Internet Engineering Task Force (IETF)                           H. Song
Request for Comments: 6646                                       N. Zong
Category: Informational                                           Huawei
ISSN: 2070-1721                                                  Y. Yang
                                                         Yale University
                                                                R. Alimi
                                                                  Google
                                                               July 2012
        
Internet Engineering Task Force (IETF)                           H. Song
Request for Comments: 6646                                       N. Zong
Category: Informational                                           Huawei
ISSN: 2070-1721                                                  Y. Yang
                                                         Yale University
                                                                R. Alimi
                                                                  Google
                                                               July 2012
        

DECoupled Application Data Enroute (DECADE) Problem Statement

分离的应用程序数据途中(十年)问题陈述

Abstract

摘要

Peer-to-peer (P2P) applications have become widely used on the Internet today and make up a large portion of the traffic in many networks. In P2P applications, one technique for reducing the transit and uplink P2P traffic is to introduce storage capabilities within the network. Traditional caches (e.g., P2P and Web caches) provide such storage, but they can be complex (e.g., P2P caches need to explicitly support individual P2P application protocols), and do not allow users to manage resource usage policies for content in the cache. This document discusses the introduction of in-network storage for P2P applications and shows the need for a standard protocol for accessing this storage.

P2P(Peer-to-Peer,P2P)应用已经在互联网上得到了广泛的应用,并在许多网络中占据了流量的很大一部分。在P2P应用程序中,减少传输和上行链路P2P流量的一种技术是在网络中引入存储功能。传统的缓存(如P2P和Web缓存)提供此类存储,但它们可能很复杂(如P2P缓存需要明确支持单个P2P应用程序协议),并且不允许用户管理缓存中内容的资源使用策略。本文档讨论了P2P应用程序的网络内存储的介绍,并说明了访问此存储的标准协议的必要性。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for informational purposes.

本文件不是互联网标准跟踪规范;它是为了提供信息而发布的。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6646.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6646.

Copyright Notice

版权公告

Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2012 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1. Introduction ....................................................2
   2. Terminology and Concepts ........................................3
   3. The Problems ....................................................4
      3.1. P2P Infrastructural Stress and Inefficiency ................4
      3.2. P2P Cache: A Complex Type of In-Network Storage ............5
      3.3. Ineffective Integration of P2P Applications ................6
   4. Usage Scenarios .................................................6
      4.1. BitTorrent .................................................6
      4.2. Content Publisher ..........................................7
   5. Security Considerations .........................................8
      5.1. Denial-of-Service Attacks ..................................8
      5.2. Copyright and Legal Issues .................................8
      5.3. Traffic Analysis ...........................................8
      5.4. Modification of Information ................................8
      5.5. Masquerade .................................................9
      5.6. Disclosure .................................................9
      5.7. Message Stream Modification ................................9
   6. Acknowledgments .................................................9
   7. Informative References .........................................10
        
   1. Introduction ....................................................2
   2. Terminology and Concepts ........................................3
   3. The Problems ....................................................4
      3.1. P2P Infrastructural Stress and Inefficiency ................4
      3.2. P2P Cache: A Complex Type of In-Network Storage ............5
      3.3. Ineffective Integration of P2P Applications ................6
   4. Usage Scenarios .................................................6
      4.1. BitTorrent .................................................6
      4.2. Content Publisher ..........................................7
   5. Security Considerations .........................................8
      5.1. Denial-of-Service Attacks ..................................8
      5.2. Copyright and Legal Issues .................................8
      5.3. Traffic Analysis ...........................................8
      5.4. Modification of Information ................................8
      5.5. Masquerade .................................................9
      5.6. Disclosure .................................................9
      5.7. Message Stream Modification ................................9
   6. Acknowledgments .................................................9
   7. Informative References .........................................10
        
1. Introduction
1. 介绍

Peer-to-peer (P2P) applications, including both P2P streaming and P2P file-sharing applications, make up a large fraction of the traffic in many Internet Service Provider (ISP) networks today. One way to reduce bandwidth usage by P2P applications is to introduce storage capabilities in networks. Allowing P2P applications to store and retrieve data from inside networks can reduce traffic on the last-mile uplink, as well as on backbone and transit links.

