Hyperledger Fabric Network/Hyperledger Fabric网络
What is a Fabric Network?/什么是Fabric网络?
A Fabric permissioned blockchain network is a technical infrastructure that provides ledger services to application consumers and administrators. In most cases, multiple organizations come together as a consortium to form the network and their permissions are determined by a set of policies that are agreed to by the the consortium when the network is originally configured. Moreover, network policies can change over time subject to the agreement of the organizations in the consortium.
Fabric许可的区块链网络是向应用程序用户和管理员提供总账服务的技术基础架构。在大多数情况下,多个组织成为一个联盟组成网络,组织的权限取决于最初配置网络时,联盟成员都同意的一组策略。此外,网络策略可能会随着时间的变化而变化,但须经联盟组织的同意。
This document will take you through the decisions that organizations will need to make to configure and deploy a Hyperledger Fabric network, form channels to transact within the network, and how to update those decisions within the life of the network. You will also learn how those decisions are embedded in the architecture and components of Hyperledger Fabric.
本文档将带领您浏览整个决策,包括组织将需要配置和部署一个Hyperledger Fabric网络,形成在网络中进行交易的管道(channel),以及如何在网络生命周期内更新这些决策。您还将了解这些决策如何嵌入到Hyperledger Fabric的体系结构和组件中。
Who should read this?/谁应该读这个?
In this topic, we’ll focus on the major components of the network, why they exist, and when to use them. This topic is intended for Blockchain Architects and Blockchain Network Administrators. Blockchain application developers may also have an interest. As this is intended to be a conceptual document, if you would like to dig deeper into the technical details we encourage you to review the available technical documents on this site.
在这个主题中,我们将重点介绍网络的主要组成部分,它们为什么存在以及何时使用它们。本主题面向区块链架构师和区块链网络管理员。区块链应用程序开发人员也可能有兴趣。由于这是一个概念性文件,如果您想深入了解技术细节,我们鼓励您查看本网站上的可用技术文档。
The business requirements for the blockchain network – Example/区块链网络的业务需求 - 例子
The organizations RA, RB, RC and RD have decided to jointly invest in a Fabric blockchain network. Organization RA will contribute 3 peers, and 2 client applications of RA will consume the services of the blockchain network. Organization RB will contribute 4 peers and has 1 client application. Organization RC contributes 3 peers and has 2 client applications. Organization RD contributes 4 orderers. Organization RA and RB have decided to form a consortium and exploit a separate application channel between the two of them. Organization RB and RC have decided to form another consortium and also exploit a separate application channel between the two of them. Each application channel has its own policy.
RA,RB,RC和RD组织已决定联合投资Fabric区块链网络。组织RA将贡献3个peers,RA的2个客户端应用将使用区块链网络的服务。组织RB将贡献4个peers,并拥有1个客户端应用程序。组织RC贡献3个peers,并有2个客户端应用程序。组织RD贡献4个orderers。组织RA和RB已决定组建一个联盟,并在两者之间开发一个单独的应用管道(channel)。组织RB和RC决定组建另一个联盟,并在两者之间利用单独的应用管道(channel)。每个应用程序管道(channel)都有自己的策略。
Components of a Network/网络的组成部分
A network consists of:
-
Ledgers (one per channel – comprised of the blockchain and the state database)
-
Smart contract(s) (aka chaincode)
-
Peer nodes
网络包括:
总账(每个管道(channel)一个 - 由区块链和状态数据库组成)
智能合约(又名chaincode)
peer节点
ordering 服务(S)
管道(channel)(S)
Fabric证书颁发机构
Consumers of Network Services/网络服务的消费者
-
Client applications owned by organizations
-
Clients of Blockchain network administrators
组织拥有的客户端应用程序
区块链客户端的网络管理员
Network Policies and Identities/网络策略和身份
The Fabric Certificate Authority (CA) issues the certificates for organizations to authenticate to the network. There can be one or more CAs on the network and organizations can choose to use their own CA. Additionally, client applications owned by organizations in the consortium use certificates to authenticate transaction proposals, and peers use them to endorse proposals and commit transactions to the ledger if they are valid.
Fabric 证书颁发机构(CA)颁发证书以供组织向网络进行认证。网络上可以有一个或多个CA,组织可以选择使用自己的CA. 此外,联盟中的组织拥有的客户端应用程序使用证书来验证交易提议,peers使用它们来认可提议,并在交易提议有效时将交易提交到总账。
The explanation of the diagram is as follows: There is a Fabric network N with network policy NP1 and ordering service O. Channel C1 is governed by channel policy CP1. Channel C1 has been established by consortium RARB. Channel C1 is managed by ordering service O and peers P1 and P2 and client applications A1 and A2 have been granted permission to transact on C1. Client application A1 is owned by organization RA. Certificate authority CA1 serves organization RA. Peer P2 maintains ledger L1 associated with channel C1 and L2 associated with C2. Peer P2 makes use of chain code S4 and S5. The orderer nodes of ordering service O are owned by organization RD.
