Internet Engineering Task Force (IETF)                          J. Touch
Request for Comments: 7605                                       USC/ISI
BCP: 165                                                     August 2015
Category: Best Current Practice
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                          J. Touch
Request for Comments: 7605                                       USC/ISI
BCP: 165                                                     August 2015
Category: Best Current Practice
ISSN: 2070-1721
        

Recommendations on Using Assigned Transport Port Numbers

关于使用指定运输端口号的建议

Abstract

摘要

This document provides recommendations to designers of application and service protocols on how to use the transport protocol port number space and when to request a port assignment from IANA. It provides designer guidance to requesters or users of port numbers on how to interact with IANA using the processes defined in RFC 6335; thus, this document complements (but does not update) that document. It provides guidelines for designers regarding how to interact with the IANA processes defined in RFC 6335, thus serving to complement (but not update) that document.

本文档就如何使用传输协议端口号空间以及何时向IANA请求端口分配向应用程序和服务协议的设计者提供建议。它为端口号的请求者或用户提供关于如何使用RFC 6335中定义的流程与IANA交互的设计指南;因此,本文件补充(但不更新)该文件。它为设计者提供了关于如何与RFC6335中定义的IANA过程交互的指南,从而补充(但不是更新)该文档。

Status of This Memo

关于下段备忘

This memo documents an Internet Best Current Practice.

本备忘录记录了互联网最佳实践。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关BCP的更多信息,请参见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7605.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc7605.

Copyright Notice

版权公告

Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2015 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1. Introduction ....................................................3
   2. Conventions Used in This Document ...............................3
   3. History .........................................................3
   4. Current Port Number Use .........................................5
   5. What is a Port Number? ..........................................5
   6. Conservation ....................................................7
      6.1. Guiding Principles .........................................7
      6.2. Firewall and NAT Considerations ............................8
   7. Considerations for Requesting Port Number Assignments ...........9
      7.1. Is a port number assignment necessary? .....................9
      7.2. How many assigned port numbers are necessary? .............11
      7.3. Picking an Assigned Port Number ...........................12
      7.4. Support for Security ......................................13
      7.5. Support for Future Versions ...............................14
      7.6. Transport Protocols .......................................14
      7.7. When to Request an Assignment .............................16
      7.8. Squatting .................................................17
      7.9. Other Considerations ......................................18
   8. Security Considerations ........................................18
   9. IANA Considerations ............................................19
   10. References ....................................................19
      10.1. Normative References .....................................19
      10.2. Informative References ...................................20
   Acknowledgments ...................................................24
   Author's Address ..................................................24
        
   1. Introduction ....................................................3
   2. Conventions Used in This Document ...............................3
   3. History .........................................................3
   4. Current Port Number Use .........................................5
   5. What is a Port Number? ..........................................5
   6. Conservation ....................................................7
      6.1. Guiding Principles .........................................7
      6.2. Firewall and NAT Considerations ............................8
   7. Considerations for Requesting Port Number Assignments ...........9
      7.1. Is a port number assignment necessary? .....................9
      7.2. How many assigned port numbers are necessary? .............11
      7.3. Picking an Assigned Port Number ...........................12
      7.4. Support for Security ......................................13
      7.5. Support for Future Versions ...............................14
      7.6. Transport Protocols .......................................14
      7.7. When to Request an Assignment .............................16
      7.8. Squatting .................................................17
      7.9. Other Considerations ......................................18
   8. Security Considerations ........................................18
   9. IANA Considerations ............................................19
   10. References ....................................................19
      10.1. Normative References .....................................19
      10.2. Informative References ...................................20
   Acknowledgments ...................................................24
   Author's Address ..................................................24
        
1. Introduction
1. 介绍

This document provides information and advice to application and service designers on the use of assigned transport port numbers. It provides a detailed historical background of the evolution of transport port numbers and their multiple meanings. It also provides specific recommendations to designers on how to use assigned port

本文档向应用程序和服务设计师提供有关使用指定运输端口号的信息和建议。它提供了运输港口数量演变的详细历史背景及其多重含义。它还就如何使用指定的端口向设计者提供了具体的建议

numbers. Note that this document provides information to potential port number applicants that complements the IANA process described in [RFC6335] (the sole document of BCP 165 before this document), but it does not change any of the port number assignment procedures described therein. Because they are thus so closely related, this document and RFC 6335 are now known together as BCP 165. This document is intended to address concerns typically raised during Expert Review (see [RFC5226]) of assigned port number applications, but it is not intended to bind those reviews. RFC 6335 also describes the interaction between port experts and port requests in IETF consensus documents. Authors of IETF consensus documents should nevertheless follow the advice in this document and can expect comment on their port requests from the port experts during IETF Last Call or at other times when review is explicitly sought.

数字。请注意,本文件向潜在的端口号申请人提供信息,以补充[RFC6335](本文件之前BCP 165的唯一文件)中所述的IANA流程,但不改变其中所述的任何端口号分配程序。由于它们如此密切相关,本文件和RFC 6335现在统称为BCP 165。本文件旨在解决指定端口号应用的专家评审(见[RFC5226])期间通常提出的问题,但不打算约束这些评审。RFC 6335还描述了IETF共识文件中港口专家和港口请求之间的互动。尽管如此,IETF共识文件的作者仍应遵循本文件中的建议,并可在IETF最后一次呼叫期间或明确寻求审查的其他时间,期待港口专家对其港口请求发表评论。

2. Conventions Used in This Document
2. 本文件中使用的公约

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[RFC2119]中所述进行解释。

In this document, these words will appear with that interpretation only when in ALL CAPS. Lowercase uses of these words are not to be interpreted as carrying significance described in RFC 2119.

在本文件中,只有在所有大写字母中,这些单词才会以该解释出现。这些词语的小写用法不得解释为具有RFC 2119中所述的意义。

In this document, the characters ">>" preceding an indented line(s) indicates a statement using the key words listed above. This convention aids reviewers in quickly identifying or finding requirements for registration and recommendations for use of port numbers in this RFC.

在本文档中,缩进行前面的字符“>>”表示使用上述关键字的语句。本公约有助于审查人员快速确定或查找注册要求以及本RFC中使用端口号的建议。

3. History
3. 历史

The term 'port' was first used in [RFC33] to indicate a simplex communication path from an individual process and originally applied to only the Network Control Program (NCP) connection-oriented protocol. At a meeting described in [RFC37], an idea was presented to decouple connections between processes and links that they use as paths and, thus, to include numeric source and destination socket

术语“端口”最初在[RFC33]中用于表示单个进程的单工通信路径,最初仅适用于网络控制程序(NCP)面向连接的协议。在[RFC37]中描述的一次会议上,提出了一个想法,将进程和用作路径的链接之间的连接解耦,从而包括数字源和目标套接字

identifiers in packets. [RFC38] provides further detail, describing how processes might have more than one of these paths and that more than one path may be active at a time. As a result, there was the need to add a process identifier to the header of each message so that incoming messages could be demultiplexed to the appropriate process. [RFC38] further suggests that 32-bit numbers be used for these identifiers. [RFC48] discusses the current notion of listening on a specific port number, but does not discuss the issue of port number determination. [RFC61] notes that the challenge of knowing the appropriate port numbers is "left to the processes" in general, but introduces the concept of a "well-known" port number for common services.

数据包中的标识符。[RFC38]提供了进一步的详细信息,描述了进程如何具有这些路径中的多个,以及一次可能有多个路径处于活动状态。因此,需要在每条消息的头部添加一个进程标识符,以便传入的消息可以被解复用到适当的进程。[RFC38]进一步建议将32位数字用于这些标识符。[RFC48]讨论了监听特定端口号的当前概念,但没有讨论端口号确定问题。[RFC61]注意到了解适当端口号的挑战通常是“留给进程”,但为公共服务引入了“已知”端口号的概念。

[RFC76] proposes a "telephone book" by which an index will allow port numbers to be used by name, but still assumes that both source and destination port numbers are fixed by such a system. [RFC333] proposes that a port number pair, rather than an individual port number, be used on both sides of the connection for demultiplexing messages. This is the final view in [RFC793] (and its predecessors, including [IEN112]), and brings us to their current meaning. [RFC739] introduces the notion of generic reserved port numbers for groups of protocols, such as "any private RJE server" [RFC739]. Although the overall range of such port numbers was (and remains) 16 bits, only the first 256 (high 8 bits cleared) in the range were considered assigned.

[RFC76]提出了一种“电话簿”,通过该电话簿,索引将允许按名称使用端口号,但仍然假设源端口号和目标端口号都由这样的系统固定。[RFC333]建议在连接的两侧使用端口号对而不是单个端口号来解复用消息。这是[RFC793](及其前身,包括[IEN112])中的最终观点,并将我们带到它们当前的含义。[RFC739]引入了协议组的通用保留端口号的概念,如“任何专用RJE服务器”[RFC739]。尽管这样的端口号的总范围是(并且仍然是)16位,但仅认为分配了该范围内的前256位(高8位已清除)。

[RFC758] is the first to describe port numbers as being used for TCP (previous RFCs all refer to only NCP). It includes a list of such well-known port numbers, as well as describes ranges used for different purposes:

[RFC758]是第一个将端口号描述为用于TCP的端口号(以前的RFC都只涉及NCP)。它包括此类已知端口号的列表,并描述了用于不同目的的范围:

      Decimal   Octal     Description
      -----------------------------------------------------------
      0-63      0-77      Network Wide Standard Function
      64-127    100-177   Hosts Specific Functions
      128-223   200-337   Reserved for Future Use
      224-255   340-377   Any Experimental Function
        
      Decimal   Octal     Description
      -----------------------------------------------------------
      0-63      0-77      Network Wide Standard Function
      64-127    100-177   Hosts Specific Functions
      128-223   200-337   Reserved for Future Use
      224-255   340-377   Any Experimental Function
        

In [RFC820], those range meanings disappear, and a single list of number assignments is presented. This is also the first time that port numbers are described as applying to a connectionless transport (e.g., UDP) rather than only connection-oriented transports.

