Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for
Configuring the Service Discovery Gateway
The
following are restrictions for configuring the Service Discovery Gateway:
The
Service Discovery Gateway does not support topologies with multiple hops. All
network segments must be connected directly to it. The Service Discovery
Gateway can learn services from all connected segments to build its cache and
respond to requests acting as a proxy.
Information about the Service Discovery Gateway and mDNS
mDNS
mDNS was defined to achieve zero configuration, with zero configuration
being defined as providing the following features:
Addressing—Allocating IP addresses to hosts
Naming—Using
names to refer to hosts instead of IP addresses
Service
discovery—Finding services automatically on the network
With mDNS, network
users no longer have to assign IP addresses, assign host names, or type in
names to access services on the network. Users only need to ask to see what
network services are available, and choose from a list.
With mDNS,
addressing is
accomplished through the use of DHCP/DHCPv6 or IPv4 and IPv6 Link Local scoped
addresses. The benefit of zero-configuration occurs when no infrastructure
services such as DHCP or DNS are present and self-assigned link-local
addressing can be used. The client can then select a random IPv4 address in the
link-local range (169.254.0.0/24) or use its IPv6 link-local address
(FE80::/10) for communication.
With mDNS,
naming
(name-to-address translation on a local network using mDNS) queries are sent
over the local network using link-local scoped IP multicast. Because these DNS
queries are sent to a multicast address (IPv4 address 224.0.0.251 or IPv6
address FF02::FB), no single DNS server with global knowledge is required to
answer the queries. When a service or device sees a query for any service it is
aware of, it provides a DNS response with the information from its cache.
With mDNS,
service
discovery is accomplished by browsing. An mDNS query is sent out for a
given service type and domain, and any device that is aware of matching
services replies with service information. The result is a list of available
services for the user to choose from.
The mDNS protocol
(mDNS-RFC), together with DNS Service Discovery (DNS-SD-RFC) achieves the
zero-configuration addressing, naming, and service discovery.
Multicast
DNS Service Discovery (mDNS-SD) uses DNS protocol semantics and multicast over
well-known multicast addresses to achieve zero configuration service discovery.
DNS packets are sent to and received on port 5353 using a multicast address of
224.0.0.251 and its IPv6 equivalent FF02::FB.
Because mDNS uses a
link-local multicast address, its scope is limited to a single physical or
logical LAN. If the networking reach needs to be extended to a distributed
campus or to a wide-area environment consisting of many different networking
technologies, mDNS gateway is implemented. An mDNS gateway provides a transport
for mDNS packets across Layer 3 boundaries by filtering, caching, and
redistributing services from one Layer 3 domain to another.
mDNS packets can
be sent out of Layer 3 interfaces that might not have an IP address.
Packets with mDNS
multicast IP and multicast MAC are sent on a multicast CAPWAP tunnel, if
multicast-multicast mode is enabled. A multicast CAPWAP tunnel is a special
CAPWAP tunnel used for reducing the number of copies of multicast packet that
are required to be generated for each AP CAPWAP tunnel. Sending packets on the
multicast CAPWAP tunnel requires the outer IP header to be destined to the
multicast CAPWAP tunnel's address, which all APs are subscribed to.
All mDNS packet
handling is done at a foreign switch for roamed clients. A foreign switch is
the new switch that a roamed wireless client is actually attached to, which is
called the point of attachment.
Service Discovery Gateway
The Service Discovery Gateway feature enables multicast Domain Name System (mDNS) to operate across Layer 3 boundaries (different subnets). An mDNS gateway provides transport for service discovery across Layer 3 boundaries by filtering, caching, and redistributing services from one Layer 3 domain (subnet) to another. Prior to implementation of this feature, mDNS was limited in scope to within a subnet because of the use of link-local scoped multicast addresses. This feature enhances Bring Your Own Device (BYOD).
You
need to enable an mDNS gateway for service discovery to operate across subnets.
You can enable mDNS gateway for a device or for an interface.
Note
You need to
configure service routing globally before configuring at the interface level.
After the device or
interface is enabled, you can redistribute service discovery information across
subnets. You can create service policies and apply filters on either incoming
service discovery information (called IN-bound filtering) or outgoing service
discovery information (called OUT-bound filtering).
Note
If redistribution
is enabled globally, global configuration is given higher priority than
interface configuration.
Figure 1. Sample
Networking Scenario. For example, if
the mDNS gateway functionality is enabled on the router in this figure, then
service information can be sent from one subnet to another and vice-versa. For
example, the printer and fax service information being advertised in the
network with IP address 192.0.2.6 are redistributed to the network with IP
address 198.51.100.4. The printer and fax service information in the network
with IP address 192.0.2.6 is learned by mDNS-enabled hosts and devices in the
other network.
Filtering
After configuring the mDNS gateway and subnets, you can filter services that you want to redistribute. While creating a service list, the permit or deny command options are used:
The permit command option allows you to permit or transport specific service list information.
The deny option allows you to deny service list information that is available to be transported to other subnets.