对等(P2P)应用程序,包括P2P流媒体和P2P文件共享应用程序,在当今许多互联网服务提供商(ISP)网络中占据了很大一部分流量。减少P2P应用程序带宽使用的一种方法是在网络中引入存储功能。允许P2P应用程序从网络内部存储和检索数据可以减少最后一英里上行链路以及主干和传输链路上的流量。

Existing P2P caches provide in-network storage and have been deployed in some networks. However, the current P2P caching architecture poses challenges to both P2P cache vendors and P2P application developers. For P2P cache vendors, it is challenging to support a number of continuously evolving P2P application protocols, due to lack of documentation, ongoing protocol changes, and rapid introduction of new features by P2P applications. For P2P application developers, closed P2P caching systems limit P2P applications from effectively utilizing in-network storage. In particular, P2P caches typically do not allow users to explicitly store content into in-network storage. They also do not allow applications to specific resource and access control policies over the usage of in-network storage. The challenges, if not addressed, may lead to reduced efficiency for P2P applications, and increased load on the network infrastructure.

现有的P2P缓存提供网络存储,并已部署在一些网络中。然而,当前的P2P缓存架构对P2P缓存供应商和P2P应用程序开发人员都提出了挑战。对于P2P缓存供应商来说,由于缺乏文档、协议不断更改以及P2P应用程序快速引入新功能,支持大量不断发展的P2P应用程序协议是一项挑战。对于P2P应用程序开发人员来说,封闭式P2P缓存系统限制了P2P应用程序在网络存储中的有效利用。特别是,P2P缓存通常不允许用户将内容显式存储到网络存储中。它们还不允许应用程序对特定的资源和访问控制策略使用网络存储。这些挑战如果得不到解决,可能会降低P2P应用程序的效率,增加网络基础设施的负载。

The challenges can be effectively addressed by using a standard, open protocol to access in-network storage [Data_Lockers]. P2P applications can store and retrieve content in the in-network storage, as well as control resources (e.g., bandwidth, connections) consumed by peers in a P2P application. As a simple example, a peer of a P2P application may upload to other peers through its in-network storage, saving its usage of last-mile uplink bandwidth.

通过使用标准的开放协议访问网络存储[数据储物柜],可以有效解决这些挑战。P2P应用程序可以在网络存储中存储和检索内容,以及控制P2P应用程序中的对等方消耗的资源(例如,带宽、连接)。作为一个简单的例子,P2P应用程序的对等方可以通过其网络内存储上传到其他对等方,从而节省其最后一英里上行链路带宽的使用。

In this document, we distinguish between two functional components of the native P2P application protocol: signaling and data access. Signaling includes operations such as handshaking and discovering peer and content availability. The data access component transfers content from one peer to another.

在本文中,我们区分了本机P2P应用程序协议的两个功能组件:信令和数据访问。信令包括握手和发现对等和内容可用性等操作。数据访问组件将内容从一个对等方传输到另一个对等方。

In essence, coupling of the signaling and data access makes in-network storage complex to support various application services. However, these applications have common requirements for data access, making it possible to develop a standard protocol.

本质上,信令和数据访问的耦合使得网络存储变得复杂,无法支持各种应用服务。但是,这些应用程序对数据访问有共同的要求,因此可以开发标准协议。

2. Terminology and Concepts
2. 术语和概念

The following terms have special meaning in the definition of the in-network storage system.

以下术语在网络存储系统的定义中具有特殊含义。

In-network storage: A service inside a network that provides storage and bandwidth to network applications. In-network storage may reduce upload/transit/backbone traffic and improve network application performance. The position of in-network storage is in the core of a network -- for example, co-located with the border router (network attached storage) or inside a data center.

网络内存储:网络内的一种服务,为网络应用程序提供存储和带宽。网络存储可以减少上传/传输/主干网络流量,并提高网络应用程序性能。网络内存储的位置位于网络的核心——例如,与边界路由器(网络连接存储)位于同一位置或位于数据中心内。

P2P cache (peer-to-peer cache): A kind of in-network storage that understands the signaling and transport of specific P2P application protocols. It caches the content for those specific P2P applications in order to serve peers and reduce traffic on certain links.

