscribed service parameters

o 订阅的服务参数

o Contents of traffic (activity, DNS queries, destinations, equipment types, account info for other services, etc.)

o 流量内容(活动、DNS查询、目的地、设备类型、其他服务的帐户信息等)

o Status as a study volunteer and Schedule of Measurement Tasks

o 作为研究志愿者的状态和测量任务时间表

Examples of Internet Service Provider sensitive information:

互联网服务提供商敏感信息示例:

o Measurement device identification (equipment ID and IP address)

o 测量设备标识(设备ID和IP地址)

o Measurement Instructions (choice of measurements)

o 测量说明(测量选择)

o Measurement Results (some may be shared, others may be private)

o 测量结果(有些可能是共享的,有些可能是私有的)

o Measurement Schedule (exact times)

o 测量计划(精确时间)

o Network topology (locations, connectivity, redundancy)

o 网络拓扑(位置、连接、冗余)

o Subscriber billing information, and any of the above Subscriber information known to the provider.

o 订户计费信息,以及提供商已知的任何上述订户信息。

o Authentication credentials (such as certificates)

o 身份验证凭据(如证书)

Other organisations will have some combination of the lists above. The LMAP system would not typically expose all of the information above, but could expose a combination of items that could be correlated with other pieces collected by an attacker (as discussed in Section 8.5 on Threats).

其他组织将有上述列表的一些组合。LMAP系统通常不会公开上述所有信息,但可能会公开与攻击者收集的其他信息相关的项目组合(如第8.5节“威胁”中所述)。

8.3. Different Privacy Issues Raised by Different Sorts of Measurement Methods

8.3. 不同测量方法引起的不同隐私问题

Measurement Methods raise different privacy issues depending on whether they measure traffic created specifically for that purpose or whether they measure user traffic.

测量方法会引发不同的隐私问题,这取决于它们是测量专门为此目的创建的流量还是测量用户流量。

Measurement Tasks conducted on user traffic store sensitive information, however briefly this storage may be. We note that some authorities make a distinction on time of storage, and information that is kept only temporarily to perform a communications function is not subject to regulation (for example, active queue management, deep packet inspection). Such Measurement Tasks could reveal all the websites a Subscriber visits and the applications and/or services they use. This issue is not specific to LMAP. For instance, IPFIX has discussed similar issues (see Section 11.8 of [RFC7011]), but mitigations described in the sections below were considered beyond their scope.

对用户流量执行的测量任务存储敏感信息,但该存储可能很短暂。我们注意到,一些机构对存储时间进行了区分,并且仅为执行通信功能而临时保存的信息不受监管(例如,主动队列管理、深度数据包检查)。这种测量任务可以揭示订阅者访问的所有网站以及他们使用的应用程序和/或服务。此问题不是LMAP特有的。例如,IPFIX讨论了类似的问题(见[RFC7011]第11.8节),但下文所述的缓解措施超出了其范围。

In contrast to Measurement Tasks conducted on user traffic, other Measurement Tasks use traffic which is created specifically for the purpose of measurement. Even if a user host generates Measurement Traffic, there is limited sensitive information about the Subscriber present and stored in the Measurement System:

与对用户流量执行的测量任务不同,其他测量任务使用专门为测量目的创建的流量。即使用户主机产生测量流量,测量系统中存在并存储的关于订户的敏感信息也有限:

o IP address in use (and possibly sub-IP addresses and names)

o 正在使用的IP地址(可能还有子IP地址和名称)

o Status as a study volunteer and Schedule of Measurement Tasks

o 作为研究志愿者的状态和测量任务时间表

On the other hand, for a service provider, the sensitive information like Measurement Results is the same for all Measurement Tasks.

另一方面,对于服务提供商来说,所有测量任务的敏感信息(如测量结果)都是相同的。

From the Subscriber perspective, both types of Measurement Tasks potentially expose the description of Internet access service and specific service parameters, such as the Subscriber rate and type of access.

从订户的角度来看,这两种类型的测量任务都可能公开Internet访问服务的描述和特定的服务参数,例如订户速率和访问类型。

8.4. Privacy Analysis of the Communication Models
8.4. 通信模型的隐私分析

This section examines each of the protocol exchanges described at a high level in Section 5 and some example Measurement Tasks, and it identifies specific sensitive information that must be secured during communication for each case. With the protocol-related sensitive information identified, we can better consider the threats described in the following section.

本节检查了第5节中高层描述的每个协议交换和一些示例测量任务,并确定了在每种情况下通信期间必须保护的特定敏感信息。随着协议相关的敏感信息被识别,我们可以更好地考虑下面章节中描述的威胁。

From the privacy perspective, all entities participating in LMAP protocols can be considered "observers" according to the definition in [RFC6973]. Their stored information potentially poses a threat to privacy, especially if one or more of these functional entities has been compromised. Likewise, all devices on the paths used for control, reporting, and measurement are also observers.

从隐私角度来看,根据[RFC6973]中的定义,参与LMAP协议的所有实体都可以被视为“观察员”。他们存储的信息可能会对隐私造成威胁,尤其是当这些功能实体中的一个或多个被破坏时。同样,用于控制、报告和测量的路径上的所有设备也是观察者。

8.4.1. MA Bootstrapping
8.4.1. MA自举

Section 5.1 provides the communication model for the Bootstrapping process.

第5.1节提供了引导过程的通信模型。

Although the specification of mechanisms for Bootstrapping the MA are beyond the scope of the initial LMAP work, designers should recognise that the Bootstrapping process is extremely powerful and could cause an MA to join a new or different LMAP system with a different Controller and Collector, or simply install new Metrics with associated Measurement Methods (for example, to record DNS queries). A Bootstrap attack could result in a breach of the LMAP system with significant sensitive information exposure depending on the

虽然MA自举机制的规范超出了初始LMAP工作的范围,但设计师应认识到,自举过程非常强大,可能会导致MA使用不同的控制器和采集器加入新的或不同的LMAP系统,或者简单地安装带有相关测量方法的新度量(例如,记录DNS查询)。引导攻击可能会导致违反LMAP系统,导致严重的敏感信息泄露,具体取决于

capabilities of the MA, so sufficient security protections are warranted.