在[RFC820]中,这些范围含义消失,并显示一个数字分配列表。这也是第一次将端口号描述为应用于无连接传输(例如UDP),而不是仅应用于面向连接的传输。

By [RFC900], the ranges appear as decimal numbers rather than the octal ranges used previously. [RFC1340] increases this range from 0-255 to 0-1023 and begins to list TCP and UDP port number assignments individually (although the assumption was that once assigned a port number applies to all transport protocols, including

根据[RFC900],范围显示为十进制数字,而不是以前使用的八进制范围。[RFC1340]将此范围从0-255增加到0-1023,并开始分别列出TCP和UDP端口号分配(尽管假设一旦分配端口号,端口号适用于所有传输协议,包括

TCP, UDP, recently Stream Control Transmission Protocol (SCTP) and Datagram Congestion Control Protocol (DCCP), as well as ISO-TP4 for a brief period in the early 1990s). [RFC1340] also establishes the Registered range of 1024-59151, though it notes that it is not controlled by the IANA (at that point). The list provided by [RFC1700] in 1994 remained the standard until it was declared replaced by an online version, as of [RFC3232] in 2002.

TCP、UDP、最近的流控制传输协议(SCTP)和数据报拥塞控制协议(DCCP),以及20世纪90年代初的ISO-TP4。[RFC1340]还建立了1024-59151的注册范围,但注意到它不受IANA控制(此时)。[RFC1700]在1994年提供的列表一直是标准的,直到2002年[RFC3232]宣布被在线版本取代。

4. Current Port Number Use
4. 当前端口号使用

RFC 6335 indicates three ranges of port number assignments:

RFC 6335表示端口号分配的三个范围:

      Binary         Hex
      -----------------------------------------------------------
      0-1023         0x0000-0x03FF  System (also Well-Known)
      1024-49151     0x0400-0xBFFF  User (also Registered)
      49152-65535    0xC000-0xFFFF  Dynamic (also Private)
        
      Binary         Hex
      -----------------------------------------------------------
      0-1023         0x0000-0x03FF  System (also Well-Known)
      1024-49151     0x0400-0xBFFF  User (also Registered)
      49152-65535    0xC000-0xFFFF  Dynamic (also Private)
        

System (also Well-Known) encompasses the range 0-1023. On some systems, use of these port numbers requires privileged access, e.g., that the process run as 'root' (i.e., as a privileged user), which is why these are referred to as System port numbers. The port numbers from 1024-49151 denotes non-privileged services, known as User (also Registered), because these port numbers do not run with special privileges. Dynamic (also Private) port numbers are not assigned.

系统(也众所周知)包括范围0-1023。在某些系统上,使用这些端口号需要特权访问,例如,进程以“root”(即特权用户)身份运行,这就是为什么这些端口号被称为系统端口号。1024-49151中的端口号表示非特权服务,称为用户(也已注册),因为这些端口号不以特权运行。未分配动态(也是专用)端口号。

Both System and User port numbers are assigned through IANA, so both are sometimes called 'registered port numbers'. As a result, the term 'registered' is ambiguous, referring either to the entire range 0-49151 or to the User port numbers. Complicating matters further, System port numbers do not always require special (i.e., 'root') privilege. For clarity, the remainder of this document refers to the port number ranges as System, User, and Dynamic, to be consistent with IANA process [RFC6335].

系统和用户端口号都是通过IANA分配的,因此有时两者都被称为“注册端口号”。因此,术语“已注册”不明确,指的是整个范围0-49151或用户端口号。使问题进一步复杂化的是,系统端口号并不总是需要特殊(即“根”)权限。为清楚起见,本文档的其余部分将端口号范围称为系统、用户和动态,以与IANA流程[RFC6335]一致。

5. What is a Port Number?
5. 什么是端口号?

A port number is a 16-bit number used for two distinct purposes:

端口号是用于两个不同目的的16位数字:

o Demultiplexing transport endpoint associations within an end host

o 在终端主机内解复用传输端点关联

o Identifying a service

o 识别服务

The first purpose requires that each transport endpoint association (e.g., TCP connection or UDP pairwise association) using a given transport between a given pair of IP addresses use a different pair of port numbers, but it does not require either coordination or

第一个目的要求在给定的IP地址对之间使用给定传输的每个传输端点关联(例如TCP连接或UDP成对关联)使用不同的端口号对,但它不需要协调或同步

registration of port number use. It is the second purpose that drives the need for a common registry.

注册端口号使用。第二个目的是推动对公共注册表的需求。

Consider a user wanting to run a web server. That service could run on any port number, provided that all clients knew what port number to use to access that service at that host. Such information can be explicitly distributed -- for example, by putting it in the URI:

考虑用户想要运行Web服务器。该服务可以在任何端口号上运行,前提是所有客户端都知道在该主机上访问该服务所使用的端口号。可以显式分发此类信息——例如,将其放入URI中:

      http://www.example.com:51509/
        
      http://www.example.com:51509/
        

Ultimately, the correlation of a service with a port number is an agreement between just the two endpoints of the association. A web server can run on port number 53, which might appear as DNS traffic to others but will connect to browsers that know to use port number 53 rather than 80.

最终,服务与端口号的关联只是关联的两个端点之间的协议。web服务器可以在端口号53上运行,其他人可能会将其视为DNS流量,但会连接到知道使用端口号53而不是80的浏览器。

As a concept, a service is the combination of ISO Layers 5-7 that represents an application-protocol capability. For example, www (port number 80) is a service that uses HTTP as an application protocol and provides access to a web server [RFC7230]. However, it is possible to use HTTP for other purposes, such as command and control. This is why some current services (HTTP, e.g.) are a bit overloaded -- they describe not only the application protocol, but a particular service.

作为一个概念,服务是代表应用程序协议能力的ISO第5-7层的组合。例如,www(端口号80)是一种使用HTTP作为应用程序协议并提供对web服务器访问的服务[RFC7230]。但是,可以将HTTP用于其他目的,例如命令和控制。这就是当前某些服务(例如HTTP)有点过载的原因——它们不仅描述了应用程序协议,还描述了特定的服务。

IANA assigns port numbers so that Internet endpoints do not need pairwise, explicit coordination of the meaning of their port numbers. This is the primary reason for requesting port number assignment by IANA -- to have a common agreement between all endpoints on the Internet as to the default meaning of a port number, which provides the endpoints with a default port number for a particular protocol or service.

IANA分配端口号,这样Internet端点就不需要成对、明确地协调端口号的含义。这是IANA请求端口号分配的主要原因——在Internet上的所有端点之间就端口号的默认含义达成一致,从而为端点提供特定协议或服务的默认端口号。

Port numbers are sometimes used by intermediate devices on a network path, either to monitor available services, to monitor traffic (e.g., to indicate the data contents), or to intercept traffic (to block, proxy, relay, aggregate, or otherwise process it). In each case, the intermediate device interprets traffic based on the port number. It is important to recognize that any interpretation of port numbers -- except at the endpoints -- may be incorrect, because port numbers are meaningful only at the endpoints. Further, port numbers may not be visible to these intermediate devices, such as when the transport protocol is encrypted (as in network- or link-layer tunnels) or when a packet is fragmented (in which case only the first fragment has the port number information). Such port number invisibility may interfere with these capabilities, which are implemented inside the network and based on a port number.

网络路径上的中间设备有时使用端口号来监视可用服务、监视流量(例如,指示数据内容)或拦截流量(阻止、代理、中继、聚合或以其他方式处理流量)。在每种情况下,中间设备基于端口号解释通信量。必须认识到,端口号的任何解释(端点处除外)都可能不正确,因为端口号仅在端点处有意义。此外,端口号对于这些中间设备可能不可见,例如当传输协议被加密时(如在网络或链路层隧道中)或者当分组被分段时(在这种情况下,只有第一片段具有端口号信息)。这种端口号不可见性可能会干扰这些功能,这些功能是在网络内部基于端口号实现的。

Port numbers can also be used for other purposes. Assigned port numbers can simplify end-system configuration, so that individual installations do not need to coordinate their use of arbitrary port numbers. Such assignments may also have the effect of simplifying firewall management, so that a single, fixed firewall configuration can either permit or deny a service that uses the assigned ports.

端口号也可用于其他目的。分配的端口号可以简化终端系统配置,因此单个安装不需要协调其对任意端口号的使用。这样的分配还可能具有简化防火墙管理的效果,因此单个固定防火墙配置可以允许或拒绝使用分配端口的服务。

It is useful to differentiate a port number from a service name. The former is a numeric value that is used directly in transport protocol headers as a demultiplexing and service identifier. The latter is primarily a user convenience, where the default map between the two is considered static and resolved using a cached index. This document focuses on the former because it is the fundamental network resource. Dynamic maps between the two, i.e., using DNS SRV records, are discussed further in Section 7.1.

区分端口号和服务名称很有用。前者是一个数值,直接在传输协议头中用作解复用和服务标识符。后者主要是为了方便用户,两者之间的默认映射被认为是静态的,并使用缓存索引进行解析。本文档重点介绍前者,因为它是基本的网络资源。第7.1节将进一步讨论两者之间的动态映射,即使用DNS SRV记录。

6. Conservation
6. 保护

Assigned port numbers are a limited resource that is globally shared by the entire Internet community. As of 2014, approximately 5850 TCP and 5570 UDP port numbers had been assigned out of a total range of 49151. As a result of past conservation, current assigned port use is small and the current rate of assignment avoids the need for transition to larger number spaces. This conservation also helps avoid the need for IANA to rely on assigned port number reclamation, which is practically impossible even though procedurally permitted [RFC6335].