P2P缓存(peer-to-peer cache):一种网络内存储,了解特定P2P应用协议的信令和传输。它缓存这些特定P2P应用程序的内容,以便为对等方服务并减少某些链接上的流量。

3. The Problems
3. 问题

The emergence of P2P as a major network application (especially P2P file sharing and streaming) has led to substantial opportunities. The P2P paradigm can be utilized to design highly scalable and robust applications at low cost, compared to the traditional client-server paradigm.

P2P作为一种主要的网络应用(尤其是P2P文件共享和流媒体)的出现带来了巨大的机遇。与传统的客户机-服务器模式相比,P2P模式可以以低成本设计高度可扩展和健壮的应用程序。

However, P2P applications also face substantial design challenges. A particular challenge facing P2P applications is the additional stress that they place on the network infrastructure. At the same time, lack of infrastructure support can lead to unstable P2P application performance, in particular during peer churns and flash crowds, when a large group of users begin to retrieve the content during a short period of time, leading to stress on bandwidth-constrained access uplinks. A potential way to reduce network stress and improve P2P application performance would be to make it possible for peers that are on bandwidth-constrained access to put data in a place that is free of bandwidth constraints and also accessible by other peers. These problems are now discussed in further detail.

然而,P2P应用程序也面临着巨大的设计挑战。P2P应用程序面临的一个特殊挑战是它们对网络基础设施造成的额外压力。与此同时,缺乏基础设施支持可能会导致P2P应用程序性能不稳定,特别是在对等用户流失和flash群组中,当大量用户开始在短时间内检索内容时,会导致带宽受限的访问上行链路出现压力。减少网络压力和提高P2P应用程序性能的一种潜在方法是,让访问带宽受限的对等方能够将数据放在一个没有带宽约束且其他对等方也可以访问的地方。现在将进一步详细讨论这些问题。

3.1. P2P Infrastructural Stress and Inefficiency
3.1. P2P基础设施压力和效率低下

A particular problem of the P2P paradigm is the stress that P2P application traffic places on the infrastructure of ISPs. Multiple measurements (e.g., [ipoque_Internet_Study]) have shown that P2P traffic has become a major type of traffic on some networks. Furthermore, the inefficiency of network-agnostic peering (at the P2P transmission level) leads to unnecessary traversal across network domains or spanning the backbone of a network [RFC5693].

P2P模式的一个特殊问题是P2P应用程序流量对ISP基础设施的压力。多项测量(如[ipoque_Internet_Study])表明,P2P流量已成为某些网络上的主要流量类型。此外,网络不可知对等的低效性(在P2P传输级别)导致跨网络域或跨网络主干的不必要的遍历[RFC5693]。

Using network information alone to construct more efficient P2P swarms is not sufficient to reduce P2P traffic in access networks, as the total access upload traffic is equal to the total access download traffic in a traditional P2P system. On the other hand, it is reported that P2P traffic is becoming the dominant traffic on the access networks of some networks, reaching as high as 50-60% on the downlinks and 60-90% on the uplinks [DCIA] [ICNP] [ipoque_P2P_Survey] [P2P_File_Sharing]. Consequently, it becomes increasingly important to reduce upload access traffic, in addition to cross-domain and backbone traffic.

仅使用网络信息构建更高效的P2P群不足以减少接入网络中的P2P流量,因为在传统P2P系统中,总接入上传流量等于总接入下载流量。另一方面,据报道,P2P流量正在成为一些网络接入网络的主要流量,在下行链路上达到50-60%,在上行链路上达到60-90%[DCIA][ICNP][ipoque_P2P_Survey][P2P_文件共享]。因此,除了跨域和主干网流量外,减少上传访问流量变得越来越重要。

The inefficiency of P2P is also observed when traffic is sent upstream as many times as there are remote peers interested in getting the corresponding information. For example, the P2P application transfer completion times remain affected by potentially (relatively) slow upstream transmission. Similarly, the performance of real-time P2P applications may be affected by potentially (relatively) higher upstream latencies.