MA的功能,因此需要足够的安全保护。

The Bootstrapping process provides sensitive information about the LMAP system and the organisation that operates it, such as

引导过程提供有关LMAP系统和运行该系统的组织的敏感信息,例如

o the MA's identifier (MA-ID)

o MA的标识符(MA-ID)

o the address that identifies the Control Channel, such as the Controller's FQDN

o 标识控制通道的地址,如控制器的FQDN

o Security information for the Control Channel

o 控制通道的安全信息

During the Bootstrap process for an MA located at a single Subscriber's service demarcation point, the MA receives an MA-ID, which is a persistent pseudonym for the Subscriber. Thus, the MA-ID is considered sensitive information because it could provide the link between Subscriber identification and Measurements Results.

在位于单个订户的服务分界点的MA的引导过程中,MA接收MA-ID,该MA-ID是订户的永久性笔名。因此,MA-ID被认为是敏感信息,因为它可以提供用户标识和测量结果之间的链接。

Also, the Bootstrap process could assign a Group-ID to the MA. The specific definition of information represented in a Group-ID is to be determined, but several examples are envisaged including use as a pseudonym for a set of Subscribers, a class of service, an access technology, or other important categories. Assignment of a Group-ID enables anonymisation sets to be formed on the basis of service type/grade/rates. Thus, the mapping between Group-ID and MA-ID is considered sensitive information.

此外,引导过程可以将组ID分配给MA。在组ID中表示的信息的具体定义有待确定,但是设想了几个示例,包括用作一组订户、一类服务、接入技术或其他重要类别的笔名。组ID的分配允许根据服务类型/等级/费率形成匿名集。因此,组ID和MA-ID之间的映射被视为敏感信息。

8.4.2. Controller <-> Measurement Agent
8.4.2. 控制器<->测量代理

The high-level communication model for interactions between the LMAP Controller and Measurement Agent is illustrated in Section 5.2. The primary purpose of this exchange is to authenticate and task a Measurement Agent with Measurement Instructions, which the Measurement Agent then acts on autonomously.

第5.2节说明了LMAP控制器和测量代理之间交互的高级通信模型。此交换的主要目的是使用测量指令对测量代理进行身份验证和分配任务,然后测量代理自动执行这些指令。

Primarily, IP addresses and pseudonyms (MA-ID, Group-ID) are exchanged with a capability request, then measurement-related information of interest such as the parameters, schedule, metrics, and IP addresses of measurement devices. Thus, the measurement Instruction contains sensitive information that must be secured. For example, the fact that an ISP is running additional measurements beyond the set reported externally is sensitive information, as are the additional Measurements Tasks themselves. The Measurement Schedule is also sensitive, because an attacker intending to bias the results without being detected can use this information to great advantage.

首先,IP地址和假名(MA-ID、组ID)与能力请求交换,然后交换与测量相关的感兴趣的信息,例如测量设备的参数、计划、度量和IP地址。因此,测量说明包含必须保护的敏感信息。例如,ISP在外部报告的集合之外运行其他测量是敏感信息,其他测量任务本身也是敏感信息。测量计划也很敏感,因为攻击者想要在不被检测的情况下对结果进行偏差,可以利用此信息获得极大的优势。

An organisation operating the Controller having no service relationship with a user who hosts the Measurement Agent *could* gain real-name mapping to a public IP address through user participation in an LMAP system (this applies to the Measurement Collection protocol, as well).

运行控制器的组织与托管测量代理的用户没有服务关系*可以*通过用户参与LMAP系统获得到公共IP地址的实名映射(这也适用于测量收集协议)。

8.4.3. Collector <-> Measurement Agent
8.4.3. 收集器<->测量代理

The high-level communication model for interactions between the Measurement Agent and Collector is illustrated in Section 5.4. The primary purpose of this exchange is to authenticate and collect Measurement Results from an MA, which the MA has measured autonomously and stored.

第5.4节说明了测量代理和收集器之间交互的高级通信模型。此交换的主要目的是验证和收集MA的测量结果,MA已自动测量并存储该测量结果。

The Measurement Results are the additional sensitive information included in the Collector-MA exchange. Organisations collecting LMAP measurements have responsibility for data control. Thus, the Results and other information communicated in the Collector protocol must be secured.

测量结果是收集器MA交换中包含的附加敏感信息。收集LMAP测量值的组织负责数据控制。因此,在收集器协议中传输的结果和其他信息必须是安全的。

8.4.4. Measurement Peer <-> Measurement Agent
8.4.4. 测量对等<->测量代理

A Measurement Method involving Measurement Traffic raises potential privacy issues, although the specification of the mechanisms is beyond the scope of the initial LMAP work. The high-level communications model below illustrates the various exchanges to execute such a Measurement Method and store the Results.

涉及测量流量的测量方法会引发潜在的隐私问题,尽管机制的规范超出了最初LMAP工作的范围。下面的高级通信模型说明了执行这种测量方法和存储结果的各种交换。

We note the potential for additional observers in the figures below by indicating the possible presence of a NAT, which has additional significance to the protocols and direction of initiation.

在下图中,我们通过指出NAT的可能存在,注意到额外观察员的可能性,这对协议和启动方向具有额外的意义。

The various messages are optional, depending on the nature of the Measurement Method. It may involve sending Measurement Traffic from the Measurement Peer to MA, MA to Measurement Peer, or both. Similarly, a second (or more) MAs may be involved. (Note: For simplicity, Figure 11 and the description don't show the non-LMAP functionality that is associated with the transfer of the Measurement Traffic and is located at the devices with the MA and MP.)

根据测量方法的性质,各种消息是可选的。它可能涉及从测量对等点向MA、MA向测量对等点或两者发送测量流量。类似地,可能涉及第二(或更多)个MAs。(注:为简单起见,图11和说明未显示与测量流量传输相关的非LMAP功能,且位于具有MA和MP的设备上。)

    _________________                              _________________
   |                 |                            |                 |
   |Measurement Peer |=========== NAT ? ==========|Measurement Agent|
   |_________________|                            |_________________|
        
    _________________                              _________________
   |                 |                            |                 |
   |Measurement Peer |=========== NAT ? ==========|Measurement Agent|
   |_________________|                            |_________________|
        
                                  <-              (Key Negotiation &
                                                   Encryption Setup)
   (Encrypted Channel             ->
   Established)
   (Announce capabilities         ->
   & status)
                                  <-             (Select capabilities)
   ACK                            ->
                                  <-              (Measurement Request
                                                 (MA+MP IPAddrs,set of
                                                   Metrics, Schedule))
   ACK                            ->
        