该图的解释如下:Fabric网络N有一个网络策略NP1和ordering 服务O. C1管道(channel)由管道(channel)策略CP1管理。 管道(channel) C1由财团RARB建立。管道(channel)C1通过ordering 服务O和peers P1和P2来管理,并且客户端应用A1和A2已经被授权在C1上进行交易。客户端应用程序A1由组织RA拥有。证书颁发机构CA1为组织RA服务。Peer P2维护与管道(channel)C1相关联的总账L1和与C2相关联的L2。 Peer P2使用链码S4和S5。ordering 服务O的orderer节点由组织RD拥有。
Creating the Network/创建网络
The network is created from the definition of the consortium including its clients, peers, channels, and ordering service(s). The ordering service is the administration point for the network because it contains the configuration for the channel(s) within the network. The configurations for each channel includes the policies for the channel and the membership information (in this example X509 root certificates) for each member of the channel.
该网络是根据联盟的定义创建的,其中包括其客户,peers,管道(channels)和ordering 服务。 ordering 服务是网络的管理点,因为它包含网络中管道(channel)的配置。 每个管道(channel)的配置包括该管道(channel)的策略,管道(channel)的每个成员信息(在本例中为X509根证书)。
Defining a Consortium/定义一个联盟
A consortium is comprised of two or more organizations on the network. Consortiums are defined by organizations that have a need for transacting business with one another and they must agree to the policies that govern the network.
一个联盟由两个或两个以上的组织组成。 联盟是由需要互相交易业务的组织定义的,他们必须同意管理网络的策略。
Creating a channel for a consortium/为联盟创建一个管道(channel)
A channel is a communication means used to connect the components of the network and/or the member client applications. Channels are created by generating the configuration block on the ordering service, which evaluates the validity of the channel configuration. Channels are useful because they allow for data isolation and confidentiality. Transacting organizations must be authenticated to a channel in order to interact with it. Channels are governed by the policies they are configured with.
管道(channel)是用于连接网络组件和/或成员客户端应用程序的通信手段。 通过在ordering 服务上生成配置块来创建管道(channel),该配置块用于评估管道(channel)配置的有效性。 管道(channel)是有用的,因为它们考虑到了数据隔离和机密性。 交易组织必须通过身份验证才能与管道(channel)进行交互。 管道(channel)由它们配置的策略管理。
Peers and Channels/Peers和管道(channel)
Peers are joined to channels by the organizations that own them, and there can be multiple peer nodes on channels within the network. Peers can take on multiple roles:
Peers通过它们所属的组织加入到管道(channel)中,并且网络中的管道(channel)上可以有多个peer节点。Peers可以承担多种角色:
-
Endorsing peer – defined by policy as specific nodes that execute smart contract transactions in simulation and return a proposal response (endorsement) to the client application.
背书(Endorsing) peer - 由策略定义,作为一个特定节点,在模拟中执行智能合约,并向客户端应用程序返回提议响应(认可)。
-
Committing peer – validates blocks of ordered transactions and commits (writes/appends) the blocks to a copy of the ledger it maintains.
Committing peer- 验证有序交易块并将块提交(写入/附加)到它所维护的总账的副本。
Because all peers maintain a copy of the ledger for every channel to which they are joined, all peers are committing peers. However, only peers specified by the endorsement policy of the smart contract can be endorsing peers. A peer may be further defined by the roles below:
由于所有peers都为其加入的每个管道(channel)保留一个总账副本,因此所有peers均是committing peers。然而,只有智能合约背书(endorsement)策略所指定的peers才能认同peers。一个peer可能会进一步由以下角色定义:
-
Anchor peer – defined in the channel configuration and is the first peer that will be discovered on the network by other organizations within a channel they are joined to.
Anchor peer – 定义在管道(channel)配置中,且在该网络上,其是第一个被其它加入到管道(channel)内的组织发现的peer。
-
Leading peer – exists on the network to communicate with the ordering service on behalf of an organization that has multiple peers.
Leading peer - 存在与网络上,和ordering 服务通信,代表一个具有多个peers的组织。
Applications and Smart Contracts/应用程序和智能合约
Smart contract chaincode must be installed and instantiated on a peer in order for a client application to be able to invoke the smart contract. Client applications are the only place outside the network where transaction proposals are generated. When a transaction is proposed by a client application, the smart contract is invoked on the endorsing peers who simulate the execution of the smart contract against their copy of the ledger and send the proposal response (endorsement) back to the client application. The client application assembles these responses into a transaction and broadcasts it to the ordering service.
智能合约链码必须安装在peer上并实例化,以便客户端应用程序能够调用智能合约。 客户端应用程序是网络之外生成交易提议的唯一地方。 当客户端应用程序提出交易时,智能合约将在认可的peers上调用,peers模拟针对总账本副本的智能合约的执行,并将提议响应(认可)发送回客户端应用程序。 客户端应用程序将这些响应组装到交易中并将其广播到ordering 服务。
Growing the network/增长的网络
While there no theoretical limit to how big a network can get, as the network grows it is important to consider design choices that will help optimize network throughput, stability, and resilience. Evaluations of network policies and implementation of gossip protocol to accommodate a large number of peer nodes are potential considerations.