当流量向上游发送的次数与远程对等方对获取相应信息感兴趣的次数相同时,也可以观察到P2P的低效性。例如,P2P应用程序传输完成时间仍然受到潜在(相对)缓慢的上游传输的影响。类似地,实时P2P应用程序的性能可能会受到潜在(相对)较高的上游延迟的影响。

3.2. P2P Cache: A Complex Type of In-Network Storage
3.2. P2P缓存:一种复杂的网络存储

An effective technique to reduce P2P infrastructural stress and inefficiency is to introduce in-network storage. A survey of existing in-network storage systems can be found in [RFC6392].

在网络存储中引入P2P技术是降低P2P基础设施压力和效率的有效方法。[RFC6392]中介绍了现有的网络存储系统。

In the current Internet, in-network storage is introduced as P2P caches, either transparently or explicitly as a P2P peer. To provide service to a specific P2P application, the P2P cache server must support the specific signaling and transport protocols of the specific P2P application. This can lead to substantial complexity for the P2P cache vendor.

在当前的互联网中,网络内存储作为P2P缓存引入,无论是透明的还是显式的P2P对等缓存。为了向特定P2P应用程序提供服务,P2P缓存服务器必须支持特定P2P应用程序的特定信令和传输协议。这可能会给P2P缓存供应商带来巨大的复杂性。

First, there are many P2P applications on the Internet (e.g., BitTorrent, eMule, Flashget, and Thunder for file sharing; Abacast, Kontiki, Octoshape, PPLive, PPStream, and UUSee for P2P streaming). Consequently, a P2P cache vendor faces the challenge of supporting a large number of P2P application protocols, leading to product complexity and increased development cost.

首先,互联网上有许多P2P应用程序(例如,用于文件共享的BitTorrent、eMule、Flashget和Thunder;用于P2P流媒体的Abacast、Kontiki、Octoshape、PPLive、PPStream和UUSee)。因此,P2P缓存供应商面临着支持大量P2P应用协议的挑战,这导致了产品的复杂性和开发成本的增加。

Second, a specific P2P application protocol may evolve continuously to add new features or fix bugs. This in turn forces a P2P cache vendor to continuously monitor application updates to track such changes, leading to product complexity and increased costs.

其次,特定的P2P应用程序协议可能会不断发展,以添加新功能或修复bug。这反过来又迫使P2P缓存供应商持续监控应用程序更新以跟踪此类更改,从而导致产品复杂性和成本增加。

Third, many P2P applications use proprietary protocols or support end-to-end encryption. This can render P2P caches ineffective. Therefore, these three problems make it difficult to use the P2P cache as a network middlebox to support P2P application distribution.

第三,许多P2P应用程序使用专有协议或支持端到端加密。这可能导致P2P缓存无效。因此,这三个问题使得使用P2P缓存作为网络中间盒来支持P2P应用程序分发变得非常困难。

Finally, an end host has better connectivity and connection quality to a P2P cache than to a remote peer. Without the ability to manage bandwidth usage, the P2P cache may increase the volume of download traffic, which runs counter to the reduction of upload access traffic.

最后,终端主机与P2P缓存的连接和连接质量比与远程对等主机的连接和连接质量更好。如果无法管理带宽使用,P2P缓存可能会增加下载流量,这与上载访问流量的减少背道而驰。

3.3. Ineffective Integration of P2P Applications
3.3. P2P应用程序的无效集成

As P2P applications evolve, it has become increasingly clear that usage of in-network resources can improve the user's experience. For example, multiple P2P streaming systems seek additional in-network resources during a flash crowd, such as just before a major live streaming event. In asymmetric networks, when the aggregated upload bandwidth of a channel cannot meet the download demand, a P2P application may seek additional in-network resources to maintain a stable system.