                                  <-              (Key Negotiation &
                                                   Encryption Setup)
   (Encrypted Channel             ->
   Established)
   (Announce capabilities         ->
   & status)
                                  <-             (Select capabilities)
   ACK                            ->
                                  <-              (Measurement Request
                                                 (MA+MP IPAddrs,set of
                                                   Metrics, Schedule))
   ACK                            ->
        
   Measurement Traffic            <>              Measurement Traffic
   (may/may not be encrypted)               (may/may not be encrypted)
        
   Measurement Traffic            <>              Measurement Traffic
   (may/may not be encrypted)               (may/may not be encrypted)
        

<- (Stop Measurement Task)

<-(停止测量任务)

Measurement Results -> (if applicable) <- ACK, Close

测量结果->(如适用)<-ACK,关闭

Figure 11: Interactions between Measurement Peer and Measurement Agent

图11:测量对等方和测量代理之间的交互

This exchange primarily exposes the IP addresses of measurement devices and the inference of measurement participation from such traffic. There may be sensitive information on key points in a service provider's network included. There may also be access to measurement-related information of interest such as the Metrics, Schedule, and intermediate results carried in the Measurement Traffic (usually a set of timestamps).

此交换主要公开测量设备的IP地址以及从此类流量推断测量参与。可能包含服务提供商网络中关键点的敏感信息。还可以访问感兴趣的度量相关信息,例如度量流量中携带的度量、时间表和中间结果(通常是一组时间戳)。

The Measurement Peer may be able to use traffic analysis (perhaps combined with traffic injection) to obtain interesting insights about the Subscriber. As a simple example, if the Measurement Task includes a pre-check that the end user isn't already sending traffic, the Measurement Peer may be able to deduce when the Subscriber is away on holiday.

测量对等方可能能够使用流量分析(可能与流量注入相结合)来获得关于订户的有趣见解。作为一个简单的例子,如果测量任务包括最终用户尚未发送流量的预检查,那么测量对等方可能能够推断订户何时外出度假。

If the Measurement Traffic is unencrypted, as found in many systems today, then both timing and limited results are open to on-path observers.

如果测量流量是未加密的,就像今天在许多系统中发现的那样,那么时间和有限的结果都对路径上的观察者开放。

8.4.5. Measurement Agent
8.4.5. 测量代理

Some Measurement Methods only involve a single Measurement Agent observing existing traffic. They raise potential privacy issues, although the specification of the mechanisms is beyond the scope of the initial LMAP work.

某些测量方法仅涉及单个测量代理来观察现有流量。它们提出了潜在的隐私问题,尽管机制的规范超出了最初LMAP工作的范围。

The high-level communications model shown in Figure 12 illustrates the collection of user information of interest with the Measurement Agent performing the monitoring and storage of the Results. This particular exchange is for measurement of DNS Response Time, which most frequently uses UDP transport. (Note: For simplicity, Figure 12 and its description do not show the non-LMAP functionality that is associated with the transfer (export) of the observed Measurement Traffic beyond the measurement devices located with the MA.)

图12所示的高级通信模型说明了使用测量代理收集感兴趣的用户信息,并执行结果的监视和存储。此特定交换用于测量DNS响应时间,DNS响应时间通常使用UDP传输。(注:为简单起见,图12及其说明未显示与观测测量流量传输(导出)相关的非LMAP功能,该传输(导出)超出了与MA一起安装的测量设备。)

  _________________                                      ____________
 |                 |                                    |            |
 |  DNS Server     |=========== NAT ? ==========*=======| User client|
 |_________________|                            ^       |____________|
                                          ______|_______
                                         |              |
                                         |  Measurement |
                                         |    Agent     |
                                         |______________|
        
  _________________                                      ____________
 |                 |                                    |            |
 |  DNS Server     |=========== NAT ? ==========*=======| User client|
 |_________________|                            ^       |____________|
                                          ______|_______
                                         |              |
                                         |  Measurement |
                                         |    Agent     |
                                         |______________|
        

<- Name Resolution Required (MA+MP IPAddrs, Desired Domain Name) Return Record ->

<-需要名称解析(MA+MP IPADRS,所需域名)返回记录->

MA: Measurement Agent MP: Measurement Peer

MA:测量代理MP:测量对等方

Figure 12: LMAP deployment example, with Measurement Agent monitoring DNS response time

图12:LMAP部署示例,测量代理监控DNS响应时间

In this particular example, the MA monitors DNS messages in order to measure the DNS response time. The Measurement Agent may be embedded in the user host, or it may be located in another device capable of observing user traffic. The MA learns the IP addresses of measurement devices and the intent to communicate with or access the services of a particular domain name, and perhaps also information on key points in a service provider's network, such as the address of one of its DNS servers.

在此特定示例中,MA监视DNS消息以测量DNS响应时间。测量代理可以嵌入在用户主机中,或者可以位于能够观察用户流量的另一个设备中。MA学习测量设备的IP地址以及与特定域名的服务通信或访问该服务的意图,并且可能还学习关于服务提供商网络中的关键点的信息,例如其DNS服务器之一的地址。

In principle, any of the user sensitive information of interest (listed above) can be collected and stored in the monitoring scenario and so must be secured.

原则上,任何感兴趣的用户敏感信息(上面列出)都可以收集并存储在监控场景中,因此必须加以保护。

It would also be possible for a Measurement Agent to source the DNS query itself, and then there are not many privacy concerns.

也可以由测量代理自行获取DNS查询的来源,这样就不会有太多隐私问题。

8.4.6. Storage and Reporting of Measurement Results
8.4.6. 测量结果的存储和报告

Although the mechanisms for communicating results (beyond the initial Collector) are beyond the scope of the initial LMAP work, there are potential privacy issues related to a single organisation's storage and reporting of Measurement Results. Both storage and reporting functions can help to preserve privacy by implementing the mitigations described below.

尽管结果沟通机制(超出初始收集器)超出了初始LMAP工作的范围,但存在与单个组织存储和报告测量结果相关的潜在隐私问题。存储和报告功能都可以通过实施下述缓解措施来帮助保护隐私。

8.5. Threats
8.5. 威胁

This section indicates how each of the threats described in [RFC6973] apply to the LMAP entities and their communication and storage of "information of interest". DoS and other attacks described in the Security section represent threats as well, and these attacks are more effective when sensitive information protections have been compromised.

