Hyperledger Fabric Network/Hyperledger Fabric网络
A Fabric permissioned blockchain network is a technical infrastructure that provides ledger services to application consumers and administrators. In most cases, multiple organizations come together as a consortium to form the network and their permissions are determined by a set of policies that are agreed to by the the consortium when the network is originally configured. Moreover, network policies can change over time subject to the agreement of the organizations in the consortium.
This document will take you through the decisions that organizations will need to make to configure and deploy a Hyperledger Fabric network, form channels to transact within the network, and how to update those decisions within the life of the network. You will also learn how those decisions are embedded in the architecture and components of Hyperledger Fabric.
本文档将带领您浏览整个决策，包括组织将需要配置和部署一个Hyperledger Fabric网络，形成在网络中进行交易的管道(channel)，以及如何在网络生命周期内更新这些决策。您还将了解这些决策如何嵌入到Hyperledger Fabric的体系结构和组件中。
In this topic, we’ll focus on the major components of the network, why they exist, and when to use them. This topic is intended for Blockchain Architects and Blockchain Network Administrators. Blockchain application developers may also have an interest. As this is intended to be a conceptual document, if you would like to dig deeper into the technical details we encourage you to review the available technical documents on this site.
The business requirements for the blockchain network – Example/区块链网络的业务需求 - 例子
The organizations RA, RB, RC and RD have decided to jointly invest in a Fabric blockchain network. Organization RA will contribute 3 peers, and 2 client applications of RA will consume the services of the blockchain network. Organization RB will contribute 4 peers and has 1 client application. Organization RC contributes 3 peers and has 2 client applications. Organization RD contributes 4 orderers. Organization RA and RB have decided to form a consortium and exploit a separate application channel between the two of them. Organization RB and RC have decided to form another consortium and also exploit a separate application channel between the two of them. Each application channel has its own policy.
A network consists of:
总账（每个管道(channel)一个 - 由区块链和状态数据库组成）
Client applications owned by organizations
Clients of Blockchain network administrators
The Fabric Certificate Authority (CA) issues the certificates for organizations to authenticate to the network. There can be one or more CAs on the network and organizations can choose to use their own CA. Additionally, client applications owned by organizations in the consortium use certificates to authenticate transaction proposals, and peers use them to endorse proposals and commit transactions to the ledger if they are valid.
Fabric 证书颁发机构（CA）颁发证书以供组织向网络进行认证。网络上可以有一个或多个CA，组织可以选择使用自己的CA. 此外，联盟中的组织拥有的客户端应用程序使用证书来验证交易提议，peers使用它们来认可提议，并在交易提议有效时将交易提交到总账。
The explanation of the diagram is as follows: There is a Fabric network N with network policy NP1 and ordering service O. Channel C1 is governed by channel policy CP1. Channel C1 has been established by consortium RARB. Channel C1 is managed by ordering service O and peers P1 and P2 and client applications A1 and A2 have been granted permission to transact on C1. Client application A1 is owned by organization RA. Certificate authority CA1 serves organization RA. Peer P2 maintains ledger L1 associated with channel C1 and L2 associated with C2. Peer P2 makes use of chain code S4 and S5. The orderer nodes of ordering service O are owned by organization RD.
该图的解释如下：Fabric网络N有一个网络策略NP1和ordering 服务O. C1管道(channel)由管道(channel)策略CP1管理。 管道(channel) C1由财团RARB建立。管道(channel)C1通过ordering 服务O和peers P1和P2来管理，并且客户端应用A1和A2已经被授权在C1上进行交易。客户端应用程序A1由组织RA拥有。证书颁发机构CA1为组织RA服务。Peer P2维护与管道(channel)C1相关联的总账L1和与C2相关联的L2。 Peer P2使用链码S4和S5。ordering 服务O的orderer节点由组织RD拥有。
Creating the Network/创建网络
The network is created from the definition of the consortium including its clients, peers, channels, and ordering service(s). The ordering service is the administration point for the network because it contains the configuration for the channel(s) within the network. The configurations for each channel includes the policies for the channel and the membership information (in this example X509 root certificates) for each member of the channel.