随着P2P应用程序的发展,越来越清楚的是,使用网络内资源可以改善用户体验。例如,多个P2P流媒体系统在flash群组期间(例如在重大流媒体直播事件之前)寻求额外的网络内资源。在非对称网络中,当信道的聚合上传带宽不能满足下载需求时,P2P应用程序可能会寻求额外的网络资源来维持稳定的系统。

However, some P2P applications using in-network infrastructural resources require flexibility in implementing resource allocation policies. A major competitive advantage of many successful P2P systems is their substantial expertise in how to most efficiently utilize peer and infrastructural resources. For example, many live P2P systems have specific algorithms to select those peers that behave as stable, higher-bandwidth sources. Similarly, the higher-bandwidth sources frequently use algorithms to choose to which peers the source should send content. Developers of these systems continue to fine-tune these algorithms over time.

然而,一些用于网络基础设施资源的P2P应用程序在实现资源分配策略时需要灵活性。许多成功的P2P系统的一个主要竞争优势是,它们在如何最有效地利用对等和基础设施资源方面拥有丰富的专业知识。例如,许多实时P2P系统都有特定的算法来选择那些行为稳定、带宽更高的节点。类似地,较高带宽的源经常使用算法来选择源应该向哪个对等方发送内容。随着时间的推移,这些系统的开发人员将继续对这些算法进行微调。

To permit developers to evolve and fine-tune their algorithms and policies, the in-network storage should expose basic mechanisms and allow as much flexibility as possible to P2P applications. This conforms to the end-to-end systems principle and allows innovation and satisfaction of specific business goals. Existing techniques for in-network storage in P2P applications lack these capabilities.

为了允许开发人员改进和微调他们的算法和策略,网络存储应该公开基本机制,并为P2P应用程序提供尽可能多的灵活性。这符合端到端系统原则,允许创新和满足特定业务目标。现有的P2P应用中的网络存储技术缺乏这些功能。

4. Usage Scenarios
4. 使用场景

Usage scenarios are presented to illustrate the problems in both Content Distribution Network (CDN) and P2P scenarios.

介绍了使用场景,以说明内容分发网络(CDN)和P2P场景中的问题。

4.1. BitTorrent
4.1. 比特流

When a BitTorrent client A uploads a block to multiple peers, the block traverses the last-mile uplink once for each peer. After that, the peer B that just received the block from A also needs to upload through its own last-mile uplink to others when sharing this block. This is not an efficient use of the last-mile uplink. With an in-network storage server, however, the BitTorrent client may upload the block to its in-network storage. Peers may retrieve the block from the in-network storage, reducing the amount of data on the last-mile uplink. If supported by the in-network storage, a peer can also save the block in its own in-network storage while it is being retrieved; the block can then be uploaded from the in-network storage to other peers.

当BitTorrent客户端a将一个块上载到多个对等方时,该块将为每个对等方遍历最后一英里上行链路一次。之后,刚刚从A接收到块的对等方B在共享该块时还需要通过其自己的最后一英里上行链路上传到其他方。这不是对最后一英里上行链路的有效利用。但是,对于网络存储服务器,BitTorrent客户端可以将块上载到其网络存储中。对等方可以从网络存储中检索块,从而减少最后一英里上行链路上的数据量。如果网络内存支持,对等方还可以在检索块时将其保存在自己的网络内存中;然后可以将该块从网络内存储上传到其他对等方。

As previously discussed, BitTorrent or other P2P applications currently cannot explicitly manage which content is placed in the existing P2P caches, nor can they manage access and resource control policies. Applications need to retain flexibility to control the content distribution policies and topology among peers.

如前所述,BitTorrent或其他P2P应用程序目前无法明确管理哪些内容放置在现有P2P缓存中,也无法管理访问和资源控制策略。应用程序需要保持灵活性,以控制对等方之间的内容分发策略和拓扑。

4.2. Content Publisher
4.2. 内容发布者

Content publishers may also utilize in-network storage. For example, consider a P2P live streaming application. A Content Publisher typically maintains a small number of sources, each of which distributes blocks in the current play buffer to a set of P2P peers.

内容发布者也可以利用网络存储。例如,考虑P2P直播流应用程序。内容发布者通常维护少量源,每个源将当前播放缓冲区中的块分发给一组对等点。

Some content publishers use another hybrid content distribution approach incorporating both P2P and CDN modes. As an example, Internet TV may be implemented as a hybrid CDN/P2P application by distributing content from central servers via a CDN, and also incorporating a P2P mode amongst end hosts and set-top boxes. In-network storage may be beneficial to hybrid CDN/P2P applications as well to support P2P distribution and to enable content publisher standard interfaces and controls.