本节说明[RFC6973]中描述的每种威胁如何适用于LMAP实体及其“感兴趣信息”的通信和存储。“安全”部分中描述的DoS和其他攻击也表示威胁,当敏感信息保护受到破坏时,这些攻击更有效。

8.5.1. Surveillance
8.5.1. 监控

Section 5.1.1 of [RFC6973] describes surveillance as the "observation or monitoring of an individual's communications or activities." Hence, all Measurement Methods that measure user traffic are a form of surveillance, with inherent risks.

[RFC6973]第5.1.1节将监控描述为“对个人通信或活动的观察或监控”。因此,所有测量用户流量的测量方法都是一种具有内在风险的监控形式。

Measurement Methods that avoid periods of user transmission indirectly produce a record of times when a subscriber or authorised user has used their network access service.

避免用户传输周期的测量方法间接产生了用户或授权用户使用其网络接入服务的时间记录。

Measurement Methods may also utilise and store a Subscriber's currently assigned IP address when conducting measurements that are relevant to a specific Subscriber. Since the Measurement Results are timestamped, they could provide a record of IP address assignments over time.

在进行与特定订户相关的测量时,测量方法也可以使用和存储订户当前分配的IP地址。由于测量结果带有时间戳,它们可以提供随时间变化的IP地址分配记录。

Either of the above pieces of information could be useful in correlation and identification, as described below.

如下文所述,上述任何一条信息都有助于关联和识别。

8.5.2. Stored Data Compromise
8.5.2. 存储数据泄露

Section 5.1.2 of [RFC6973] describes Stored Data Compromise as resulting from inadequate measures to secure stored data from unauthorised or inappropriate access. For LMAP systems, this includes deleting or modifying collected measurement records, as well as data theft.

[RFC6973]第5.1.2节描述了存储数据泄露,这是由于未采取适当措施防止未经授权或不当访问存储数据而导致的。对于LMAP系统,这包括删除或修改收集的测量记录,以及数据盗窃。

The primary LMAP entity subject to compromise is the repository, which stores the Measurement Results; extensive security and privacy threat mitigations are warranted. The Collector and MA also store sensitive information temporarily and need protection. The communications between the local storage of the Collector and the repository is beyond the scope of the initial LMAP work, though this communications channel will certainly need protection as will the mass storage itself.

受影响的主要LMAP实体是存储库,存储测量结果;需要广泛的安全和隐私威胁缓解措施。收集器和MA还临时存储敏感信息,需要保护。收集器的本地存储器和存储库之间的通信超出了初始LMAP工作的范围,尽管此通信通道肯定需要保护,因为大容量存储器本身也需要保护。

The LMAP Controller may have direct access to storage of Subscriber information (for example, location, billing, service parameters, etc.) and other information that the controlling organisation considers private and again needs protection.

LMAP控制器可以直接访问订户信息(例如,位置、计费、服务参数等)的存储以及控制组织认为私有且再次需要保护的其他信息。

Note that there is tension between the desire to store all raw results in the LMAP Collector (for reproduction and custom analysis) and the need to protect the privacy of measurement participants. Many of the mitigations described in Section 8.6 are most efficient when deployed at the MA, therefore minimising the risks associated with stored results.

请注意,希望将所有原始结果存储在LMAP收集器中(用于复制和自定义分析)与需要保护测量参与者的隐私之间存在紧张关系。第8.6节中描述的许多缓解措施在MA部署时最为有效,因此将与存储结果相关的风险降至最低。

8.5.3. Correlation and Identification
8.5.3. 关联与识别

Sections 5.2.1 and 5.2.2 of [RFC6973] describe correlation as combining various pieces of information to obtain desired characteristics of an individual, and identification as using this combination to infer identity.

[RFC6973]第5.2.1节和第5.2.2节将相关性描述为组合各种信息以获得个人的期望特征,并将识别描述为使用这种组合来推断身份。

The main risk is that the LMAP system could unwittingly provide a key piece of the correlation chain, starting with an unknown Subscriber's IP address and another piece of information. For example, a Subscriber utilised Internet access from 2000 to 2310 UTC, because the Measurement Tasks were deferred or sent a name resolution for www.example.com at 2300 UTC.

主要的风险是,LMAP系统可能会无意中提供相关链的关键部分,从未知订户的IP地址和另一条信息开始。例如,由于测量任务被推迟或在2300 UTC时发送了www.example.com的名称解析,订阅者从2000年到2310 UTC使用互联网访问。

If a user's access with another system already gave away sensitive information, correlation is clearly easier and can result in re-identification, even when an LMAP system conserves sensitive information to great extent.

如果用户与另一个系统的访问已经泄露了敏感信息,那么关联显然更容易,并且可以导致重新识别,即使LMAP系统在很大程度上保存了敏感信息。

8.5.4. Secondary Use and Disclosure
8.5.4. 二次使用和披露

Sections 5.2.3 and 5.2.4 of [RFC6973] describe secondary use as unauthorised utilisation of an individual's information for a purpose the individual did not intend, and disclosure as when such information is revealed causing another's notions of the individual to change or confidentiality to be violated.

[RFC6973]第5.2.3节和第5.2.4节将二次使用描述为未经授权将个人信息用于个人不打算的目的,以及披露此类信息时导致他人对个人的观念发生变化或违反保密性。

Measurement Methods that measure user traffic are a form of secondary use, and the Subscribers' permission should be obtained beforehand. It may be necessary to obtain the measured ISP's permission to conduct measurements (for example, when required by the terms and conditions of the service agreement) and notification is considered good measurement practice.

测量用户流量的测量方法是二次使用的一种形式,应该事先获得用户的许可。可能需要获得被测ISP的许可才能进行测量(例如,当服务协议的条款和条件要求时),通知被视为良好的测量实践。

For Measurement Methods that measure Measurement Traffic the Measurement Results provide some limited information about the Subscriber or ISP and could result in secondary uses. For example, the use of the Results in unauthorised marketing campaigns would qualify as secondary use. Secondary use may break national laws and regulations, and may violate an individual's expectations or desires.

对于测量流量的测量方法,测量结果提供有关订户或ISP的一些有限信息,并可能导致二次使用。例如,在未经授权的营销活动中使用结果将被视为二次使用。二次使用可能违反国家法律法规,并可能违反个人的期望或愿望。

8.6. Mitigations
8.6. 减轻

This section examines the mitigations listed in Section 6 of [RFC6973] and their applicability to LMAP systems. Note that each section in [RFC6973] identifies the threat categories that each technique mitigates.