分配的端口号是整个Internet社区在全球范围内共享的有限资源。截至2014年,在49151个总范围内,已分配了约5850个TCP和5570个UDP端口号。由于过去的保护,当前分配的端口使用量很小,并且当前的分配速率避免了转换到更大数量空间的需要。这种保护也有助于避免IANA依赖指定的端口号回收,这实际上是不可能的,即使程序允许[RFC6335]。

IANA aims to assign only one port number per service, including variants [RFC6335], but there are other benefits to using fewer port numbers for a given service. Use of multiple assigned port numbers can make applications more fragile, especially when firewalls block a subset of those port numbers or use ports numbers to route or prioritize traffic differently. As a result:

IANA旨在为每个服务(包括变体[RFC6335])只分配一个端口号,但为给定服务使用较少的端口号还有其他好处。使用多个分配的端口号会使应用程序更加脆弱,尤其是当防火墙阻止这些端口号的子集或使用端口号以不同方式路由或优先排序流量时。因此:

>> Each assigned port requested MUST be justified by the applicant as an independently useful service.

>>申请人必须证明申请的每个指定端口是独立有用的服务。

6.1. Guiding Principles
6.1. 指导原则

This document provides recommendations for users that also help conserve assigned port number space. Again, this document does not update [RFC6335] (originally the sole document of BCP 165), which describes the IANA procedures for managing assigned transport port numbers and services, but rather augments it by now becoming part of BCP 165 (i.e., BCP 165 now refers to both documents together). Assigned port number conservation is based on a number of basic principles:

本文档为用户提供了一些建议,这些建议也有助于节省分配的端口号空间。同样,本文件并未更新[RFC6335](最初是BCP 165的唯一文件),该文件描述了IANA管理指定运输港口编号和服务的程序,而是通过现在成为BCP 165的一部分对其进行了扩充(即,BCP 165现在同时指代这两个文件)。分配的端口号保护基于一系列基本原则:

o A single assigned port number can support different functions over separate endpoint associations, determined using in-band information. An FTP data connection can transfer binary or text files, the latter translating line-terminators, as indicated in-band over the control port number [RFC959].

o 单个分配的端口号可以通过使用带内信息确定的独立端点关联支持不同的功能。FTP数据连接可以传输二进制或文本文件,后者转换行终止符,如控制端口号[RFC959]上的频带所示。

o A single assigned port number can indicate the Dynamic port number(s) on which different capabilities are supported, as with passive-mode FTP [RFC959].

o 单个分配的端口号可以指示支持不同功能的动态端口号,如被动模式FTP[RFC959]。

o Several existing services can indicate the Dynamic port number(s) on which other services are supported, such as with Multicast DNS (mDNS) and portmapper [RFC1833] [RFC6762] [RFC6763].

o 几个现有服务可以指示支持其他服务的动态端口号,例如多播DNS(MDN)和端口映射器[RFC1833][RFC6762][RFC6763]。

o Copies of some existing services can be differentiated using in-band information (e.g., URIs in the HTTP Host field and TLS Server Name Indication extension) [RFC7230] [RFC6066].

o 可以使用带内信息(例如,HTTP主机字段中的URI和TLS服务器名称指示扩展)区分某些现有服务的副本[RFC7230][RFC6066]。

o Services requiring varying performance properties can already be supported using separate endpoint associations (connections or other associations), each configured to support the desired properties. For example, a high-speed and low-speed variant can be determined within the service using the same assigned port.

o 已经可以使用单独的端点关联(连接或其他关联)支持需要不同性能属性的服务,每个端点关联都配置为支持所需的属性。例如,可以使用相同的分配端口在服务中确定高速和低速变体。

Assigned port numbers are intended to differentiate services, not variations of performance, replicas, pairwise endpoint associations, or payload types. Assigned port numbers are also a small space compared to other Internet number spaces; it is never appropriate to consume assigned port numbers to conserve larger spaces such as IP addresses, especially where copies of a service represent different endpoints.

分配的端口号旨在区分服务,而不是性能、副本、成对端点关联或负载类型的变化。与其他互联网号码空间相比,分配的端口号空间也很小;使用分配的端口号来节省更大的空间(如IP地址)是不合适的,特别是在服务副本代表不同端点的情况下。

6.2. Firewall and NAT Considerations
6.2. 防火墙和NAT注意事项

Ultimately, port numbers indicate services only to the endpoints, and any intermediate device that assigns meaning to a value can be incorrect. End systems might agree to run web services (HTTP) over port number 53 (typically used for DNS) rather than port number 80, at which point a firewall that blocks port number 80 but permits port number 53 would not have the desired effect. Nonetheless, assigned port numbers are often used to help configure firewalls and other port-based systems for access control.

最终,端口号表示只向端点提供服务,任何将意义赋予值的中间设备都可能不正确。终端系统可能同意在端口号53(通常用于DNS)而不是端口号80上运行web服务(HTTP),此时阻止端口号80但允许端口号53的防火墙将不会产生预期效果。尽管如此,分配的端口号通常用于帮助配置防火墙和其他基于端口的访问控制系统。

Using Dynamic port numbers, or explicitly indicated port numbers indicated in-band over another service (such as with FTP) often complicates firewall and NAT interactions [RFC959]. FTP over firewalls often requires direct support for deep-packet inspection (to snoop for the Dynamic port number for the NAT to correctly map)

使用动态端口号,或通过另一个服务(如FTP)在频带中明确指示的端口号,通常会使防火墙和NAT交互复杂化[RFC959]。防火墙上的FTP通常需要直接支持深度数据包检查(以窥探NAT正确映射的动态端口号)

or passive-mode FTP (in which both connections are opened from the client side).

或被动模式FTP(两个连接都从客户端打开)。

7. Considerations for Requesting Port Number Assignments
7. 请求端口号分配的注意事项

Port numbers are assigned by IANA by a set of documented procedures [RFC6335]. The following section describes the steps users can take to help assist with responsible use of assigned port numbers and with preparing an application for a port number assignment.

IANA通过一套文件化程序分配端口号[RFC6335]。以下部分介绍了用户可以采取的步骤,以帮助负责任地使用分配的端口号,并为端口号分配准备应用程序。

7.1. Is a port number assignment necessary?
7.1. 是否需要指定端口号?

First, it is useful to consider whether a port number assignment is required. In many cases, a new number assignment may not be needed. The following questions may aid in making this determination:

首先,考虑是否需要端口号分配是有用的。在许多情况下,可能不需要新的号码分配。以下问题可能有助于做出这一决定:

o Is this really a new service or could an existing service suffice?

o 这真的是一项新服务,还是现有的服务就足够了?

o Is this an experimental service [RFC3692]? If so, consider using the current experimental ports [RFC2780].

o 这是一项实验服务[RFC3692]?如果是这样,考虑使用当前的实验端口[RCF2680]。

o Is this service independently useful? Some systems are composed from collections of different service capabilities, but not all component functions are useful as independent services. Port numbers are typically shared among the smallest independently useful set of functions. Different service uses or properties can be supported in separate pairwise endpoint associations after an initial negotiation, e.g., to support software decomposition.

o 这项服务单独有用吗?有些系统由不同服务功能的集合组成,但并非所有组件功能都可以作为独立服务使用。端口号通常在最小的独立有用的函数集之间共享。初始协商后,可以在单独的成对端点关联中支持不同的服务使用或属性,例如,支持软件分解。

o Can this service use a Dynamic port number that is coordinated out-of-band? For example:

o 此服务能否使用带外协调的动态端口号?例如:

o By explicit configuration of both endpoints.

o 通过显式配置两个端点。

o By internal mechanisms within the same host (e.g., a configuration file, indicated within a URI or using interprocess communication).

o 通过同一主机内的内部机制(例如,配置文件,在URI内指示或使用进程间通信)。

o Using information exchanged on a related service: FTP [RFC959], SIP [RFC3261], etc.

o 使用在相关服务上交换的信息:FTP[RFC959]、SIP[RFC3261]等。

o Using an existing port discovery service: portmapper [RFC1833], mDNS [RFC6762] [RFC6763], etc.

o 使用现有端口发现服务:portmapper[RFC1833]、mDNS[RFC6762][RFC6763]等。

There are a few good examples of reasons that more directly suggest that not only is a port number assignment not necessary, but it is directly counter-indicated:

有几个很好的例子可以更直接地说明,不仅不需要分配端口号,而且还可以直接反向指示:

o Assigned port numbers are not intended to differentiate performance variations within the same service, e.g., high-speed versus ordinary speed. Performance variations can be supported within a single assigned port number in context of separate pairwise endpoint associations.

o 分配的端口号不用于区分同一服务中的性能变化,例如高速与普通速度。在单独成对端点关联的上下文中,可以在单个分配的端口号内支持性能变化。

o Additional assigned port numbers are not intended to replicate an existing service. For example, if a device is configured to use a typical web browser, then the port number used for that service is a copy of the http service that is already assigned to port number 80 and does not warrant a new assignment. However, an automated system that happens to use HTTP framing -- but is not primarily accessed by a browser -- might be a new service. A good way to tell is to ask, "Can an unmodified client of the existing service interact with the proposed service?". If so, that service would be a copy of an existing service and would not merit a new assignment.

o 额外分配的端口号不用于复制现有服务。例如,如果将设备配置为使用典型的web浏览器,则用于该服务的端口号是已分配给端口号80的http服务的副本,并且不保证新的分配。然而,一个碰巧使用HTTP帧的自动化系统——但主要不是由浏览器访问的——可能是一种新的服务。一个很好的判断方法是问:“现有服务的未修改客户端是否可以与建议的服务交互?”。如果是这样,该服务将是现有服务的副本,不值得重新分配。

o Assigned port numbers not intended for intra-machine communication. Such communication can already be supported by internal mechanisms (interprocess communication, shared memory, shared files, etc.). When Internet communication within a host is desired, the server can bind to a Dynamic port that is indicated to the client using these internal mechanisms.

o 分配的端口号不用于机器内通信。这种通信已经可以由内部机制(进程间通信、共享内存、共享文件等)支持。当需要主机内的Internet通信时,服务器可以绑定到使用这些内部机制向客户端指示的动态端口。

o Separate assigned port numbers are not intended for insecure versions of existing (or new) secure services. A service that already requires security would be made more vulnerable by having the same capability accessible without security.

o 单独分配的端口号不适用于现有(或新)安全服务的不安全版本。一个已经需要安全性的服务,如果在没有安全性的情况下可以访问相同的功能,那么它将变得更加脆弱。

Note that the converse is different, i.e., it can be useful to create a new, secure service that replicates an existing insecure service on a new port number assignment. This can be necessary when the existing service is not backward-compatible with security enhancements, such as the use of TLS [RFC5246] or DTLS [RFC6347].