一些内容发布商使用另一种混合内容分发方法,结合了P2P和CDN模式。例如,通过经由CDN从中央服务器分发内容,并且还在终端主机和机顶盒之间合并P2P模式,可以将因特网电视实现为混合CDN/P2P应用。网络内存储可能有利于混合CDN/P2P应用程序以及支持P2P分发和支持内容发布者标准接口和控制。

However, there is no standard interface for different content publishers to access in-network storage. One streaming content publisher may need the existing in-network storage to support streaming signaling or another such capability, such as transcoding capability, bitmap information, intelligent retransmission, etc., while a different content publisher may only need the in-network storage to distribute files. However, it is reasonable that the application services are only supported by content publishers' original servers and clients, and intelligent data plane transport for those content publishers are supported by in-network storage.

但是,不同的内容发布者在网络存储中无法访问标准接口。一个流式内容发布者可能需要现有的网络内存储来支持流式信令或另一种这样的能力,例如转码能力、位图信息、智能重传等,而不同的内容发布者可能只需要网络内存储来分发文件。但是,合理的做法是,应用程序服务仅由内容发布者的原始服务器和客户端支持,而这些内容发布者的智能数据平面传输由网络存储支持。

A content publisher also benefits from a standard interface to access in-network storage servers provided by different providers. The standard interface must allow content publishers to retain control over content placed in their own in-network storage and to grant access and resources only to the desired end hosts and peers.

内容发布者还可以通过标准接口访问由不同提供商提供的网络存储服务器。标准接口必须允许内容发布者保留对放置在其自己的网络存储中的内容的控制,并仅向所需的终端主机和对等方授予访问权限和资源。

In the hybrid CDN/P2P scenario, if only the end hosts can store content in the in-network storage server, the content must be downloaded and then uploaded over the last-mile access link before another peer may retrieve it from an in-network storage server. Thus, in this deployment scenario, it may be advantageous for a content publisher or CDN provider to store content in in-network storage servers.

在混合CDN/P2P场景中,如果只有终端主机可以在网络存储服务器中存储内容,则必须先下载内容,然后通过最后一英里访问链路上载内容,然后其他对等方才能从网络存储服务器中检索内容。因此,在此部署场景中,内容发布者或CDN提供商将内容存储在网络存储服务器中可能是有利的。

5. Security Considerations
5. 安全考虑

There are several security considerations related to in-network storage.

有几个与网络存储相关的安全注意事项。

5.1. Denial-of-Service Attacks
5.1. 拒绝服务攻击

An attacker can try to consume a large portion of the in-network storage, or exhaust the connections of the in-network storage through a denial-of-service (DoS) attack. Authentication, authorization, and accounting mechanisms should be considered in the cross-domain environment. Limitation of access from an administrative domain sets up barriers for content distribution.

攻击者可以尝试使用大部分网络存储,或通过拒绝服务(DoS)攻击耗尽网络存储的连接。应在跨域环境中考虑身份验证、授权和记帐机制。对管理域访问的限制为内容分发设置了障碍。

5.2. Copyright and Legal Issues
5.2. 版权和法律问题

Copyright and other laws may prevent the distribution of certain content in various localities. In-network storage operators may adopt system-wide ingress or egress filters to implement necessary policies for storing or retrieving content, and applications may apply Digital Rights Management (DRM) to the data stored in the network storage. However, the specification and implementation of such policies (e.g., filtering and DRM) is not in scope for the problem this document proposes to solve.

版权和其他法律可能会阻止某些内容在各地传播。在网络存储中,运营商可以采用系统范围的入口或出口过滤器来实施存储或检索内容的必要策略,应用程序可以对存储在网络存储中的数据应用数字版权管理(DRM)。但是,此类策略(如过滤和DRM)的规范和实施不在本文件拟解决的问题范围内。

5.3. Traffic Analysis
5.3. 流量分析

If the content is stored in the provider-based in-network storage, there may be a risk to privacy: a malicious service provider could use some link that a victim user is interested in, estimate that another user accessing the same data may have the same interest, and use this information as a basis to perform a phishing attack on the other user.