本节检查了[RFC6973]第6节中列出的缓解措施及其对LMAP系统的适用性。请注意,[RFC6973]中的每一节都确定了每种技术缓解的威胁类别。

8.6.1. Data Minimisation
8.6.1. 数据最小化

Section 6.1 of [RFC6973] encourages collecting and storing the minimal information needed to perform a task.

[RFC6973]第6.1节鼓励收集和存储执行任务所需的最少信息。

LMAP Results can be useful for general reporting about performance and for specific troubleshooting. They need different levels of information detail, as explained in the paragraphs below.

LMAP结果可用于一般性能报告和特定故障排除。如下文各段所述,它们需要不同程度的信息细节。

For general reporting, the results can be aggregated into large categories (for example, the month of March, all US subscribers West of the Mississippi River). In this case, all individual identifications (including IP address of the MA) can be excluded, and only relevant results are provided. However, this implies a filtering process to reduce the information fields, because greater detail was needed to conduct the Measurement Tasks in the first place.

对于一般报告,结果可以聚合为大类(例如,3月份,密西西比河以西的所有美国用户)。在这种情况下,可以排除所有单个标识(包括MA的IP地址),并且只提供相关结果。然而,这意味着需要一个过滤过程来减少信息字段,因为首先需要更详细地执行测量任务。

For troubleshooting, so that a network operator or end user can identify a performance issue or failure, potentially all the network information (for example, IP addresses, equipment IDs, location), Measurement Schedules, service configurations, Measurement Results, and other information may assist in the process. This includes the information needed to conduct the Measurements Tasks, and represents a need where the maximum relevant information is desirable; therefore, the greatest protections should be applied. This level of detail is greater than needed for general performance monitoring.

为了进行故障排除,以便网络运营商或最终用户能够识别性能问题或故障,所有网络信息(例如,IP地址、设备ID、位置)、测量计划、服务配置、测量结果和其他信息可能有助于此过程。这包括执行测量任务所需的信息,并表示需要最大的相关信息;因此,应采取最大的保护措施。此详细级别比一般性能监视所需的详细级别更高。

As regards Measurement Methods that measure user traffic, we note that a user may give temporary permission (to enable detailed troubleshooting), but withhold permission for them in general. Here the greatest breadth of sensitive information is potentially exposed, and the maximum privacy protection must be provided. The Collector may perform pre-storage minimisation and other mitigations (Section 8.6.4) to help preserve privacy.

关于测量用户流量的测量方法,我们注意到用户可能会给予临时许可(以实现详细的故障排除),但通常会保留对它们的许可。在这里,可能会暴露最大范围的敏感信息,必须提供最大程度的隐私保护。收集器可执行预存储最小化和其他缓解措施(第8.6.4节),以帮助保护隐私。

For MAs with access to the sensitive information of users (for example, within a home or a personal host/handset), it is desirable for the Results collection to minimise the data reported, but also to balance this desire with the needs of troubleshooting when a service subscription exists between the user and organisation operating the measurements.

对于能够访问用户敏感信息的MAs(例如,在家中或个人主机/手机内),结果收集应尽量减少报告的数据,但也要平衡这一愿望与当用户和运行度量的组织之间存在服务订阅时的故障排除需求。

8.6.2. Anonymity
8.6.2. 匿名

Section 6.1.1 of [RFC6973] describes an "anonymity set" as a way in which anonymity is achieved: "there must exist a set of individuals that appear to have the same attribute(s) as the individual."

[RFC6973]第6.1.1节将“匿名集”描述为实现匿名性的一种方式:“必须存在一组似乎与个人具有相同属性的个人。”

Experimental methods for anonymisation of user-identifiable data (and so particularly applicable to Measurement Methods that measure user traffic) have been identified in [RFC6235]. However, the findings of several of the same authors is that "there is increasing evidence that anonymization applied to network trace or flow data on its own is insufficient for many data protection applications as in [Bur10]." Essentially, the details of such Measurement Methods can only be accessed by closed organisations, and unknown injection attacks are always less expensive than the protections from them. However, some forms of summary may protect the user's sensitive information sufficiently well, and so each Metric must be evaluated in the light of privacy.

[RFC6235]中确定了用户可识别数据匿名化的实验方法(因此特别适用于测量用户流量的测量方法)。然而,几位作者的研究结果是,“越来越多的证据表明,对于[Bur10]中的许多数据保护应用而言,仅对网络跟踪或流数据进行匿名化是不够的。”本质上,此类测量方法的细节只能由封闭的组织访问,而且未知注入攻击总是比它们的保护成本更低。然而,某些形式的摘要可能会充分保护用户的敏感信息,因此必须根据隐私对每个指标进行评估。

The techniques in [RFC6235] could be applied more successfully in Measurement Methods that generate Measurement Traffic, where there are protections from injection attack. The successful attack would require breaking the integrity protection of the LMAP Reporting

[RFC6235]中的技术可以更成功地应用于产生测量流量的测量方法中,在这种方法中可以防止注入攻击。成功的攻击需要破坏LMAP报告的完整性保护

Protocol and injecting Measurement Results (known fingerprint, see Section 3.2 of [RFC6973]) for inclusion with the shared and anonymised results, then fingerprinting those records to ascertain the anonymisation process.

协议和注入测量结果(已知指纹,见[RFC6973]第3.2节)与共享和匿名结果一起包含,然后对这些记录进行指纹识别,以确定匿名过程。

Beside anonymisation of measured Results for a specific user or provider, the value of sensitive information can be further diluted by summarising the Results over many individuals or areas served by the provider. There is an opportunity enabled by forming anonymity sets [RFC6973] based on the reference path measurement points in [RFC7398]. For example, all measurements from a Subscriber device can be identified as "mp000", instead of using the IP address or other device information. The same anonymisation applies to the Internet Service Provider, where their Internet gateway would be referred to as "mp190".

除了对特定用户或提供商的测量结果进行匿名化之外,敏感信息的价值还可以通过对提供商服务的许多个人或领域的结果进行总结而进一步稀释。根据[RFC7398]中的参考路径测量点,通过形成匿名集[RFC6973]实现了一个机会。例如,来自订户设备的所有测量值都可以标识为“mp000”,而不是使用IP地址或其他设备信息。同样的匿名也适用于互联网服务提供商,他们的互联网网关将被称为“mp190”。

Another anonymisation technique is for the MA to include its Group-ID instead of its MA-ID in its Measurement Reports, with several MAs sharing the same Group-ID.