请注意,反过来是不同的,也就是说,创建一个新的安全服务,在新的端口号分配上复制一个现有的不安全服务,可能会很有用。当现有服务与安全增强不向后兼容时,如使用TLS[RFC5246]或DTLS[RFC6347],这是必要的。

o Assigned port numbers are not intended for indicating different service versions. Version differentiation should be handled in-band, e.g., using a version number at the beginning of an association (e.g., connection or other transaction). This may not be possible with legacy assignments, but all new services should incorporate support for version indication.

o 分配的端口号不用于指示不同的服务版本。版本差异应在频带内处理,例如,在关联开始时使用版本号(例如,连接或其他事务)。这可能不适用于遗留分配,但所有新服务都应包含对版本指示的支持。

Some services may not need assigned port numbers at all, e.g., SIP allows voice calls to use Dynamic ports [RFC3261]. Some systems can register services in the DNS, using SRV entries. These services can be discovered by a variety of means, including mDNS, or via direct query [RFC6762] [RFC6763]. In such cases, users can more easily request an SRV name, which are assigned first-come, first-served from a much larger namespace.

一些服务可能根本不需要分配端口号,例如,SIP允许语音呼叫使用动态端口[RFC3261]。一些系统可以使用SRV条目在DNS中注册服务。这些服务可以通过多种方式发现,包括MDN,或通过直接查询[RFC6762][RFC6763]。在这种情况下,用户可以更容易地请求SRV名称,该名称是从更大的名称空间分配的,先到先得。

IANA assigns port numbers, but this assignment is typically used only for servers, i.e., the host that listens for incoming connections or other associations. Clients, i.e., hosts that initiate connections or other associations, typically refer to those assigned port numbers but do not need port number assignments for their endpoint.

IANA分配端口号,但此分配通常仅用于服务器,即侦听传入连接或其他关联的主机。客户端,即启动连接或其他关联的主机,通常指的是那些分配的端口号,但不需要为其端点分配端口号。

Finally, an assigned port number is not a guarantee of exclusive use. Traffic for any service might appear on any port number, due to misconfiguration or deliberate misuse. Application and service designers are encouraged to validate traffic based on its content.

最后,指定的端口号不能保证独占使用。由于配置错误或故意误用,任何服务的流量都可能出现在任何端口号上。鼓励应用程序和服务设计者根据流量的内容验证流量。

7.2. How many assigned port numbers are necessary?
7.2. 需要分配多少个端口号?

As noted earlier, systems might require a single port number assignment, but rarely require multiple port numbers. There are a variety of known ways to reduce assigned port number consumption. Although some may be cumbersome or inefficient, they are nearly always preferable to consuming additional port number assignments.

如前所述,系统可能需要单个端口号分配,但很少需要多个端口号。有多种已知方法可以减少分配的端口号消耗。尽管有些可能很麻烦或效率低下,但它们几乎总是比使用额外的端口号分配更可取。

Such techniques include:

这些技术包括:

o Use of a discovery service, either a shared service (mDNS) or a discovery service for a given system [RFC6762] [RFC6763].

o 对给定系统使用发现服务(共享服务(mDNS)或发现服务[RFC6762][RFC6763]。

o Multiplex packet types using in-band information, either on a per-message or per-connection basis. Such demultiplexing can even hand off different messages and connections among different processes, such as is done with FTP [RFC959].

o 使用带内信息在每条消息或每条连接的基础上多路传输数据包类型。这种解复用甚至可以在不同进程之间传递不同的消息和连接,如FTP[RFC959]所做的。

There are some cases where NAT and firewall traversal are significantly improved by having an assigned port number. Although NAT traversal protocols supporting automatic configuration have been proposed and developed (e.g., Session Traversal Utilities for NAT (STUN) [RFC5389], Traversal Using Relays around NAT (TURN) [RFC5766], and Interactive Connectivity Establishment (ICE) [RFC5245]), not all application and service designers can rely on their presence as of yet.

在某些情况下,通过分配端口号,NAT和防火墙穿越得到了显著改进。尽管已经提出并开发了支持自动配置的NAT遍历协议(例如,NAT(STUN)[RFC5389]的会话遍历实用程序,使用NAT(TURN)周围的中继进行遍历[RFC5766],以及交互式连接建立(ICE)[RFC5245]),到目前为止,并不是所有的应用程序和服务设计师都可以依赖他们的存在。

In the past, some services were assigned multiple port numbers or sometimes fairly large port ranges (e.g., X11). This occurred for a variety of reasons: port number conservation was not as widely appreciated, assignments were not as ardently reviewed, etc. This no longer reflects current practice and such assignments are not considered to constitute a precedent for future assignments.

过去,一些服务被分配了多个端口号,有时甚至相当大的端口范围(例如X11)。出现这种情况的原因多种多样:港口号保护没有得到广泛的重视,作业没有得到热烈的审查,等等。这不再反映当前的做法,此类作业不被视为构成未来作业的先例。

7.3. Picking an Assigned Port Number
7.3. 选择指定的端口号

Given a demonstrated need for a port number assignment, the next question is how to pick the desired port number. An application for a port number assignment does not need to include a desired port number; in that case, IANA will select from those currently available.

考虑到需要指定端口号,下一个问题是如何选择所需的端口号。端口号分配的应用不需要包括所需的端口号;在这种情况下,IANA将从当前可用的选项中进行选择。

Users should consider whether the requested port number is important. For example, would an assignment be acceptable if IANA picked the port number value? Would a TCP (or other transport protocol) port number assignment be useful by itself? If so, a port number can be assigned to a service for one transport protocol where it is already (or can be subsequently) assigned to a different service for other transport protocols.

用户应该考虑请求的端口号是否重要。例如,如果IANA选择端口号值,分配是否可以接受?TCP(或其他传输协议)端口号分配本身是否有用?如果是这样,可以将端口号分配给一个传输协议的服务,而该端口号已经(或可以随后)分配给其他传输协议的不同服务。

The most critical issue in picking a number is selecting the desired range, i.e., System versus User port numbers. The distinction was intended to indicate a difference in privilege; originally, System port numbers required privileged ('root') access, while User port numbers did not. That distinction has since blurred because some current systems do not limit access control to System port numbers and because some System services have been replicated on User numbers (e.g., IRC). Even so, System port number assignments have continued at an average rate of 3-4 per year over the past 7 years (2007-2013), indicating that the desire to keep this distinction continues.

选择数字时最关键的问题是选择所需的范围,即系统端口号与用户端口号。这种区别是为了表明特权的不同;最初,系统端口号需要特权(“根”)访问,而用户端口号则不需要。这种区别后来变得模糊了,因为当前的一些系统没有将访问控制限制在系统端口号上,而且一些系统服务已经在用户号上复制(例如,IRC)。即便如此,在过去7年(2007-2013年)中,系统端口号分配仍以平均每年3-4个的速度持续,这表明保持这种区别的愿望仍在继续。

As a result, the difference between System and User port numbers needs to be treated with caution. Developers are advised to treat services as if they are always run without privilege.

因此,需要谨慎处理系统端口号和用户端口号之间的差异。建议开发人员将服务视为总是在没有特权的情况下运行。

Even when developers seek a System port number assignment, it may be very difficult to obtain. System port number assignment requires IETF Review or IESG Approval and justification that both User and Dynamic port number ranges are insufficient [RFC6335]. Thus, this document recommends both:

即使开发人员寻求系统端口号分配,也可能很难获得。系统端口号分配需要IETF审查或IESG批准,并证明用户和动态端口号范围不足[RFC6335]。因此,本文件建议:

>> Developers SHOULD NOT apply for System port number assignments because the increased privilege they are intended to provide is not always enforced.

>>开发人员不应申请系统端口号分配,因为他们打算提供的增加的特权并不总是强制执行的。

>> System implementers SHOULD enforce the need for privilege for processes to listen on System port numbers.

>>系统实现者应该强制要求进程拥有监听系统端口号的特权。

At some future date, it might be useful to deprecate the distinction between System and User port numbers altogether. Services typically require elevated ('root') privileges to bind to a System port number, but many such services go to great lengths to immediately drop those privileges just after connection or other association establishment to reduce the impact of an attack using their capabilities. Such services might be more securely operated on User port numbers than on System port numbers. Further, if System port numbers were no longer assigned, as of 2014 it would cost only 180 of the 1024 System values (17%), or 180 of the overall 49152 assigned (System and User) values (<0.04%).