You need to include a sequence number when using the permit or deny command option. The same service list name can be associated with multiple sequence numbers and each sequence number will be mapped to a rule.
Note
If no filters are configured, then the default action is to deny service list information to be transported through the device or interface.
Query is another option provided when creating service lists. You can create queries using a service list. If you want to browse for a service, then active queries can be used. This function is helpful to keep the records refreshed in the cache.
Note
Active queries can only be used globally and cannot be used at the interface level.
A service end-point (such as a printer or fax) sends unsolicited announcements when a service starts up. After that, it sends unsolicited announcements whenever a network change event occurs (such as an interface coming up or going down). The device always respond to queries.
After creating a service list and using the permit or deny command options, you can filter using match statements (commands) based on service-instance, service-type, or message-type (announcement or query).
Enters mDNS
service discovery service list mode. In this mode, you can:
Create a
service list and apply a filter on the service list according to the
permit or
deny option
applied to the sequence number.
Create a
service list and associate a query for the service list name if the
query option is
used.
Note
The sequence
number sets the priority of the rule. A rule with a lower sequence number is
selected first and the service announcement or query is allowed or denied
accordingly. You define the sequence number as per your network requirements.
Step 4
match message-type
{announcement |
any |
query}
Example:
Switch(config-mdns-sd-sl)# match message-type announcement
(Optional) Sets the message type to match. You can match the following
message types:
announcement
any
query
These commands
configure the parameters for the service list name that is created in step 2.
If the
match message-type
is an announcement, then the service list rule
only allows service advertisements or announcements for the device. If the
match message-type
is a query, then only a query from the client for
a certain service in the network is allowed.
Multiple
service maps of the same name with different sequence numbers can be created
and the evaluation of the filters will be ordered on the sequence number.
Service lists are an ordered sequence of individual statements, each one has a
permit or deny result. Evaluation of service list consists of a list scan, in a
predetermined order, and an evaluation of the criteria of each statement that
matches. A list scan is stopped once the first statement match is found and an
action permit/deny associated with the statement match is performed. The
default action after scanning through the entire list is to deny.
Note
You cannot
use the
match command
if you have used the
query option in
the previous step. The
match command
can be used only for the
permit or
deny option.
Step 5
match
service-instance { LINE }
Example:
Switch(config-mdns-sd-sl)## match service-instance servInst 1
(Optional)
Sets the service instance to match.
This command
configures the parameters for the service list name that is created in step 2.
Note
You cannot
use the
match command
if you have used the
query option
in the previous step. The
match command
can be used only for the
permit or
deny option.
Step 6
match service-type
{LINE }
Example:
Switch(config-mdns-sd-sl)# match service-type _ipp._tcp
(Optional)
Sets the value of the mDNS service type string to match.
This command
configures the parameters for the service list name that is created in step 2.
Note
You cannot
use the
match command
if you have used the
query option
in the previous step. The
match command
can be used only for the
permit or
deny option.
Step 7
end
Example:
Switch(config-mdns-sd-sl)# end
Returns to
privileged EXEC mode.
What to Do Next
Proceed to enable
the mDNS gateway and redistribution of services.
1. Choose
Configuration > Controller > mDNS > Service
List.
2.Click
Create Service.
3.In the
Service List Name text box, enter the service
list name.
4.From the
Service rule drop-down list, choose from the
following options:
permit—permits
the service list.
deny—denies
the service list.
5.In the
Sequence number text box, enter the priority
of the rule.
6.From the
Message type drop-down list, choose the
message type to match from the following options:
announcement—The
service list rule allows only service advertisements or announcements for the
device.
query—The
service list rule allows only a query from the client for a service in the
network.
any—The
service list rule allows any type of message.
7.In the
Service instance text box, enter the service
instance to match.
8.In the
Custom text box, enter the mDNS service type
string to match.
9.Click
Apply.
10.Click
Save Configuration.
DETAILED STEPS
Step 1
Choose
Configuration > Controller > mDNS > Service
List.
Step 2
Click
Create Service.
The
Service List > Create
Service page is displayed.
Step 3
In the
Service List Name text box, enter the service
list name.
Step 4
From the
Service rule drop-down list, choose from the
following options:
permit—permits
the service list.
deny—denies
the service list.
Step 5
In the
Sequence number text box, enter the priority
of the rule.
A rule with a lower sequence number is selected first and the
service announcement or query is allowed or denied accordingly. You define the
sequence number as per your network requirements.
Step 6
From the
Message type drop-down list, choose the
message type to match from the following options:
announcement—The
service list rule allows only service advertisements or announcements for the
device.
query—The
service list rule allows only a query from the client for a service in the
network.
any—The
service list rule allows any type of message.
Multiple service maps of the same name with different sequence
numbers can be created and the evaluation of the filters will be ordered on the
sequence number. Service lists are an ordered sequence of individual
statements, each one has a permit or deny result. Evaluation of service list
consists of a list scan, in a predetermined order, and an evaluation of the
criteria of each statement that matches. A list scan is stopped once the first
statement match is found and an action permit/deny associated with the
statement match is performed. The default action after scanning through the
entire list is to deny.