如果内容存储在基于网络存储的提供商中,则可能存在隐私风险:恶意服务提供商可能使用受害者用户感兴趣的某个链接,估计访问相同数据的另一用户可能有相同的兴趣,并将此信息用作对另一用户执行钓鱼攻击的依据。

5.4. Modification of Information
5.4. 修改资料

This type of threat means that some unauthorized entity may alter in-transit in-network storage access messages generated on behalf of an authorized principal in such a way as to effect unauthorized management operations, including falsifying the value of an object. This threat may result in false data being supplied either because the data on a legitimate store is modified or because a bogus store is introduced into the network.

这种类型的威胁意味着一些未经授权的实体可能会在传输过程中更改代表授权主体生成的网络存储访问消息,从而影响未经授权的管理操作,包括伪造对象的价值。这种威胁可能导致提供虚假数据,因为合法存储上的数据被修改,或者因为网络中引入了虚假存储。

5.5. Masquerade
5.5. 掩藏

This type of threat means that an unauthorized entity gains access to a system or performs a malicious act by illegitimately posing as an authorized entity. In the context of this specification, when accessing in-network storage, one malicious end host can masquerade as another authorized end host or application server to access a protected resource in the in-network storage.

这种类型的威胁意味着未经授权的实体通过非法冒充授权实体获得对系统的访问权或实施恶意行为。在本规范的上下文中,当访问网络存储时,一个恶意终端主机可以伪装成另一个授权终端主机或应用程序服务器,以访问网络存储中受保护的资源。

5.6. Disclosure
5.6. 披露

This type of threat involves the danger of someone eavesdropping on exchanges between in-network storage and application clients. Protecting against this threat may be required as a matter of application policy.

这种类型的威胁包括有人窃听网络存储和应用程序客户端之间的交换的危险。作为应用策略的一部分,可能需要针对这种威胁进行保护。

5.7. Message Stream Modification
5.7. 消息流修改

This type of threat means that messages may be maliciously re-ordered, delayed, or replayed to an extent greater than what would occur in a natural network system, in order to effect unauthorized management operations on in-network storage. If the middlebox (such as a Network Address Translator (NAT)) or proxy between an end host and in-network storage is compromised, it is easy to do a stream modification attack.

这种类型的威胁意味着,为了对网络存储进行未经授权的管理操作,消息可能被恶意重新排序、延迟或重播,其程度可能超过自然网络系统中可能发生的情况。如果终端主机和网络存储之间的中间盒(如网络地址转换器(NAT))或代理受到破坏,则很容易进行流修改攻击。

6. Acknowledgments
6. 致谢

We would like to thank the following people for contributing to this document:

我们要感谢以下人员对本文件的贡献:

Ronald Bonica

罗纳德·博尼卡

David Bryan

大卫·布莱恩

Kar Ann Chew

周家安

Lars Eggert

拉尔斯·艾格特

Roni Even

甚至是罗尼

Adrian Farrel

阿德里安·法雷尔

Yingjie Gu

顾英杰

David Harrington

大卫·哈林顿

Leif Johansson

雷夫·约翰森

Francois Le Faucheur

弗朗索瓦·勒·福彻

Hongqiang Liu

刘洪强

Tao Ma

陶马

Borje Ohlman

博尔杰·奥尔曼

Akbar Rahman

阿克巴·拉赫曼

Peter Saint-Andre

彼得·圣安德烈

Robert Sparks

罗伯特·斯帕克斯

Sean Turner

肖恩·特纳

Yu-shun Wang

王玉顺

Richard Woundy

理查德·沃迪

Yunfei Zhang

张云飞

7. Informative References
7. 资料性引用

[DCIA] Parker, A., "P2P Media Summit presentation", Distributed Computing Industry Association, October 2006, <http://www.dcia.info/activities/p2pmsla2006/ CacheLogic.ppt>.