另一种匿名技术是MA在其测量报告中包含其组ID而不是MA-ID,多个MA共享同一组ID。

8.6.3. Pseudonymity
8.6.3. 笔名

Section 6.1.2 of [RFC6973] indicates that pseudonyms, or nicknames, are a possible mitigation to revealing one's true identity, since there is no requirement to use real names in almost all protocols.

[RFC6973]第6.1.2节指出,化名或昵称是揭示真实身份的一种可能的缓解措施,因为几乎所有协议都不要求使用真名。

A pseudonym for a measurement device's IP address could be an LMAP-unique equipment ID. However, this would likely be a permanent handle for the device, and long-term use weakens a pseudonym's power to obscure identity.

测量设备IP地址的笔名可以是LMAP唯一的设备ID。但是,这可能是设备的永久句柄,长期使用会削弱笔名掩盖身份的能力。

8.6.4. Other Mitigations
8.6.4. 其他缓解措施

Data can be depersonalised by blurring it, for example by adding synthetic data, data-swapping, or perturbing the values in ways that can be reversed or corrected.

通过模糊数据,例如通过添加合成数据、数据交换或以可以反转或更正的方式扰动值,可以对数据进行非个性化处理。

Sections 6.2 and 6.3 of [RFC6973] describe user participation and security, respectively.

[RFC6973]第6.2节和第6.3节分别描述了用户参与和安全性。

Where LMAP measurements involve devices on the subscriber's premises or Subscriber-owned equipment, it is essential to secure the Subscriber's permission with regard to the specific information that will be collected. The informed consent of the Subscriber (and, if different, the end user) may be needed, including the specific purpose of the measurements. The approval process could involve showing the Subscriber their measured information and results before instituting periodic collection, or before all instances of

如果LMAP测量涉及用户场所或用户自有设备上的设备,则必须确保用户对将收集的特定信息的许可。可能需要订户(以及,如果不同,最终用户)的知情同意,包括测量的具体目的。批准流程可能涉及在开始定期收集之前,或在所有数据收集实例之前,向订阅者显示其测量信息和结果

collection, with the option to cancel collection temporarily or permanently.

收集,具有临时或永久取消收集的选项。

It should also be clear who is legally responsible for data protection (privacy); in some jurisdictions, this role is called the 'data controller'. It is always good practice to limit the time that personal information is stored.

还应明确谁对数据保护(隐私)负有法律责任;在某些管辖区,此角色称为“数据控制器”。限制个人信息的存储时间始终是一种良好的做法。

Although the details of verification would be impenetrable to most subscribers, the MA could be architected as an "app" with open source code, pre-download and embedded terms of use and agreement on measurements, and protection from code modifications usually provided by the app stores. Further, the app itself could provide data reduction and temporary storage mitigations as appropriate and certified through code review.

尽管大多数用户无法理解验证的细节,但MA可以被设计成一个“应用程序”,具有开放源代码、预下载和嵌入式使用条款和测量协议,以及通常由应用商店提供的代码修改保护。此外,应用程序本身可以提供适当的数据缩减和临时存储缓解措施,并通过代码审查进行认证。

LMAP protocols, devices, and the information they store clearly need to be secure from unauthorised access. This is the hand-off between privacy and security considerations (Section 7). The data controller is responsible (legally) for maintaining data protections described in the Subscriber's agreement and agreements with other organisations.

LMAP协议、设备及其存储的信息显然需要安全,以防止未经授权的访问。这是隐私和安全考虑之间的交接(第7节)。数据控制员负责(法律上)维护订户协议以及与其他组织的协议中所述的数据保护。

Finally, it is recommended that each entity described in Section 8.1, (for example, individuals, ISPs, regulators, others) assess the risks of LMAP data collection by conducting audits of their data protection methods.

最后,建议第8.1节中描述的每个实体(例如,个人、ISP、监管机构等)通过对其数据保护方法进行审计来评估LMAP数据收集的风险。

9. Informative References
9. 资料性引用

[Bur10] Burkhart, M., Schatzmann, D., Trammell, B., and E. Boschi, "The Role of Network Trace anonymisation Under Attack", January 2010.

[Bur10]Burkhart,M.,Schatzmann,D.,Trammell,B.,和E.Boschi,“网络追踪匿名化在攻击中的作用”,2010年1月。

[IPPM-REG] Bagnulo, M., Claise, B., Eardley, P., Morton, A., and A. Akhter, "Registry for Performance Metrics", Work in Progress, draft-ietf-ippm-metric-registry-04, July 2015.

[IPPM-REG]Bagnulo,M.,Claise,B.,Eardley,P.,Morton,A.,和A.Akhter,“绩效指标注册”,在建工程,草案-ietf-IPPM-metric-Registry-042015年7月。

[LMAP-INFO] Burbridge, T., Eardley, P., Bagnulo, M., and J. Schoenwaelder, "Information Model for Large-Scale Measurement Platforms (LMAP)", Work in Progress, draft-ietf-lmap-information-model-06, July 2015.

[LMAP-INFO]Burbridge,T.,Eardley,P.,Bagnulo,M.,和J.Schoenwaeld,“大型测量平台(LMAP)的信息模型”,正在进行的工作,草案-ietf-LMAP-Information-Model-062015年7月。

[REST] Wikipedia, "Representational state transfer", July 2015, <https://en.wikipedia.org/w/index.php? title=Representational_state_transfer&oldid=673799183>.

[其他]维基百科,“代表性国家转移”,2015年7月<https://en.wikipedia.org/w/index.php? title=Representational\u state\u transfer&oldid=673799183>。

[RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, November 1987, <http://www.rfc-editor.org/info/rfc1035>.

[RFC1035]Mockapetris,P.,“域名-实现和规范”,STD 13,RFC 1035,DOI 10.17487/RFC1035,1987年11月<http://www.rfc-editor.org/info/rfc1035>.

[RFC3444] Pras, A. and J. Schoenwaelder, "On the Difference between Information Models and Data Models", RFC 3444, DOI 10.17487/RFC3444, January 2003, <http://www.rfc-editor.org/info/rfc3444>.

[RFC3444]Pras,A.和J.Schoenwaeld,“关于信息模型和数据模型之间的差异”,RFC 3444,DOI 10.17487/RFC3444,2003年1月<http://www.rfc-editor.org/info/rfc3444>.

[RFC4101] Rescorla, E. and IAB, "Writing Protocol Models", RFC 4101, DOI 10.17487/RFC4101, June 2005, <http://www.rfc-editor.org/info/rfc4101>.