尽管没有理论上限制网络的规模,但随着网络的发展,考虑有助于优化网络吞吐量,稳定性和弹性的设计选择非常重要。 评估网络策略和实施八卦协议以容纳大量peer节点是潜在的考虑因素。
Simplifying the visual vocabulary/简化视觉词汇
In the diagram below we see that there are two client applications connected to two peer nodes and an ordering service on one channel. Since there is only one channel, there is only one logical ledger in this example. As in the case of this single channel, P1 and P2 will have identical copies of the ledger (L1) and smart contract – aka chaincode (S4).
在下图中,我们看到有两个客户端应用程序连接到两个peer节点,一个管道(channel)上的ordering 服务。 由于只有一个管道(channel),因此此例中只有一个逻辑总账。 就像这个单一管道(channel)一样,P1和P2将具有相同的总账(L1)副本和智能合约 – 又名链码(S4)。
Adding another consortium definition/增加另一个联盟定义
As consortia are defined and added to the existing channel, we must update the channel configuration by sending a channel configuration update transaction to the ordering service. If the transaction is valid, the ordering service will generate a new configuration block. Peers on the network will then have to validate the new channel configuration block generated by the ordering service and update their channel configurations if they validate the new block. It is important to note that the channel configuration update transaction is handled by system chaincode as invoked by the Blockchain network Administrator, and is not invoked by client application transaction proposals.
当联盟被定义并添加到现有管道(channel)时,我们必须通过向ordering 服务发送管道(channel)配置更新交易来更新管道(channel)配置。 如果交易有效,则ordering 服务将生成一个新的配置块。 然后,网络上的peers必须验证由ordering 服务生成的新管道(channel)配置块,并在验证新块时更新其管道(channel)配置。 请注意,管道(channel)配置更新交易由系统链码处理 ,由区块链网络管理员调用,并且不由客户端应用程序交易提议调用。
Adding a new channel/添加一个新管道(channel)
Organizations are what form and join channels, and channel configurations can be amended to add organizations as the network grows. When adding a new channel to the network, channel policies remain separate from other channels configured on the same network.
组织是什么形式和加入管道(channel),随着网络的发展,管道(channel)配置可以修改,以添加组织。 当向网络添加新管道(channel)时,管道(channel)策略与在同一网络上配置的其他管道(channel)保持独立。
In this example, the configurations for channel 1 and channel 2 on the ordering service will remain separate from one another.
在此示例中,ordering 服务上管道(channel)1和管道(channel)2的配置将保持彼此分离。
Adding another peer/添加另一个peer
In this example, peer 3 (P3) owned by organization 3 has been added to channel 2 (C2). Note that although there can be multiple ordering services on the network, there can also be a single ordering service that governs multiple channels. In this example, the channel policies of C2 are isolated from those of C1. Peer 3 (P3) is also isolated from C1 as it is authenticated only to C2.
在这个例子中,组织3拥有的peer3(P3)已被添加到管道(channel)2(C2)。 请注意,虽然网络上可以有多个ordering 服务,但也可以有一个单一的ordering 服务来管理多个管道(channel)。 在这个例子中,C2的管道(channel)策略与C1的管道(channel)策略是分开的。 同级3(P3)也与C1隔离,因为它仅通过C2进行身份验证。
Joining a peer to multiple channels/将peer加入到多个管道(channel)
In this example, peer 2 (P2) has been joined to channel 2 (C2). P2 will keep channels C1 and C2 and their associated transactions private and isolated. Additionally, client application A3 will also be isolated from C1. The ordering service maintains network governance and channel isolation by evaluating policies and digital signatures of all nodes configured on all channels.
在这个例子中,peer 2(P2)已经连接到管道(channel)2(C2)。 P2将保持管道(channel)C1和C2及其关联交易的私密性和隔离性。 此外,客户端应用程序A3也将与C1隔离。ordering 服务通过评估所有管道上配置的所有节点的策略和数字签名来维护网络管理和管道隔离。
Network fully formed/网络完全形成
In this example, the network has been developed to include multiple client applications, peers, and channels connected to a single ordering service. Peer 2 (P2) is the only peer node connected to channels C1 and C2, which will be kept isolated from each other and their data will remain private. There are now two logical ledgers in this example, one for C1, and one for C2.
在这个例子中,网络已经发展到包括多个客户端应用程序,多个peer端和多个连接到一个单一的ordering 服务的管道(channel)。 peer2(P2)是连接到管道(channel)C1和C2的唯一peer节点,它们将保持彼此隔离,并且其数据将保持私密。 在这个例子中,现在有两个逻辑总账,一个用于C1,一个用于C2。
Simple vocabulary/简单的词汇