在将来的某个时候,完全否定系统端口号和用户端口号之间的区别可能是有用的。服务通常需要提升的(“根”)权限才能绑定到系统端口号,但许多这样的服务在连接或其他关联建立之后会不遗余力地立即放弃这些权限,以使用其功能减少攻击的影响。这样的服务在用户端口号上的操作可能比在系统端口号上的操作更安全。此外,如果不再分配系统端口号,截至2014年,其成本仅为1024个系统值中的180个(17%),或49152个分配(系统和用户)值中的180个(<0.04%)。

7.4. Support for Security
7.4. 支持安全

Just as a service is a way to obtain information or processing from a host over a network, a service can also be the opening through which to compromise that host. Protecting a service involves security, which includes integrity protection, source authentication, privacy, or any combination of these capabilities. Security can be provided in a number of ways, and thus:

正如服务是通过网络从主机获取信息或进行处理的一种方式一样,服务也可以是危害该主机的开口。保护服务涉及安全性,包括完整性保护、源身份验证、隐私或这些功能的任意组合。可以通过多种方式提供安全性,因此:

>> New services SHOULD support security capabilities, either directly or via a content protection such as TLS [RFC5246] or Datagram TLS (DTLS) [RFC6347], or transport protection such as the TCP-AO [RFC5925]. Insecure versions of new or existing secure services SHOULD be avoided because of the new vulnerability they create.

>>新服务应直接或通过内容保护(如TLS[RFC5246]或数据报TLS(DTLS)[RFC6347]或传输保护(如TCP-AO[RFC5925])支持安全功能。应避免新的或现有安全服务的不安全版本,因为它们会造成新的漏洞。

Secure versions of legacy services that are not already security-capable via in-band negotiations can be very useful. However, there is no IETF consensus on when separate ports should be used for secure and insecure variants of the same service [RFC2595] [RFC2817] [RFC6335]. The overall preference is for use of a single port, as noted in Section 6 of this document and Section 7.2 of [RFC6335], but the appropriate approach depends on the specific characteristics of the service. As a result:

通过带内协商尚未具备安全功能的遗留服务的安全版本可能非常有用。然而,IETF对于何时应将不同端口用于同一服务的安全和不安全变体[RFC2595][RFC2817][RFC6335]没有达成共识。如本文件第6节和[RFC6335]第7.2节所述,总体首选使用单个端口,但适当的方法取决于服务的特定特性。因此:

>> When requesting both secure and insecure port assignments for the same service, justification is expected for the utility and safety of each port as an independent service (Section 6). Precedent (e.g., citing other protocols that use a separate insecure port) is inadequate justification by itself.

>>当为同一服务请求安全和不安全的端口分配时,应考虑每个端口作为独立服务的实用性和安全性(第6节)。先例(例如,引用使用单独的不安全端口的其他协议)本身是不充分的理由。

It's also important to recognize that port number assignment is not itself a guarantee that traffic using that number provides the corresponding service or that a given service is always offered only on its assigned port number. Port numbers are ultimately meaningful only between endpoints and any service can be run on any port. Thus:

同样重要的是要认识到,端口号分配本身并不能保证使用该号码的通信量提供相应的服务,也不能保证给定的服务总是只在其分配的端口号上提供。端口号最终只有在端点之间才有意义,并且任何服务都可以在任何端口上运行。因此:

>> Security SHOULD NOT rely on assigned port number distinctions alone; every service, whether secure or not, is likely to be attacked.

>>安全性不应仅依赖指定的端口号区分;每个服务,无论是否安全,都有可能受到攻击。

Applications for a new service that requires both a secure and insecure port may be found, on Expert Review, to be unacceptable, and may not be approved for allocation. Similarly, an application for a new port to support an insecure variant of an existing secure protocol may be found unacceptable. In both cases, the resulting security of the service in practice will be a significant consideration in the decision as to whether to assign an insecure port.

专家审查后,可能会发现需要安全和不安全端口的新服务申请不可接受,也可能不会批准分配。类似地,用于支持现有安全协议的不安全变体的新端口的应用程序可能被认为是不可接受的。在这两种情况下,在决定是否分配不安全的端口时,实际服务的安全性将是一个重要的考虑因素。

7.5. Support for Future Versions
7.5. 对未来版本的支持

Requests for assigned port numbers are expected to support multiple versions on the same assigned port number [RFC6335]. Versions are typically indicated in-band, either at the beginning of a connection or other association or in each protocol message.

对指定端口号的请求应支持同一指定端口号上的多个版本[RFC6335]。版本通常在连接或其他关联的开始处或在每个协议消息中以频带表示。

>> Version support SHOULD be included in new services rather than relying on different port number assignments for different versions.

>>新服务中应包括版本支持,而不是依赖于不同版本的不同端口号分配。

>> Version numbers SHOULD NOT be included in either the service name or service description, to avoid the need to make additional port number assignments for future variants of a service.

>>版本号不应包含在服务名称或服务描述中,以避免需要为服务的未来变体分配额外的端口号。

Again, the assigned port number space is far too limited to be used as an indicator of protocol version or message type. Although this has happened in the past (e.g., for NFS), it should be avoided in new requests.

同样,分配的端口号空间过于有限,无法用作协议版本或消息类型的指示器。尽管这在过去发生过(例如,对于NFS),但在新请求中应该避免。

7.6. Transport Protocols
7.6. 传输协议

IANA assigns port numbers specific to one or more transport protocols, typically UDP [RFC768] and TCP [RFC793], but also SCTP [RFC4960], DCCP [RFC4340], and any other standard transport protocol. Originally, IANA port number assignments were concurrent for both UDP and TCP, and other transports were not indicated. However, to conserve the assigned port number space and to reflect increasing use of other transports, assignments are now specific only to the transport being used.

IANA分配特定于一个或多个传输协议的端口号,通常为UDP[RFC768]和TCP[RFC793],但也分配SCTP[RFC4960]、DCCP[RFC4340]和任何其他标准传输协议。最初,UDP和TCP的IANA端口号分配是同时进行的,并且没有指示其他传输。但是,为了节省分配的端口号空间,并反映其他传输的使用日益增加,分配现在只针对正在使用的传输。

In general, a service should request assignments for multiple transports using the same service name and description on the same port number only when they all reflect essentially the same service. Good examples of such use are DNS and NFS, where the difference between the UDP and TCP services are specific to supporting each transport. For example, the UDP variant of a service might add sequence numbers and the TCP variant of the same service might add in-band message delimiters. This document does not describe the appropriate selection of a transport protocol for a service.

一般来说,只有当多个传输在同一端口号上使用相同的服务名称和描述时,服务才应该请求分配多个传输,这些传输基本上反映了相同的服务。DNS和NFS就是此类使用的好例子,其中UDP和TCP服务之间的差异具体取决于支持每种传输。例如,服务的UDP变体可能会添加序列号,同一服务的TCP变体可能会添加带内消息分隔符。本文档不描述服务传输协议的适当选择。

>> Service names and descriptions for multiple transport port number assignments SHOULD match only when they describe the same service, excepting only enhancements for each supported transport.

>>多个传输端口号分配的服务名称和描述应仅在描述同一服务时匹配,每个受支持传输的增强功能除外。

When the services differ, it may be acceptable or preferable to use the same port number, but the service names and descriptions should be different for each transport/service pair, reflecting the differences in the services. For example, if TCP is used for the basic control protocol and UDP for an alarm protocol, then the services might be "name-ctl" and "name-alarm". A common example is when TCP is used for a service and UDP is used to determine whether that service is active (e.g., via a unicast, broadcast, or multicast test message) [RFC1122]. IANA has, for several years, used the suffix "-disc" in service names to distinguish discovery services, such as are used to identify endpoints capable of a given service.

当服务不同时,可以接受或最好使用相同的端口号,但每个传输/服务对的服务名称和描述应不同,以反映服务的差异。例如,如果TCP用于基本控制协议,UDP用于报警协议,则服务可能是“名称ctl”和“名称报警”。一个常见的例子是,TCP用于服务,UDP用于确定该服务是否处于活动状态(例如,通过单播、广播或多播测试消息)[RFC1122]。几年来,IANA在服务名称中使用后缀“-disc”来区分发现服务,例如用于识别能够提供给定服务的端点的服务。

>> Names of discovery services SHOULD use an identifiable suffix; the suggestion is "-disc".

>>发现服务的名称应使用可识别的后缀;建议是“光盘”。

Some services are used for discovery, either in conjunction with a TCP service or as a stand-alone capability. Such services will be more reliable when using multicast rather than broadcast (over IPv4) because IP routers do not forward "all nodes" broadcasts (all 1's, i.e., 255.255.255.255 for IPv4) and have not been required to support subnet-directed broadcasts since 1999 [RFC1812] [RFC2644].

有些服务用于发现,或者与TCP服务结合使用,或者作为独立功能使用。使用多播而不是广播(通过IPv4)时,此类服务将更加可靠,因为IP路由器不转发“所有节点”广播(所有1,即IPv4为255.255.255.255),并且自1999年以来不需要支持子网定向广播[RFC1812][RFC2644]。

This issue is relevant only for IPv4 because IPv6 does not support broadcast.

此问题仅与IPv4相关,因为IPv6不支持广播。

>> UDP over IPv4 multi-host services SHOULD use multicast rather than broadcast.

>>IPv4上的UDP多主机服务应使用多播而不是广播。

Designers should be very careful in creating services over transports that do not support congestion control or error recovery, notably UDP. There are several issues that should be considered in such cases, as summarized in Table 1 in [RFC5405]. In addition, the following recommendations apply to service design:

设计人员在通过不支持拥塞控制或错误恢复(尤其是UDP)的传输创建服务时应该非常小心。如[RFC5405]中表1所示,在这种情况下,应考虑几个问题。此外,以下建议适用于服务设计:

>> Services that use multipoint communication SHOULD be scalable and SHOULD NOT rely solely on the efficiency of multicast transmission for scalability.