Step 7
In the
Service instance text box, enter the service
instance to match.
Step 8
In the
Custom text box, enter the mDNS service type
string to match.
The
Learned Service box shows the services that
are added after enabling the learned service type configured by navigating to
Configuration > Controller > mDNS > Global.
For example, _roap._tcp.local.
The
Selected Service box shows the learned service
that you have selected for an mDNS service.
Step 9
Click
Apply.
Step 10
Click
Save Configuration.
What to Do Next
Proceed to enable the mDNS gateway and redistribution of services.
Enabling mDNS
Gateway and Redistributing Services
(CLI)
After enabling mDNS
gateway for a device, you can apply filters (apply IN-bound filtering or
OUT-bound filtering) and active queries by using
service-policy
and
service-policy-query commands, respectively. You
can redistribute services and service announcements using the
redistribute
mdns-sd command, and set some part of the system memory for cache
using the
cache-memory-max command.
Note
By default, mDNS
gateway is disabled on all interfaces.
Enables mDNS
gateway functionality for a device and enters multicast DNS configuration
(config-mdns) mode.
Note
This command
enables the mDNS function globally.
Note
Enter the
service-routing mdns-sd
source-interfaceif-name command in either global-config or
interface-config mode, to specify an alternate source interface for outgoing
mDNS packets, so its IP address can be used when there is none configured on
the outgoing interface.
Step 4
service-policyservice-policy-name {IN |
OUT}
Example:
Switch (config-mdns)# service-policy serv-pol1 IN
(Optional) For a
service list, applies a filter on incoming service discovery information
(IN-bound filtering) or outgoing service discovery information (OUT-bound
filtering).
Step 5
redistribute mdns-sd
Example:
Switch (config-mdns)# redistribute mdns-sd
(Optional)
Redistributes services or service announcements across subnets.
Note
If
redistribution is enabled globally, global configuration is given higher
priority than interface configuration.
Step 6
cache-memory-maxcache-config-percentage
Example:
Switch (config-mdns)# cache-memory-max 20
(Optional) Sets
some part of the system memory (in percentage) for cache.
Note
By default,
10 percent of the system memory is set aside for cache. You can override the
default value by using this command.
3.From the
Learn Service drop-down list, choose from the
following options:
Enable—
Allows the
switch
to learn all the announced services. It is used to learn services by enabling
all announcement/queries by using Service Policy IN of type GUI-permit-all and
in Service Policy OUT of type GUI-deny-all.
Disable—
Denies all the traffics IN and OUT. It is used to deny services by disabling
all announcement/queries by using Service Policy IN of type GUI-deny-all and in
Service Policy OUT of type GUI-deny-all.
Custom— You
can set your own IN and OUT policy. It allows you to define a custom service
list.
From the
Learn Service drop-down list, choose from the
following options:
Enable—
Allows the
switch
to learn all the announced services. It is used to learn services by enabling
all announcement/queries by using Service Policy IN of type GUI-permit-all and
in Service Policy OUT of type GUI-deny-all.
Disable—
Denies all the traffics IN and OUT. It is used to deny services by disabling
all announcement/queries by using Service Policy IN of type GUI-deny-all and in
Service Policy OUT of type GUI-deny-all.
Custom— You
can set your own IN and OUT policy. It allows you to define a custom service
list.
Step 4
Click
Apply.
Step 5
Click
Save Configuration.
Monitoring Service Discovery Gateway
Table 1 Monitoring Service Discovery Gateway
Command
Purpose
show mdns requests [detail | namerecord-name| typerecord-type [ namerecord-name]]
This command displays information for outstanding mDNS requests, including record name and record type information.
show mdns cache [interfacetype number | namerecord-name [typerecord-type]| typerecord-type]
This command displays mDNS cache information.
show mdns statistics {all | service-listlist-name | service-policy {all | interfacetype number }}
This command displays mDNS statistics.
Configuration Examples
Example: Specify Alternative Source Interface for Outgoing mDNS Packets
The following example displays how to specify an alternate source interface for outgoing mDNS packets, so
its IP address can be used when there is none configured on the
outgoing interface.
The following example displays how to redistribute service announcements received on one interface over
all the interfaces or over a specific interface.
Example: Creating a Service-List, Applying a Filter and Configuring Parameters
The following example shows the creation of a service-list sl1. The permit command option is being applied on sequence number 3 and all services with message-type announcement are filtered and available for transport across various subnets associated with the device.
Example: Enabling mDNS Gateway and Redistributing Services
The following example shows how to enable an mDNS gateway for a device and enable redistribution of services across subnets. IN-bound filtering is applied on the service-list serv-pol1. Twenty percent of system memory is made available for cache and service-list-query periodicity is configured at 100 seconds.
The Cisco
Support website provides extensive online resources, including documentation
and tools for troubleshooting and resolving technical issues with Cisco
products and technologies.
To receive
security and technical information about your products, you can subscribe to
various services, such as the Product Alert Tool (accessed from Field Notices),
the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS)
Feeds.
Access to
most tools on the Cisco Support website requires a Cisco.com user ID and
password.