Table of Contents
Bonjour is Apple’s service discovery protocol which locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records.
Before you implement and test new bonjour features, you will have to set up initial bonjour gateway configuration on WLC. The complete details are described in Bonjour Deployment using mDNS Gateway.
- Printing Services
- File Sharing Services
- Remote Desktop Services
- iTunes File Sharing
- iTunes Wireless iDevice Syncing (in Apple iOS v5.0+)
- AirPlay offering the following streaming services:
Each query or advertisement is sent to the Bonjour multicast address for delivery to all clients on the subnet. Apple’s bonjour protocol relies on mDNS operating at UDP port 5353 and each query or advertisement are sent to the following reserved group addresses:
The addresses used by the Bonjour protocol are link-local multicast addresses and thus are only forwarded on the local L2 domain. Routers cannot use multicast routing to redirect the traffic because the time to live (TTL) is set to one, and link-local multicast is meant to stay local by design.
Bonjour is Apple’s version of Zeroconf – mDNS with DNS-SD. Apple devices will advertise their services via IPv4 and IPv6 simultaneously (IPv6 link local and Globally Unique). Current 7.4 implementation does not support Bonjour Snooping for IPv6 addresses. On an iPad, IPv6 cannot be turned off and no change can be made to any of the Bonjour settings.
To address this issue Cisco WLC acts as a Bonjour Gateway. The WLC listens for Bonjour services and by caching those Bonjour advertisements (AirPlay, AirPrint etc.) from the source/host e.g. AppleTV, responds back to Bonjour clients when a request for service is initiated. The following illustrates this process.
From 7.4 release, WLC supports bonjour gateway functionality on WLC itself for which you need not enable multicast on the controller. The WLC will snoop all bonjour discovery packets and will not forward the same on AIR or Infra network.
Step 1 To configure and demonstrate Bonjour feature on WLC, create a dynamic interface for Bonjour services on separate VLAN than the Client VLAN. Here is an example showing different interfaces and VLANs for Clients and Apple TV:
Step 2 Create a WLAN for clients with any security type. By default mDNS Snooping is enabled on WLAN. To confirm, choose WLAN id > Advanced tab and make sure that the mDNS Snooping option is Enabled. Select the mDNS Profile as the default-mdns-profile to allow the Bonjour services that you require to be advertised on a particular WLAN. Click Apply.
Step 4 Connect the Apple TV to the SSID created for device services and the Bonjour client (iPad/iPhone) to SSID for clients. Navigate to Monitor > Clients, the Bonjour servicing Apple TV and Bonjour Client (your iPad/IPhone) are associated to two different SSID’s as shown below:
Step 5 Click on the client’s MAC address of bonjour device Apple TV as shown in the image above to view its details. Similarly, check to see if the Apple TV is associated to the interface mapped to a different VLAN than that of a client’. In this case it is VLAN 11.
Step 6 Now go back and click the MAC Address of client (iPad/iPhone) to view its details. Similar to the below diagram, check to see if iPad/iPhone is associated to the interface other than the services interface. In this case it is VLAN 10.
Step 1 To create and apply Bonjour services, navigate to CONTROLLER > mDNS > General. To enable mDNS Global Snooping, check the mDNS Global Snooping check box under Global Configuration; as it is disabled by default and click Apply. Also, the Master Services Database shows the default profiles which are preconfigured.
The Master Service Database is a user configured database for all the bonjour services supported by WLC. As shown in the above figure, there is a default list of services like Apple TV and printer added to this list on start-up in the master service database. WLC snoops and learns about mDNS service advertisements only if the service is present in the master service list database. Similarly only those queries for services listed in the master-service-list will be responded back to clients subject to the condition that the bonjour profile name associated with the client allows for the service being queried for. Currently a maximum of 64 services can be included into the master-service-list database, this means that the controller has the potential to snoop and learn about 64 different services.
Step 2 To add bonjour services to the master-service-list database, from the Select Service drop-down list that display all services, choose the desired option. For the demonstration here, choose Scanner.