[DCIA]Parker,A.,“P2P媒体峰会演示”,分布式计算行业协会,2006年10月<http://www.dcia.info/activities/p2pmsla2006/ CacheLogic.ppt>。

[Data_Lockers] Yang, Y., "Open Content Distribution using Data Lockers", CoXNet Workshop, Beijing, China, November 2010, <http:// cs-www.cs.yale.edu/homes/yry/projects/p4p/ open-data-lockers-nov-2010-coxnet.pdf>.

[Data_Lockers]Yang,Y.,“使用数据储物柜的开放式内容分发”,CoXNet研讨会,中国北京,2010年11月,<http://cs-www.cs.yale.edu/homes/yry/projects/p4p/Open-Data-Lockers-nov-2010-CoXNet.pdf>。

[ICNP] Wu, H., "Challenges and Opportunities of Internet Developments in China", ICNP 2007 Keynote Speech, October 2007, <http://www.ieee-icnp.org/2007/keynote_D.html>.

[ICNP]Wu,H.“中国互联网发展的挑战和机遇”,ICNP 2007年主题演讲,2007年10月<http://www.ieee-icnp.org/2007/keynote_D.html>.

[P2P_File_Sharing] Casadesus-Masanell, R. and A. Hervas-Drane, "Peer-to-Peer File Sharing and the Market for Digital Information Goods", Journal of Economics & Management Strategy, Vol. 19, No. 2, pp. 333-373, Summer 2010.

[P2P文件共享]Casadesus Masanell,R.和A.Hervas Drane,“点对点文件共享与数字信息商品市场”,《经济与管理战略杂志》,第19卷,第2期,333-373页,2010年夏季。

[RFC5693] Seedorf, J. and E. Burger, "Application-Layer Traffic Optimization (ALTO) Problem Statement", RFC 5693, October 2009.

[RFC5693]Seedorf,J.和E.Burger,“应用层流量优化(ALTO)问题陈述”,RFC 5693,2009年10月。

[RFC6392] Alimi, R., Ed., Rahman, A., Ed., and Y. Yang, Ed., "A Survey of In-Network Storage Systems", RFC 6392, October 2011.

[RFC6392]Alimi,R.,Ed.,Rahman,A.,Ed.,和Y.Yang,Ed.“网络存储系统的调查”,RFC 63922011年10月。

[ipoque_Internet_Study] Schulze, H. and K. Mochalski, "Internet Study 2008/2009", 2009, <http://www.ipoque.com/resources/internet-studies>.

[ipoque_互联网研究]Schulze,H.和K.Mochalski,“2008/2009年互联网研究”,2009年<http://www.ipoque.com/resources/internet-studies>.

[ipoque_P2P_Survey] "ipoque's 2007 P2P Survey to be presented at Technology Review's Emerging Technologies Conference at MIT", August 2007, <http://www.ipoque.com/en/news-events/ press-center/press-releases/2007/ ipoque%C2%B4s-2007-p2p-survey-to-be-presented-at-technology>.

[ipoque_P2P_调查]“ipoque 2007年P2P调查将在麻省理工学院技术评论新兴技术会议上发表”,2007年8月<http://www.ipoque.com/en/news-events/ 新闻中心/新闻稿/2007/ipoque%C2%B4s-2007-p2p-survey-to-be-presented-at-technology>。

Authors' Addresses

作者地址

Haibin Song Huawei 101 Software Avenue, Yuhua District Nanjing, Jiangsu Province 210012 China

中国江苏省南京市雨花区软件大道101号海滨松华为210012

   EMail: haibin.song@huawei.com
        
   EMail: haibin.song@huawei.com
        

Ning Zong Huawei 101 Software Avenue, Yuhua District Nanjing, Jiangsu Province 210012 China

中国江苏省南京市雨花区宁宗华为软件大道101号210012

   EMail: zongning@huawei.com
        
   EMail: zongning@huawei.com
        

Y. Richard Yang Yale University

耶鲁大学

   EMail: yry@cs.yale.edu
        
   EMail: yry@cs.yale.edu
        

Richard Alimi Google

Richard Alimi谷歌

   EMail: ralimi@google.com
        
   EMail: ralimi@google.com