>>使用多点通信的服务应该是可伸缩的,不应该仅仅依靠多播传输的效率来实现可伸缩性。

>> Services SHOULD NOT use UDP as a performance enhancement over TCP, e.g., to circumnavigate TCP's congestion control.

>>服务不应使用UDP作为TCP的性能增强,例如绕过TCP的拥塞控制。

7.7. When to Request an Assignment
7.7. 何时申请分配

Assignments are typically requested when a user has enough information to reasonably answer the questions in the IANA application. IANA applications typically take up to a few weeks to process, with some complex cases taking up to a month. The process typically involves a few exchanges between the IANA Ports Expert Review team and the applicant.

当用户有足够的信息合理回答IANA应用程序中的问题时,通常会请求分配。IANA应用程序通常需要几周的时间来处理,一些复杂的案例需要一个月的时间。该过程通常涉及IANA港口专家评审小组和申请人之间的一些交流。

An application needs to include a description of the service, as well as to address key questions designed to help IANA determine whether the assignment is justified. The application should be complete and not refer solely to an Internet-Draft, RFC, website, or any other external documentation.

应用程序需要包括服务描述,以及解决旨在帮助IANA确定分配是否合理的关键问题。申请应完整,不得仅参考互联网草稿、RFC、网站或任何其他外部文档。

Services that are independently developed can be requested at any time, but are typically best requested in the last stages of design and initial experimentation, before any deployment has occurred that cannot easily be updated.

可以随时请求独立开发的服务,但通常在设计和初始试验的最后阶段请求最好,在无法轻松更新的任何部署发生之前。

>> Users MUST NOT deploy implementations that use assigned port numbers prior their assignment by IANA.

>>在IANA分配端口号之前,用户不得部署使用分配端口号的实现。

>> Users MUST NOT deploy implementations that default to using the experimental System port numbers (1021 and 1022 [RFC4727]) outside a controlled environment where they can be updated with a subsequent assigned port [RFC3692].

>>用户不得在受控环境之外部署默认使用实验系统端口号(1021和1022[RFC4727])的实现,在受控环境中,用户可以使用后续分配的端口[RFC3692]进行更新。

Deployments that use unassigned port numbers before assignment complicate IANA management of the port number space. Keep in mind that this recommendation protects existing assignees, users of current services, and applicants for new assignments; it helps ensure that a desired number and service name are available when assigned. The list of currently unassigned numbers is just that -- *currently* unassigned. It does not reflect pending applications. Waiting for an official IANA assignment reduces the chance that an assignment request will conflict with another deployed service.

分配前使用未分配端口号的部署使IANA对端口号空间的管理复杂化。请记住,本建议保护现有受让人、当前服务的用户和新转让的申请人;它有助于确保在分配时提供所需的号码和服务名称。当前未分配的数字列表就是--*当前*未分配。它不反映未决申请。等待正式IANA分配可减少分配请求与另一个已部署服务冲突的可能性。

Applications made through Internet-Draft posting or RFC publication (in any stream) typically use a placeholder ("PORTNUM") in the text, and implementations use an experimental port number until a final

通过Internet草稿发布或RFC发布(在任何流中)生成的应用程序通常在文本中使用占位符(“PORTNUM”),而实现使用实验端口号,直到最终版本

assignment has been made [RFC6335]. That assignment is initially indicated in the IANA Considerations section of the document, which is tracked by the RFC Editor. When a document has been approved for publication, that request is forwarded to IANA for handling. IANA will make the new assignment accordingly. At that time, IANA may also request that the applicant fill out the application form on their website, e.g., when the RFC does not directly address the information expected as per [RFC6335]. "Early" assignments can be made when justified, e.g., for early interoperability testing, according to existing process [RFC7120] [RFC6335].

已进行分配[RFC6335]。该分配最初在文档的IANA注意事项部分指出,RFC编辑器会跟踪该部分。当文件被批准发布时,该请求将转发给IANA处理。IANA将相应地执行新任务。届时,IANA还可要求申请人在其网站上填写申请表,例如,当RFC未直接说明[RFC6335]中预期的信息时。根据现有流程[RFC7120][RFC6335],可以在合理的情况下进行“早期”分配,例如早期互操作性测试。

>> Users writing specifications SHOULD use symbolic names for port numbers and service names until an IANA assignment has been completed. Implementations SHOULD use experimental port numbers during this time, but those numbers MUST NOT be cited in documentation except as interim.

>>编写规范的用户应使用符号名称作为端口号和服务名称,直到完成IANA分配。在此期间,实现应该使用实验端口号,但文档中不得引用这些端口号,除非作为临时端口号。

7.8. Squatting
7.8. 蹲

"Squatting" describes the use of a number from the assignable range in deployed software without IANA assignment for that use, regardless of whether the number has been assigned or remains available for assignment. It is hazardous because IANA cannot track such usage and thus cannot avoid making legitimate assignments that conflict with such unauthorized usage.

“蹲式”描述了在未分配IANA的情况下,在已部署软件中使用可分配范围内的数字,无论该数字是否已分配或仍可分配。这是危险的,因为IANA无法跟踪此类使用情况,因此无法避免进行与此类未授权使用冲突的合法分配。

Such "squatted" port numbers remain unassigned, and IANA retains the right to assign them when requested by other applicants. Application and service designers are reminded that is never appropriate to use port numbers that have not been directly assigned [RFC6335]. In particular, any unassigned code from the assigned ranges will be assigned by IANA, and any conflict will be easily resolved as the protocol designer's fault once that happens (because they would not be the assignee). This may reflect in the public's judgment on the quality of their expertise and cooperation with the Internet community.

此类“擅自占用”的端口号仍然未分配,IANA保留在其他申请人要求时分配这些端口号的权利。提醒应用程序和服务设计师,使用未直接分配的端口号绝对不合适[RFC6335]。特别是,来自指定范围的任何未分配代码都将由IANA分配,一旦发生冲突,任何冲突都将很容易解决,因为协议设计者的错误(因为他们不是受让人)。这可能反映在公众对其专业知识质量和与互联网社区合作的判断上。

Regardless, there are numerous services that have squatted on such numbers that are in widespread use. Designers who are using such port numbers are encouraged to apply for an assignment. Note that even widespread de facto use may not justify a later IANA assignment of that value, especially if either the value has already been assigned to a legitimate applicant or if the service would not qualify for an assignment of its own accord.

不管怎样,有许多服务已经占用了这些广泛使用的数字。鼓励使用此类端口号的设计师申请分配。请注意,即使是广泛的实际使用也可能无法证明以后IANA分配该价值是合理的,特别是如果该价值已经分配给合法申请人,或者如果该服务不符合自愿分配的条件。

7.9. Other Considerations
7.9. 其他考虑

As noted earlier, System port numbers should be used sparingly, and it is better to avoid them altogether. This avoids the potentially incorrect assumption that the service on such port numbers run in a privileged mode.

如前所述,系统端口号应尽量少用,最好完全避免使用。这避免了可能错误的假设,即此类端口号上的服务以特权模式运行。

Assigned port numbers are not intended to be changed; this includes the corresponding service name. Once deployed, it can be very difficult to recall every implementation, so the assignment should be retained. However, in cases where the current assignee of a name or number has reasonable knowledge of the impact on such uses, and is willing to accept that impact, the name or number of an assignment can be changed [RFC6335]

指定的端口号不打算更改;这包括相应的服务名称。一旦部署,很难召回每个实现,因此应该保留分配。但是,如果名称或编号的当前受让人合理了解对此类使用的影响,并愿意接受这种影响,则可以更改转让的名称或编号[RFC6335]

Aliases, or multiple service names for the same assigned port number, are no longer considered appropriate [RFC6335].

别名或同一分配端口号的多个服务名称不再被认为是合适的[RFC6335]。

8. Security Considerations
8. 安全考虑

This document focuses on the issues arising when designing services that require new port assignments. Section 7.4 addresses the security and security-related issues of that interaction.

本文档重点介绍设计需要新端口分配的服务时出现的问题。第7.4节讨论了该交互的安全和安全相关问题。

When designing a secure service, the use of TLS [RFC5246], DTLS [RFC6347], or TCP-AO [RFC5925] mechanisms that protect transport protocols or their contents is encouraged. It may not be possible to use IPsec [RFC4301] in similar ways because of the different relationship between IPsec and port numbers and because applications may not be aware of IPsec protections.

设计安全服务时,鼓励使用TLS[RFC5246]、DTLS[RFC6347]或TCP-AO[RFC5925]机制来保护传输协议或其内容。由于IPsec和端口号之间的关系不同,并且应用程序可能不知道IPsec保护,因此可能无法以类似的方式使用IPsec[RFC4301]。

This document reminds application and service designers that port numbers do not protect against denial-of-service attack or guarantee that traffic should be trusted. Using assigned numbers for port filtering isn't a substitute for authentication, encryption, and integrity protection. The port number alone should not be used to avoid denial-of-service attacks or to manage firewall traffic because the use of port numbers is not regulated or validated.

本文档提醒应用程序和服务设计者,端口号不能防止拒绝服务攻击,也不能保证通信量是可信的。使用指定号码进行端口筛选不能替代身份验证、加密和完整性保护。端口号不应单独用于避免拒绝服务攻击或管理防火墙流量,因为端口号的使用未经监管或验证。

The use of assigned port numbers is the antithesis of privacy because they are intended to explicitly indicate the desired application or service. Strictly, port numbers are meaningful only at the endpoints, so any interpretation elsewhere in the network can be arbitrarily incorrect. However, those numbers can also expose information about available services on a given host. This information can be used by intermediate devices to monitor and

使用指定的端口号与隐私相反,因为它们旨在明确表示所需的应用程序或服务。严格来说,端口号只在端点有意义,因此网络中其他地方的任何解释都可能是任意错误的。但是,这些数字还可以公开有关给定主机上可用服务的信息。中间设备可以使用此信息来监视和

intercept traffic as well as to potentially identify key endpoint software properties ("fingerprinting"), which can be used to direct other attacks.