该网络是根据联盟的定义创建的，其中包括其客户，peers，管道(channels)和ordering 服务。 ordering 服务是网络的管理点，因为它包含网络中管道(channel)的配置。 每个管道(channel)的配置包括该管道(channel)的策略，管道(channel)的每个成员信息（在本例中为X509根证书）。
Defining a Consortium/定义一个联盟
A consortium is comprised of two or more organizations on the network. Consortiums are defined by organizations that have a need for transacting business with one another and they must agree to the policies that govern the network.
Creating a channel for a consortium/为联盟创建一个管道(channel)
A channel is a communication means used to connect the components of the network and/or the member client applications. Channels are created by generating the configuration block on the ordering service, which evaluates the validity of the channel configuration. Channels are useful because they allow for data isolation and confidentiality. Transacting organizations must be authenticated to a channel in order to interact with it. Channels are governed by the policies they are configured with.
管道(channel)是用于连接网络组件和/或成员客户端应用程序的通信手段。 通过在ordering 服务上生成配置块来创建管道(channel)，该配置块用于评估管道(channel)配置的有效性。 管道(channel)是有用的，因为它们考虑到了数据隔离和机密性。 交易组织必须通过身份验证才能与管道(channel)进行交互。 管道(channel)由它们配置的策略管理。
Peers and Channels/Peers和管道(channel)
Peers are joined to channels by the organizations that own them, and there can be multiple peer nodes on channels within the network. Peers can take on multiple roles:
Endorsing peer – defined by policy as specific nodes that execute smart contract transactions in simulation and return a proposal response (endorsement) to the client application.
背书(Endorsing) peer - 由策略定义，作为一个特定节点，在模拟中执行智能合约，并向客户端应用程序返回提议响应（认可）。
Committing peer – validates blocks of ordered transactions and commits (writes/appends) the blocks to a copy of the ledger it maintains.
Committing peer- 验证有序交易块并将块提交（写入/附加）到它所维护的总账的副本。
Because all peers maintain a copy of the ledger for every channel to which they are joined, all peers are committing peers. However, only peers specified by the endorsement policy of the smart contract can be endorsing peers. A peer may be further defined by the roles below:
Anchor peer – defined in the channel configuration and is the first peer that will be discovered on the network by other organizations within a channel they are joined to.
Anchor peer – 定义在管道(channel)配置中，且在该网络上，其是第一个被其它加入到管道(channel)内的组织发现的peer。
Leading peer – exists on the network to communicate with the ordering service on behalf of an organization that has multiple peers.
Leading peer - 存在与网络上，和ordering 服务通信，代表一个具有多个peers的组织。
Applications and Smart Contracts/应用程序和智能合约
Smart contract chaincode must be installed and instantiated on a peer in order for a client application to be able to invoke the smart contract. Client applications are the only place outside the network where transaction proposals are generated. When a transaction is proposed by a client application, the smart contract is invoked on the endorsing peers who simulate the execution of the smart contract against their copy of the ledger and send the proposal response (endorsement) back to the client application. The client application assembles these responses into a transaction and broadcasts it to the ordering service.
智能合约链码必须安装在peer上并实例化，以便客户端应用程序能够调用智能合约。 客户端应用程序是网络之外生成交易提议的唯一地方。 当客户端应用程序提出交易时，智能合约将在认可的peers上调用，peers模拟针对总账本副本的智能合约的执行，并将提议响应（认可）发送回客户端应用程序。 客户端应用程序将这些响应组装到交易中并将其广播到ordering 服务。
Growing the network/增长的网络
While there no theoretical limit to how big a network can get, as the network grows it is important to consider design choices that will help optimize network throughput, stability, and resilience. Evaluations of network policies and implementation of gossip protocol to accommodate a large number of peer nodes are potential considerations.