Step 6 When Bonjour Service shows up under Domain Name, verify to which mDNS profile it is tied to by navigating to mDNS > General > AppleTV. As only the default profile is used, the services will show up under Profile Name, default-mdns-profile.
In most scenarios, some bonjour devices may be directly connected to the switch or device. Bonjour services can be accessed even when the bonjour device is connected via an Ethernet cable on a network.
The VLAN of wired Bonjour devices must be trunked to the controller so that their advertisements can be seen and sent out to wireless clients. In our example the bonjour device (Apple TV) is on VLAN 11 tied to the dynamic interface on the controller.
Processing of mDNS service advertisements and mDNS query packets is enhanced to support LSS. All valid mDNS service advertisements received at the WLC will be tagged with the MAC address of the AP associated with the service advertisement from the SP while inserting the new entry into the SP-DB. Subsequently response formulation to client query would filter the wireless entries in the SP-DB using the MAC address of the AP associated with the querying client. LSS only applies to wireless SP-DB entries. There is no location awareness for wired SP devices.
- LSS filtering applies only to wireless SP-DB entries.
- Querying-client’s AP base radio MAC address is used to query the RRM-DB to get the AP-NEIGHBOR-LIST.
- Wireless SP-DB entries are filtered based on the AP-NEIGHBOR-LIST if LSS is enabled for the service.
- If LSS is disabled for any other service then the wireless SP-DB entries will not be filtered while responding to any query from a wireless client for the said service.
- Wired SP-DB entries are never filtered.
- LSS status cannot be enabled for services with ORIGIN set to WIRED and vice-versa.
This is an existing CLI and is updated to display the LSS status / Origin Status for each string in the summary page itself so that the user can quickly know if the service is being enabled or disabled for LSS without having to go into the detail of each service by issuing.
The RRM DB provides a list of neighboring AP for any given AP and this information will be acted upon while filtering the SP-DB wireless entries in response to mDNS queries originating from wireless clients.
When a client queries for a service, the WLC using the client’s AP MAC address looks up RRM DB for the neighbor AP-list. WLC then filters the SP-DB for the service along with the service providers associated with the AP-list and responds back to the client query.
3. VLAN’s visibility at WLC is achieved by APs forwarding the mDNS advertisements to controllers. The mDNS packet between AP and controller are forwarded in CAPWAP data tunnel similar to mDNS packets from wireless client.
AP will send untagged packets when a query is to be sent. When an mDNS advertisement is received by mDNS AP, VLAN information is not passed to the controller. Hence the service provider’s VLAN, learnt via mDNS AP’s access VLAN will be maintained as 0 in the controller.
7. If the AP is in trunk mode, then the user has to configure the VLAN on the controller on which AP would snoop & forward the mDNS packets. The native VLAN snooping is enabled by default when mDNS AP is enabled. AP will send VLAN information as 0 for packets snooped on native VLAN.
Step 2 There is no default mDNS AP, you will need to enable default mDNS AP in WLC. The configuration of mDNS AP is currently done through CLI. Run the following command to see if there is any AP configured as mDNS AP.
Step 3 Before enabling mDNS AP, check to see what services have already been cached on WLC. Navigate to CONTROLLER > mDNS > Domain Names. In the below illustration, an AppleTV is being discovered as a wireless medium on VLAN 11 (There are no wired services being discovered)
This CLI command allows the user to enable/disable mDNS forwarding on an AP joined to the controller. This CLI also allows the user to configure the VLAN on which the AP should snoop and forward the mDNS packets.
If the AP is in access mode, the user should NOT configure any VLANs on AP to snoop. AP will send untagged packets when query is to be sent. When an mDNS advertisement is received by mDNS AP, VLAN information is not passed to the controller. Hence the Service provider’s VLAN, learnt via mDNS AP’s access VLAN will be maintained as 0 in the controller.
In 7.4 release there was a limitation of 100 service providers per 64 service types and this was insufficient for some services like AppleTV. In the current 7.5 implementation this restriction is removed and there is only a global service-provider limit per platform i.e. 6400 on WLC 2500/5500/WiSM-2 and 16000 on WLC7500/8500.