拦截流量,并可能识别关键端点软件属性(“指纹”),这些属性可用于指导其他攻击。

9. IANA Considerations
9. IANA考虑

The entirety of this document focuses on suggestions that help ensure the conservation of port numbers and provide useful hints for issuing informative requests thereof.

本文件的全部内容侧重于有助于确保保存港口编号的建议,并为发布信息性请求提供有用的提示。

10. References
10. 工具书类
10.1. Normative References
10.1. 规范性引用文件

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <http://www.rfc-editor.org/info/rfc2119>.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<http://www.rfc-editor.org/info/rfc2119>.

[RFC2780] Bradner, S. and V. Paxson, "IANA Allocation Guidelines For Values In the Internet Protocol and Related Headers", BCP 37, RFC 2780, DOI 10.17487/RFC2780, March 2000, <http://www.rfc-editor.org/info/rfc2780>.

[RFC2780]Bradner,S.和V.Paxson,“互联网协议和相关报头中值的IANA分配指南”,BCP 37,RFC 2780,DOI 10.17487/RFC2780,2000年3月<http://www.rfc-editor.org/info/rfc2780>.

[RFC3692] Narten, T., "Assigning Experimental and Testing Numbers Considered Useful", BCP 82, RFC 3692, DOI 10.17487/RFC3692, January 2004, <http://www.rfc-editor.org/info/rfc3692>.

[RFC3692]Narten,T.,“分配被认为有用的实验和测试数字”,BCP 82,RFC 3692,DOI 10.17487/RFC3692,2004年1月<http://www.rfc-editor.org/info/rfc3692>.

[RFC4727] Fenner, B., "Experimental Values In IPv4, IPv6, ICMPv4, ICMPv6, UDP, and TCP Headers", RFC 4727, DOI 10.17487/RFC4727, November 2006, <http://www.rfc-editor.org/info/rfc4727>.

[RFC4727]Fenner,B.“IPv4、IPv6、ICMPv4、ICMPv6、UDP和TCP报头中的实验值”,RFC 4727,DOI 10.17487/RFC4727,2006年11月<http://www.rfc-editor.org/info/rfc4727>.

[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/RFC5246, August 2008, <http://www.rfc-editor.org/info/rfc5246>.

[RFC5246]Dierks,T.和E.Rescorla,“传输层安全(TLS)协议版本1.2”,RFC 5246,DOI 10.17487/RFC5246,2008年8月<http://www.rfc-editor.org/info/rfc5246>.

[RFC5405] Eggert, L. and G. Fairhurst, "Unicast UDP Usage Guidelines for Application Designers", BCP 145, RFC 5405, DOI 10.17487/RFC5405, November 2008, <http://www.rfc-editor.org/info/rfc5405>.

[RFC5405]Eggert,L.和G.Fairhurst,“应用程序设计者的单播UDP使用指南”,BCP 145,RFC 5405,DOI 10.17487/RFC5405,2008年11月<http://www.rfc-editor.org/info/rfc5405>.

[RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP Authentication Option", RFC 5925, DOI 10.17487/RFC5925, June 2010, <http://www.rfc-editor.org/info/rfc5925>.

[RFC5925]Touch,J.,Mankin,A.,和R.Bonica,“TCP认证选项”,RFC 5925,DOI 10.17487/RFC5925,2010年6月<http://www.rfc-editor.org/info/rfc5925>.

[RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. Cheshire, "Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry", BCP 165, RFC 6335, DOI 10.17487/RFC6335, August 2011, <http://www.rfc-editor.org/info/rfc6335>.

[RFC6335]Cotton,M.,Eggert,L.,Touch,J.,Westerlund,M.,和S.Cheshire,“互联网分配号码管理局(IANA)服务名称和传输协议端口号注册管理程序”,BCP 165,RFC 6335,DOI 10.17487/RFC6335,2011年8月<http://www.rfc-editor.org/info/rfc6335>.

[RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347, January 2012, <http://www.rfc-editor.org/info/rfc6347>.

[RFC6347]Rescorla,E.和N.Modadugu,“数据报传输层安全版本1.2”,RFC 6347,DOI 10.17487/RFC6347,2012年1月<http://www.rfc-editor.org/info/rfc6347>.

10.2. Informative References
10.2. 资料性引用

[IEN112] Postel, J., "Transmission Control Protocol", IEN 112, August 1979.

[IEN112]Postel,J.,“传输控制协议”,IEN112,1979年8月。

[RFC33] Crocker, S., "New Host-Host Protocol", RFC 33, DOI 10.17487/RFC0033, February 1970, <http://www.rfc-editor.org/info/rfc33>.

[RFC33]Crocker,S.,“新主机协议”,RFC 33,DOI 10.17487/RFC0033,1970年2月<http://www.rfc-editor.org/info/rfc33>.

[RFC37] Crocker, S., "Network Meeting Epilogue, etc", RFC 37, DOI 10.17487/RFC0037, March 1970, <http://www.rfc-editor.org/info/rfc37>.

[RFC37]Crocker,S.,“网络会议尾声等”,RFC 37,DOI 10.17487/RFC0037,1970年3月<http://www.rfc-editor.org/info/rfc37>.

[RFC38] Wolfe, S., "Comments on Network Protocol from NWG/RFC #36", RFC 38, DOI 10.17487/RFC0038, March 1970, <http://www.rfc-editor.org/info/rfc38>.

[RFC38]Wolfe,S.,“NWG/RFC#36对网络协议的评论”,RFC 38,DOI 10.17487/RFC0038,1970年3月<http://www.rfc-editor.org/info/rfc38>.

[RFC48] Postel, J. and S. Crocker, "Possible protocol plateau", RFC 48, DOI 10.17487/RFC0048, April 1970, <http://www.rfc-editor.org/info/rfc48>.

[RFC48]Postel,J.和S.Crocker,“可能的协议平台”,RFC 48,DOI 10.17487/RFC0048,1970年4月<http://www.rfc-editor.org/info/rfc48>.

[RFC61] Walden, D., "Note on Interprocess Communication in a Resource Sharing Computer Network", RFC 61, DOI 10.17487/RFC0061, July 1970, <http://www.rfc-editor.org/info/rfc61>.

[RFC61]Walden,D.,“关于资源共享计算机网络中进程间通信的说明”,RFC 61,DOI 10.17487/RFC0061,1970年7月<http://www.rfc-editor.org/info/rfc61>.

[RFC76] Bouknight, J., Madden, J., and G. Grossman, "Connection by name: User oriented protocol", RFC 76, DOI 10.17487/RFC0076, October 1970, <http://www.rfc-editor.org/info/rfc76>.

[RFC76]Bounight,J.,Madden,J.,和G.Grossman,“名称连接:面向用户协议”,RFC 76,DOI 10.17487/RFC0076,1970年10月<http://www.rfc-editor.org/info/rfc76>.

[RFC333] Bressler, R., Murphy, D., and D. Walden, "Proposed experiment with a Message Switching Protocol", RFC 333, DOI 10.17487/RFC0333, May 1972, <http://www.rfc-editor.org/info/rfc333>.

[RFC333]Bressler,R.,Murphy,D.,和D.Walden,“消息交换协议的拟议实验”,RFC 333,DOI 10.17487/RFC0333,1972年5月<http://www.rfc-editor.org/info/rfc333>.

[RFC739] Postel, J., "Assigned numbers", RFC 739, DOI 10.17487/RFC0739, November 1977, <http://www.rfc-editor.org/info/rfc739>.

[RFC739]Postel,J.,“分配的数字”,RFC 739,DOI 10.17487/RFC0739,1977年11月<http://www.rfc-editor.org/info/rfc739>.

[RFC758] Postel, J., "Assigned numbers", RFC 758, DOI 10.17487/RFC0758, August 1979, <http://www.rfc-editor.org/info/rfc758>.

[RFC758]Postel,J.,“分配的数字”,RFC 758,DOI 10.17487/RFC0758,1979年8月<http://www.rfc-editor.org/info/rfc758>.

[RFC768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 10.17487/RFC0768, August 1980, <http://www.rfc-editor.org/info/rfc768>.

[RFC768]Postel,J.,“用户数据报协议”,STD 6,RFC 768,DOI 10.17487/RFC0768,1980年8月<http://www.rfc-editor.org/info/rfc768>.

[RFC793] Postel, J., "Transmission Control Protocol", STD 7, RFC 793, DOI 10.17487/RFC0793, September 1981, <http://www.rfc-editor.org/info/rfc793>.

[RFC793]Postel,J.,“传输控制协议”,标准7,RFC 793,DOI 10.17487/RFC0793,1981年9月<http://www.rfc-editor.org/info/rfc793>.

[RFC820] Postel, J., "Assigned numbers", RFC 820, DOI 10.17487/RFC0820, August 1982, <http://www.rfc-editor.org/info/rfc820>.

[RFC820]Postel,J.,“分配的数字”,RFC 820,DOI 10.17487/RFC0820,1982年8月<http://www.rfc-editor.org/info/rfc820>.

[RFC900] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 900, DOI 10.17487/RFC0900, June 1984, <http://www.rfc-editor.org/info/rfc900>.

[RFC900]Reynolds,J.和J.Postel,“分配的数字”,RFC 900,DOI 10.17487/RFC0900,1984年6月<http://www.rfc-editor.org/info/rfc900>.

[RFC959] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, RFC 959, DOI 10.17487/RFC0959, October 1985, <http://www.rfc-editor.org/info/rfc959>.