Simplifying the visual vocabulary/简化视觉词汇
In the diagram below we see that there are two client applications connected to two peer nodes and an ordering service on one channel. Since there is only one channel, there is only one logical ledger in this example. As in the case of this single channel, P1 and P2 will have identical copies of the ledger (L1) and smart contract – aka chaincode (S4).
在下图中，我们看到有两个客户端应用程序连接到两个peer节点，一个管道(channel)上的ordering 服务。 由于只有一个管道(channel)，因此此例中只有一个逻辑总账。 就像这个单一管道(channel)一样，P1和P2将具有相同的总账（L1）副本和智能合约 – 又名链码（S4）。
Adding another consortium definition/增加另一个联盟定义
As consortia are defined and added to the existing channel, we must update the channel configuration by sending a channel configuration update transaction to the ordering service. If the transaction is valid, the ordering service will generate a new configuration block. Peers on the network will then have to validate the new channel configuration block generated by the ordering service and update their channel configurations if they validate the new block. It is important to note that the channel configuration update transaction is handled by system chaincode as invoked by the Blockchain network Administrator, and is not invoked by client application transaction proposals.
当联盟被定义并添加到现有管道(channel)时，我们必须通过向ordering 服务发送管道(channel)配置更新交易来更新管道(channel)配置。 如果交易有效，则ordering 服务将生成一个新的配置块。 然后，网络上的peers必须验证由ordering 服务生成的新管道(channel)配置块，并在验证新块时更新其管道(channel)配置。 请注意，管道(channel)配置更新交易由系统链码处理 ,由区块链网络管理员调用，并且不由客户端应用程序交易提议调用。
Adding a new channel/添加一个新管道(channel)
Organizations are what form and join channels, and channel configurations can be amended to add organizations as the network grows. When adding a new channel to the network, channel policies remain separate from other channels configured on the same network.
In this example, the configurations for channel 1 and channel 2 on the ordering service will remain separate from one another.
Adding another peer/添加另一个peer
In this example, peer 3 (P3) owned by organization 3 has been added to channel 2 (C2). Note that although there can be multiple ordering services on the network, there can also be a single ordering service that governs multiple channels. In this example, the channel policies of C2 are isolated from those of C1. Peer 3 (P3) is also isolated from C1 as it is authenticated only to C2.
在这个例子中，组织3拥有的peer3（P3）已被添加到管道(channel)2（C2）。 请注意，虽然网络上可以有多个ordering 服务，但也可以有一个单一的ordering 服务来管理多个管道(channel)。 在这个例子中，C2的管道(channel)策略与C1的管道(channel)策略是分开的。 同级3（P3）也与C1隔离，因为它仅通过C2进行身份验证。
Joining a peer to multiple channels/将peer加入到多个管道(channel)
In this example, peer 2 (P2) has been joined to channel 2 (C2). P2 will keep channels C1 and C2 and their associated transactions private and isolated. Additionally, client application A3 will also be isolated from C1. The ordering service maintains network governance and channel isolation by evaluating policies and digital signatures of all nodes configured on all channels.
在这个例子中，peer 2（P2）已经连接到管道(channel)2（C2）。 P2将保持管道(channel)C1和C2及其关联交易的私密性和隔离性。 此外，客户端应用程序A3也将与C1隔离。ordering 服务通过评估所有管道上配置的所有节点的策略和数字签名来维护网络管理和管道隔离。
Network fully formed/网络完全形成
In this example, the network has been developed to include multiple client applications, peers, and channels connected to a single ordering service. Peer 2 (P2) is the only peer node connected to channels C1 and C2, which will be kept isolated from each other and their data will remain private. There are now two logical ledgers in this example, one for C1, and one for C2.
在这个例子中，网络已经发展到包括多个客户端应用程序，多个peer端和多个连接到一个单一的ordering 服务的管道(channel)。 peer2（P2）是连接到管道(channel)C1和C2的唯一peer节点，它们将保持彼此隔离，并且其数据将保持私密。 在这个例子中，现在有两个逻辑总账，一个用于C1，一个用于C2。