As long as the total number of service providers for all services is within this limit any service is free to learn/discover as many services and there is no per service reservation/restriction. This allows flexibility to accommodate more service providers for any service w.r.t other services. In addition to this there is provision to configure 50 MAC addresses per service and these mac addresses are the SP MAC which needs priority. This guarantees that any service advertisements originating from these MACs for the configured services will be learnt even if the SP-DB is full by deleting the last non-priority SP from the service having the highest number of SP. While configuring the priority MAC address for a service, there is an optional parameter i.e. ap-group which only applies to WIRED Service Providers to associate a sense of location to the wired SP devices. When a client mNDS query originates from this ap-group the wired entries with priority MAC and ap-group will be looked up and those entries will be listed first in the aggregated response.
This allows user to configure per service MAC addresses of service-providing devices so that they are guaranteed to be snooped and discovered even if the SP-DB is full. The optional ap-group applies only to WIRED SP devices to given them a sense of location and those SP will be placed higher in the order than the other wired devices. Please note only the order is changing and not the contents for the wired SP.
- Any service can have any number of SP as long as the global limit allows the same.
- Priority-mac support will ensure each service can have at least 50 SP in the least if the DB is full i.e. Supports a max of 50 MAC addresses per service.
- Ensures that the priority service providers are always discovered even if the SP-DB is FULL.
- The last non-priority SP for the service with the highest number of SP will be deleted to accommodate the priority SP.
- If the MAC address is that of WIRED SP and the ap-group name [ optional ] is configured, it gives a sense of location to the wired SP.
- When a query from a wireless client is processed the WIRED-SP will be ORDERED [ not filtered ] such that the wired SP with ap-group matching the client’s ap group are higher up in order. It means that the client will see wired devices nearby first.
In 7.4 release once a service is configured, it will be learnt from wired/wireless and there is no option to restrict the learning to wired only or wireless only or all. This configuration is provided now in 7.5 release. All services learnt from mDNS AP are treated as wired and similarly for guest also they are treated as wired. When the learn origin is WIRED then LSS cannot be enabled for the service, since LSS only applies to wireless services.
This provides greater control to restrict the learning of services from wired or wireless or both. In the below example, In below example we set the origin to wireless on the service AppleTV and restrict the Airplay services on the wired. Even though there are three services being cached on WLC, only one service will be seen on the wireless client.
- Provides flexibility to learn any service based on its origin type i.e [ wireless/wired/all ]. Provides filtering on in-bound mDNS service advertisements.
- If wireless SP are preferred as against wired SP, then the service origin could be set to WIRELESS so that only wireless SP for the said service will be discovered.
- Services with origin set to WIRELESS cannot be changed to WIRED if the LSS status is enabled for the service, since LSS applies only to wireless SP-DB.
- When Origin is changed between wireless and wired, the SP-DB entries with the old origin type will be cleared.
- This can be used to clear SP-DB entries for a service.
Any mDNS configuration performed on Active WLC will be synced up on Standby WLC besides the mDNS AP configuration. For mDNS AP no sync up is needed on standby as the AP configuration information is always stored on AP. Complete bonjour database will be synced to stanby WLC.
- Bonjour browser is a cache of all the service advertisements seen at WLC and not discovered because configuration did not allow learning.
- Service advertisements across all VLANs and ORIGIN types that are not learnt are displayed in Bonjour browser.
- Bonjour browser is a cache of top 500 service advertisements entries.
- You can view the services that are not learnt and add them manually.
- All platforms already supporting Bonjour in WLC software release 7.4, will support Bonjour in WLC software release 7.5 as well.
- mDNS AP is supported only on local and monitor mode APs.
- LSS filtering will not be applicable to wired services and the services learnt from mDNS-AP which are essentially wired services.
- 1240/1130 APs cannot be configured as mDNS APs.
- IPv6 for bonjour services is not supported.
- In case of anchor – foreign scenario, the foreign controller will snoop the wireless services not the anchor. If the VLAN visibility is spread across controllers, the anchor will snoop the service from wired side.