[RFC4101]Rescorla,E.和IAB,“编写协议模型”,RFC 4101,DOI 10.17487/RFC4101,2005年6月<http://www.rfc-editor.org/info/rfc4101>.

[RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally Unique IDentifier (UUID) URN Namespace", RFC 4122, DOI 10.17487/RFC4122, July 2005, <http://www.rfc-editor.org/info/rfc4122>.

[RFC4122]Leach,P.,Mealling,M.和R.Salz,“通用唯一标识符(UUID)URN名称空间”,RFC 4122,DOI 10.17487/RFC4122,2005年7月<http://www.rfc-editor.org/info/rfc4122>.

[RFC4656] Shalunov, S., Teitelbaum, B., Karp, A., Boote, J., and M. Zekauskas, "A One-way Active Measurement Protocol (OWAMP)", RFC 4656, DOI 10.17487/RFC4656, September 2006, <http://www.rfc-editor.org/info/rfc4656>.

[RFC4656]Shalunov,S.,Teitelbaum,B.,Karp,A.,Boote,J.,和M.Zekauskas,“单向主动测量协议(OWAMP)”,RFC 4656,DOI 10.17487/RFC4656,2006年9月<http://www.rfc-editor.org/info/rfc4656>.

[RFC5357] Hedayat, K., Krzanowski, R., Morton, A., Yum, K., and J. Babiarz, "A Two-Way Active Measurement Protocol (TWAMP)", RFC 5357, DOI 10.17487/RFC5357, October 2008, <http://www.rfc-editor.org/info/rfc5357>.

[RFC5357]Hedayat,K.,Krzanowski,R.,Morton,A.,Yum,K.,和J.Babiarz,“双向主动测量协议(TWAMP)”,RFC 5357,DOI 10.17487/RFC5357,2008年10月<http://www.rfc-editor.org/info/rfc5357>.

[RFC6235] Boschi, E. and B. Trammell, "IP Flow Anonymization Support", RFC 6235, DOI 10.17487/RFC6235, May 2011, <http://www.rfc-editor.org/info/rfc6235>.

[RFC6235]Boschi,E.和B.Trammell,“IP流匿名化支持”,RFC 6235,DOI 10.17487/RFC6235,2011年5月<http://www.rfc-editor.org/info/rfc6235>.

[RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., and A. Bierman, Ed., "Network Configuration Protocol (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, <http://www.rfc-editor.org/info/rfc6241>.

[RFC6241]Enns,R.,Ed.,Bjorklund,M.,Ed.,Schoenwaeld,J.,Ed.,和A.Bierman,Ed.,“网络配置协议(NETCONF)”,RFC 6241,DOI 10.17487/RFC6241,2011年6月<http://www.rfc-editor.org/info/rfc6241>.

[RFC6419] Wasserman, M. and P. Seite, "Current Practices for Multiple-Interface Hosts", RFC 6419, DOI 10.17487/RFC6419, November 2011, <http://www.rfc-editor.org/info/rfc6419>.

[RFC6419]Wasserman,M.和P.Seite,“多接口主机的当前实践”,RFC 6419,DOI 10.17487/RFC6419,2011年11月<http://www.rfc-editor.org/info/rfc6419>.

[RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, DOI 10.17487/RFC6887, April 2013, <http://www.rfc-editor.org/info/rfc6887>.

[RFC6887]Wing,D.,Ed.,Cheshire,S.,Boucadair,M.,Penno,R.,和P.Selkirk,“港口控制协议(PCP)”,RFC 6887,DOI 10.17487/RFC6887,2013年4月<http://www.rfc-editor.org/info/rfc6887>.

[RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013, <http://www.rfc-editor.org/info/rfc6973>.

[RFC6973]Cooper,A.,Tschofenig,H.,Aboba,B.,Peterson,J.,Morris,J.,Hansen,M.,和R.Smith,“互联网协议的隐私考虑”,RFC 6973,DOI 10.17487/RFC6973,2013年7月<http://www.rfc-editor.org/info/rfc6973>.

[RFC7011] Claise, B., Ed., Trammell, B., Ed., and P. Aitken, "Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information", STD 77, RFC 7011, DOI 10.17487/RFC7011, September 2013, <http://www.rfc-editor.org/info/rfc7011>.

[RFC7011]Claise,B.,Ed.,Trammell,B.,Ed.,和P.Aitken,“流量信息交换的IP流量信息导出(IPFIX)协议规范”,STD 77,RFC 7011,DOI 10.17487/RFC7011,2013年9月<http://www.rfc-editor.org/info/rfc7011>.

[RFC7258] Farrell, S. and H. Tschofenig, "Pervasive Monitoring Is an Attack", BCP 188, RFC 7258, DOI 10.17487/RFC7258, May 2014, <http://www.rfc-editor.org/info/rfc7258>.

[RFC7258]Farrell,S.和H.Tschofenig,“普遍监控是一种攻击”,BCP 188,RFC 7258,DOI 10.17487/RFC7258,2014年5月<http://www.rfc-editor.org/info/rfc7258>.

[RFC7368] Chown, T., Ed., Arkko, J., Brandt, A., Troan, O., and J. Weil, "IPv6 Home Networking Architecture Principles", RFC 7368, DOI 10.17487/RFC7368, October 2014, <http://www.rfc-editor.org/info/rfc7368>.

[RFC7368]Chown,T.,Ed.,Arkko,J.,Brandt,A.,Troan,O.,和J.Weil,“IPv6家庭网络架构原则”,RFC 7368,DOI 10.17487/RFC7368,2014年10月<http://www.rfc-editor.org/info/rfc7368>.

[RFC7398] Bagnulo, M., Burbridge, T., Crawford, S., Eardley, P., and A. Morton, "A Reference Path and Measurement Points for Large-Scale Measurement of Broadband Performance", RFC 7398, DOI 10.17487/RFC7398, February 2015, <http://www.rfc-editor.org/info/rfc7398>.

[RFC7398]Bagnulo,M.,Burbridge,T.,Crawford,S.,Eardley,P.,和A.Morton,“宽带性能大规模测量的参考路径和测量点”,RFC 7398,DOI 10.17487/RFC7398,2015年2月<http://www.rfc-editor.org/info/rfc7398>.

[RFC7536] Linsner, M., Eardley, P., Burbridge, T., and F. Sorensen, "Large-Scale Broadband Measurement Use Cases", RFC 7536, DOI 10.17487/RFC7536, May 2015, <http://www.rfc-editor.org/info/rfc7536>.