[RFC959]Postel,J.和J.Reynolds,“文件传输协议”,STD 9,RFC 959,DOI 10.17487/RFC0959,1985年10月<http://www.rfc-editor.org/info/rfc959>.

[RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - Communication Layers", STD 3, RFC 1122, DOI 10.17487/RFC1122, October 1989, <http://www.rfc-editor.org/info/rfc1122>.

[RFC1122]Braden,R.,Ed.“互联网主机的要求-通信层”,STD 3,RFC 1122,DOI 10.17487/RFC1122,1989年10月<http://www.rfc-editor.org/info/rfc1122>.

[RFC1340] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1340, DOI 10.17487/RFC1340, July 1992, <http://www.rfc-editor.org/info/rfc1340>.

[RFC1340]Reynolds,J.和J.Postel,“分配的数字”,RFC 1340,DOI 10.17487/RFC1340,1992年7月<http://www.rfc-editor.org/info/rfc1340>.

[RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1700, DOI 10.17487/RFC1700, October 1994, <http://www.rfc-editor.org/info/rfc1700>.

[RFC1700]Reynolds,J.和J.Postel,“分配的数字”,RFC 1700,DOI 10.17487/RFC1700,1994年10月<http://www.rfc-editor.org/info/rfc1700>.

[RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", RFC 1812, DOI 10.17487/RFC1812, June 1995, <http://www.rfc-editor.org/info/rfc1812>.

[RFC1812]Baker,F.,Ed.,“IP版本4路由器的要求”,RFC 1812,DOI 10.17487/RFC1812,1995年6月<http://www.rfc-editor.org/info/rfc1812>.

[RFC1833] Srinivasan, R., "Binding Protocols for ONC RPC Version 2", RFC 1833, DOI 10.17487/RFC1833, August 1995, <http://www.rfc-editor.org/info/rfc1833>.

[RFC1833]Srinivasan,R.,“ONC RPC版本2的绑定协议”,RFC 1833,DOI 10.17487/RFC1833,1995年8月<http://www.rfc-editor.org/info/rfc1833>.

[RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, DOI 10.17487/RFC2595, June 1999, <http://www.rfc-editor.org/info/rfc2595>.

[RFC2595]Newman,C.,“将TLS与IMAP、POP3和ACAP一起使用”,RFC 2595,DOI 10.17487/RFC2595,1999年6月<http://www.rfc-editor.org/info/rfc2595>.

[RFC2644] Senie, D., "Changing the Default for Directed Broadcasts in Routers", BCP 34, RFC 2644, DOI 10.17487/RFC2644, August 1999, <http://www.rfc-editor.org/info/rfc2644>.

[RFC2644]Senie,D.,“更改路由器中定向广播的默认设置”,BCP 34,RFC 2644,DOI 10.17487/RFC2644,1999年8月<http://www.rfc-editor.org/info/rfc2644>.

[RFC2817] Khare, R. and S. Lawrence, "Upgrading to TLS Within HTTP/1.1", RFC 2817, DOI 10.17487/RFC2817, May 2000, <http://www.rfc-editor.org/info/rfc2817>.

[RFC2817]Khare,R.和S.Lawrence,“在HTTP/1.1中升级到TLS”,RFC 2817,DOI 10.17487/RFC2817,2000年5月<http://www.rfc-editor.org/info/rfc2817>.

[RFC3232] Reynolds, J., Ed., "Assigned Numbers: RFC 1700 is Replaced by an On-line Database", RFC 3232, DOI 10.17487/RFC3232, January 2002, <http://www.rfc-editor.org/info/rfc3232>.

[RFC3232]Reynolds,J.,Ed.,“分配号码:RFC 1700被在线数据库取代”,RFC 3232,DOI 10.17487/RFC3232,2002年1月<http://www.rfc-editor.org/info/rfc3232>.

[RFC3261] Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, DOI 10.17487/RFC3261, June 2002, <http://www.rfc-editor.org/info/rfc3261>.

[RFC3261]Rosenberg,J.,Schulzrinne,H.,Camarillo,G.,Johnston,A.,Peterson,J.,Sparks,R.,Handley,M.,和E.Schooler,“SIP:会话启动协议”,RFC 3261,DOI 10.17487/RFC3261,2002年6月<http://www.rfc-editor.org/info/rfc3261>.

[RFC4301] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, December 2005, <http://www.rfc-editor.org/info/rfc4301>.

[RFC4301]Kent,S.和K.Seo,“互联网协议的安全架构”,RFC 4301,DOI 10.17487/RFC4301,2005年12月<http://www.rfc-editor.org/info/rfc4301>.

[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram Congestion Control Protocol (DCCP)", RFC 4340, DOI 10.17487/RFC4340, March 2006, <http://www.rfc-editor.org/info/rfc4340>.

[RFC4340]Kohler,E.,Handley,M.和S.Floyd,“数据报拥塞控制协议(DCCP)”,RFC 4340,DOI 10.17487/RFC4340,2006年3月<http://www.rfc-editor.org/info/rfc4340>.

[RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", RFC 4960, DOI 10.17487/RFC4960, September 2007, <http://www.rfc-editor.org/info/rfc4960>.

[RFC4960]Stewart,R.,Ed.“流控制传输协议”,RFC 4960,DOI 10.17487/RFC4960,2007年9月<http://www.rfc-editor.org/info/rfc4960>.

[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, DOI 10.17487/RFC5226, May 2008, <http://www.rfc-editor.org/info/rfc5226>.

[RFC5226]Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,DOI 10.17487/RFC5226,2008年5月<http://www.rfc-editor.org/info/rfc5226>.

[RFC5245] Rosenberg, J., "Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols", RFC 5245, DOI 10.17487/RFC5245, April 2010, <http://www.rfc-editor.org/info/rfc5245>.

[RFC5245]Rosenberg,J.,“交互式连接建立(ICE):提供/应答协议的网络地址转换器(NAT)遍历协议”,RFC 5245,DOI 10.17487/RFC5245,2010年4月<http://www.rfc-editor.org/info/rfc5245>.

[RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, "Session Traversal Utilities for NAT (STUN)", RFC 5389, DOI 10.17487/RFC5389, October 2008, <http://www.rfc-editor.org/info/rfc5389>.

[RFC5389]Rosenberg,J.,Mahy,R.,Matthews,P.,和D.Wing,“NAT(STUN)的会话遍历实用程序”,RFC 5389,DOI 10.17487/RFC5389,2008年10月<http://www.rfc-editor.org/info/rfc5389>.

[RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)", RFC 5766, DOI 10.17487/RFC5766, April 2010, <http://www.rfc-editor.org/info/rfc5766>.

[RFC5766]Mahy,R.,Matthews,P.,和J.Rosenberg,“使用NAT周围的中继进行遍历(TURN):NAT(STUN)会话遍历实用程序的中继扩展”,RFC 5766,DOI 10.17487/RFC5766,2010年4月<http://www.rfc-editor.org/info/rfc5766>.

[RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS) Extensions: Extension Definitions", RFC 6066, DOI 10.17487/RFC6066, January 2011, <http://www.rfc-editor.org/info/rfc6066>.

[RFC6066]Eastlake 3rd,D.,“传输层安全(TLS)扩展:扩展定义”,RFC 6066,DOI 10.17487/RFC6066,2011年1月<http://www.rfc-editor.org/info/rfc6066>.

[RFC6762] Cheshire, S. and M. Krochmal, "Multicast DNS", RFC 6762, DOI 10.17487/RFC6762, February 2013, <http://www.rfc-editor.org/info/rfc6762>.

[RFC6762]Cheshire,S.和M.Krochmal,“多播DNS”,RFC 6762,DOI 10.17487/RFC6762,2013年2月<http://www.rfc-editor.org/info/rfc6762>.

[RFC6763] Cheshire, S. and M. Krochmal, "DNS-Based Service Discovery", RFC 6763, DOI 10.17487/RFC6763, February 2013, <http://www.rfc-editor.org/info/rfc6763>.

[RFC6763]Cheshire,S.和M.Krocmal,“基于DNS的服务发现”,RFC 6763,DOI 10.17487/RFC6763,2013年2月<http://www.rfc-editor.org/info/rfc6763>.

[RFC7120] Cotton, M., "Early IANA Allocation of Standards Track Code Points", BCP 100, RFC 7120, DOI 10.17487/RFC7120, January 2014, <http://www.rfc-editor.org/info/rfc7120>.

[RFC7120]Cotton,M.,“标准轨道代码点的早期IANA分配”,BCP 100,RFC 7120,DOI 10.17487/RFC7120,2014年1月<http://www.rfc-editor.org/info/rfc7120>.

[RFC7230] Fielding, R., Ed., and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014, <http://www.rfc-editor.org/info/rfc7230>.

[RFC7230]Fielding,R.,Ed.,和J.Reschke,Ed.,“超文本传输协议(HTTP/1.1):消息语法和路由”,RFC 7230,DOI 10.17487/RFC7230,2014年6月<http://www.rfc-editor.org/info/rfc7230>.

Acknowledgments

致谢

This work benefited from the feedback from David Black, Lars Eggert, Gorry Fairhurst, and Eliot Lear, as well as discussions of the IETF TSVWG WG.

这项工作得益于David Black、Lars Eggert、Gorry Fairhurst和Eliot Lear的反馈,以及IETF TSVWG工作组的讨论。

This document was initially prepared using 2-Word-v2.0.template.dot.

本文件最初使用2-Word-v2.0.template.dot编制。

Author's Address

作者地址

Joe Touch USC/ISI 4676 Admiralty Way Marina del Rey, CA 90292-6695 United States

Joe Touch USC/ISI 4676美国加利福尼亚州玛丽娜·德雷海军部路90292-6695号

   Phone: +1 (310) 448-9151
   Email: touch@isi.edu
        
   Phone: +1 (310) 448-9151
   Email: touch@isi.edu