[RFC7536]Linsner,M.,Eardley,P.,Burbridge,T.,和F.Sorensen,“大规模宽带测量用例”,RFC 7536,DOI 10.17487/RFC7536,2015年5月<http://www.rfc-editor.org/info/rfc7536>.

[TR-069] The Broadband Forum, "CPE WAN Management Protocol", TR-069 Amendment 5, November 2013, <https://www.broadband-forum.org/technical/download/ TR-069_Amendment-5.pdf>.

[TR-069]宽带论坛,“CPE WAN管理协议”,TR-069修正案5,2013年11月<https://www.broadband-forum.org/technical/download/ TR-069_修正案-5.pdf>。

[UPnP] UPnP Forum, "UPnP Device Architecture 2.0", February 2015, <http://www.iso.org/iso/home/store/catalogue_ics/ catalogue_detail_ics.htm?csnumber=57195>.

[UPnP]UPnP论坛,“UPnP设备架构2.0”,2015年2月<http://www.iso.org/iso/home/store/catalogue_ics/ 目录_detail_ics.htm?csnumber=57195>。

Acknowledgments

致谢

This document originated as a merger of three individual drafts: "Terminology for Large MeAsurement Platforms (LMAP)" (July 2013), "A Framework and Inventory for a Large Scale Measurement System" (July 2013), and "A framework for large-scale measurements" (July 2013).

本文件由三份单独草案合并而成:“大型测量平台术语”(2013年7月)、“大型测量系统框架和清单”(2013年7月)和“大型测量框架”(2013年7月)。

Thanks to Juergen Schoenwaelder for his detailed review of the terminology. Thanks to Charles Cook for a very detailed review of an early draft of this document. Thanks to Barbara Stark and Ken Ko for many helpful comments about later draft versions.

感谢Juergen Schoenwaeld对术语的详细审查。感谢Charles Cook对本文件的早期草案进行了非常详细的审查。感谢芭芭拉·斯塔克(Barbara Stark)和肯·科(Ken Ko)对后来的草稿提出了许多有益的意见。

Thanks to numerous people for much discussion, directly and on the LMAP list (apologies to those unintentionally omitted): Alan Clark, Alissa Cooper, Andrea Soppera, Barbara Stark, Benoit Claise, Brian Trammell, Charles Cook, Dan Romascanu, Dave Thorne, Frode Soerensen, Greg Mirsky, Guangqing Deng, Jason Weil, Jean-Francois Tremblay, Jerome Benoit, Joachim Fabini, Juergen Schoenwaelder, Jukka Manner, Ken Ko, Lingli Deng, Mach Chen, Matt Mathis, Marc Ibrahim, Michael Bugenhagen, Michael Faath, Nalini Elkins, Radia Perlman, Rolf Winter, Sam Crawford, Sharam Hakimi, Steve Miller, Ted Lemon, Timothy Carey, Vaibhav Bajpai, Vero Zheng, and William Lupton.

感谢众多直接和在LMAP名单上进行了大量讨论的人(向无意遗漏的人道歉):艾伦·克拉克、艾莉莎·库珀、安德里亚·索佩拉、芭芭拉·斯塔克、贝诺瓦·克莱斯、布莱恩·特拉梅尔、查尔斯·库克、丹·罗马斯坎努、戴夫·索恩、弗罗德·苏伦森、格雷格·米斯基、邓广清、杰森·威尔、让·弗朗索瓦·特雷姆布雷、杰罗姆·贝诺瓦、,约阿希姆·法比尼、于尔根·舍恩瓦埃尔德、朱卡·韦德、肯·柯、邓玲莉、马赫·陈、马特·马蒂斯、马克·易卜拉欣、迈克尔·布根哈根、迈克尔·法斯、纳利尼·埃尔金斯、拉迪亚·帕尔曼、罗尔夫·温特、萨姆·克劳福德、沙拉姆·哈基米、史蒂夫·米勒、特德·莱蒙、蒂莫西·凯里、维巴杰佩、韦罗·郑和威廉·卢普顿。

Philip Eardley, Trevor Burbridge and Marcelo Bagnulo worked in part on the Leone research project, which received funding from the European Union Seventh Framework Programme under grant agreement number 317647.

Philip Eardley、Trevor Burbridge和Marcelo Bagnulo参与了塞拉利昂研究项目,该项目获得了欧盟第七框架计划(第317647号赠款协议)的资助。

Authors' Addresses

作者地址

Philip Eardley BT Adastral Park, Martlesham Heath Ipswich England

菲利普·埃尔德利英国电信公司阿达斯特拉尔公园,马特勒沙姆希思伊普斯维奇英格兰

   Email: philip.eardley@bt.com
        
   Email: philip.eardley@bt.com
        

Al Morton AT&T Labs 200 Laurel Avenue South Middletown, NJ United States

美国新泽西州劳雷尔大道南米德尔顿200号艾尔莫顿AT&T实验室

   Email: acmorton@att.com
        
   Email: acmorton@att.com
        

Marcelo Bagnulo Universidad Carlos III de Madrid Av. Universidad 30 Leganes, Madrid 28911 Spain

马德里卡洛斯三世大学。西班牙马德里勒加内斯30大学28911

   Phone: 34 91 6249500
   Email: marcelo@it.uc3m.es
   URI:   http://www.it.uc3m.es
        
   Phone: 34 91 6249500
   Email: marcelo@it.uc3m.es
   URI:   http://www.it.uc3m.es
        

Trevor Burbridge BT Adastral Park, Martlesham Heath Ipswich England

特雷弗·伯布里奇英国阿特斯特拉尔公园,马特勒沙姆希思伊普斯维奇

   Email: trevor.burbridge@bt.com
        
   Email: trevor.burbridge@bt.com
        

Paul Aitken Brocade Communications Systems, Inc. 19a Canning Street, Level 3 Edinburgh, Scotland EH3 8EG United Kingdom

Paul Aitken Brocade Communications Systems,Inc.位于苏格兰爱丁堡坎宁街19a号3层,英国EH3 8EG

   Email: paitken@brocade.com
        
   Email: paitken@brocade.com
        

Aamer Akhter Consultant 118 Timber Hitch Cary, NC United States

Aamer Akhter顾问公司,美国北卡罗来纳州卡里市118号

   Email: aakhter@gmail.com
        
   Email: aakhter@gmail.com