2012
Sep 20

As I’ve written about in the past (here), Apple’s AirPlay technology relies on Bonjour which is Apple’s implementation of “zero config” networking. One of the things that Bonjour enables is the automatic discovery of services on the network. For example, an Apple TV might advertise itself as being able to receive AirPlay streams. An iPad that is looking for AirPlay receivers would use Bonjour to discover the Apple TV and present it to the user as an AirPlay destination. Both the Apple TV and iPad do all this without any user intervention or configuration (hence the “zero config” part).

That’s fine and dandy but what my earlier article focused on was how Bonjour broke down in a network where what I’ll call the “server” and the “client” are not in the same Layer 2 domain/VLAN. This is because the service discovery aspect of Bonjour relies on link-local scope multicast. These packets will not cross Layer 3 boundaries in the network.

Bonjour packets will not pass a Layer 3 boundary

What’s needed to make Bonjour work across subnets is a proxy that can take the service announcements on one subnet and announce them on the other(s) (and vice-versa). What’s perfect about this is that service discovery works just like DNS. In fact, it is DNS: multicast DNS (mDNS). The DNS system provides a lookup service that sits out of band of the actual traffic flow. mDNS is exactly the same. The mDNS proxy will need a leg into each subnet where AirPlay clients and servers live, but it does not have to relay traffic between the subnets. It’s merely the lookup mechanism. The reason I’m stressing this concept is because it means that the mDNS proxy can be deployed in the network without changing the network architecture. It also does nothing to change security zoning, doesn’t affect the resiliency of the network and doesn’t create a bottleneck for network traffic. It’s a very simple way to address the need (demand?) for AirPlay in a business network. Eventually all the Wi-Fi vendors will have this kind of thing built into their products but for now, this gives the IT Network team the ability to say “yes, our network can support AirPlay”.

The software I’ve used as an mDNS proxy is called Avahi. It appears to be the defacto open source software for service discovery and mDNS services. Yeah that’s right, you can use it to advertise the services that are running on the local box (SSH, HTTP, etc). But what’s really interesting is the setting that enables the “reflector” functionality.

[reflector]
enable-reflector=yes

This little knob in avahi-daemon.conf turns Avahi into an mDNS proxy where it will pick up service advertisements received on one interface and send them out on any other interface where a discovery query is received. The list of participating interfaces can be restricted using the allow-interfaces knob.

[server]
allow-interfaces=vlan10,vlan20

Bonjour packet flow with Avahi

As the diagram illustrates, this is the packet flow now between the iPad and the Apple TV:

  1. Apple TV advertises itself as an AirPlay receiver using Bonjour’s Service Discovery mechanism
  2. Since the Avahi server is connected to the same VLAN as the Apple TV, it hears the advertisement and stores the details in its database
  3. The iPad uses Service Discovery to try and locate an AirPlay receiver on the network
  4. Since the Avahi server is also connected to the same VLAN as the iPad, it hears the discovery and responds with the information for the Apple TV
  5. Within the response from Avahi, the iPad will learn the IP address and port that it should connect to the Apple TV on. The iPad will initiate a direct connection to the Apple TV

Avahi is a really lightweight piece of software. It can run on a small UNIX machine — physical or virtual — and handle discovery messages on multiple VLANs. Avahi is present in all the major Linux distributions and in the OpenBSD and FreeBSD ports collections.

Go run it.

Disclaimer

The opinions and information expressed in this blog post are my own and not necessarily those of Cisco Systems.

27 Comments

  1. By Frank Denis (@jedisct1) on Sep 20, 2012 at 10:24am MDT |

    RT @knight_joel: {blog} AirPlay, VLANs, and an Open Source Solution – Get Bonjour working across Layer 2 domains http://t.co/uctxelXK

  2. By @troymart on Sep 20, 2012 at 5:20pm MDT |

    RT @knight_joel: {blog} AirPlay, VLANs, and an Open Source Solution – Get Bonjour working across Layer 2 domains http://t.co/t3Yk4G5v

  3. By @damacus on Sep 20, 2012 at 10:27pm MDT |

    RT @knight_joel: {blog} AirPlay, VLANs, and an Open Source Solution – Get Bonjour working across Layer 2 domains http://t.co/t3Yk4G5v

  4. By Angelo Luciani (@AngeloLuciani) on Sep 22, 2012 at 9:45am MDT |

    AirPlay, VLANs, and an Open Source Solution http://t.co/8cJVPxYa (via @knight_joel)

  5. By @SVvmug on Sep 23, 2012 at 11:18am MDT |

    AirPlay, VLANs, and an Open Source Solution http://t.co/aqOBs9J5 (via @knight_joel)

  6. By Toronto VMUG (@TorontoVMUG) on Sep 23, 2012 at 5:14pm MDT |

    AirPlay, VLANs, and an Open Source Solution http://t.co/ZD7tdE0E (via @knight_joel)

  7. By AirPlay in an Enterprise Setting « Beep Boop on Jan 28, 2013 at 2:22pm MDT |

    [...] as possible, but in the mean time, here are a couple of articles touching on the subject from packetmischief.ca and Prolixium dot [...]

  8. By @selric on Feb 24, 2013 at 8:06am MDT |

    Nice
    http://t.co/AizCEvwaiL

  9. By @ExtremeNetworks on Feb 24, 2013 at 8:55am MDT |

    RT @selric: Nice
    http://t.co/AizCEvwaiL

  10. [...] rooms and sound booths for AirPlay from iOS devices and recent Macs. AirPlay works great — even across VLANs — if you have your network set up [...]

  11. By Managing 40 Apple TVs in education | TechKudos on Mar 3, 2013 at 1:09pm MDT |

    [...] rooms and sound booths for AirPlay from iOS devices and recent Macs. AirPlay works great — even across VLANs — if you have your network set up [...]

  12. By iPhone Droids – Latest in Mobile on Mar 3, 2013 at 1:48pm MDT |

    [...] rooms and sound booths for AirPlay from iOS devices and recent Macs. AirPlay works great — even across VLANs — if you have your network set up [...]

  13. [...] rooms and sound booths for AirPlay from iOS devices and recent Macs. AirPlay works great — even across VLANs — if you have your network set up [...]

  14. By Managing 40 Apple TVs in education | iPhone 4 everyone on Mar 3, 2013 at 3:43pm MDT |

    [...] rooms and sound booths for AirPlay from iOS devices and recent Macs. AirPlay works great — even across VLANs — if you have your network set up [...]

  15. By Managing 40 Apple TVs in education | Gadget Tech on Mar 3, 2013 at 4:21pm MDT |

    [...] rooms and sound booths for AirPlay from iOS devices and recent Macs. AirPlay works great — even across VLANs — if you have your network set up [...]

  16. By @lindertobias on Mar 9, 2013 at 1:43pm MDT |

    AirPlay, VLANs, and an Open Source Solution | packetmischief.ca http://t.co/z5998anjL1 (via Instapaper)

  17. By Mike on Feb 17, 2014 at 1:33pm MDT |

    Thank you for this excellent solution. I implemented this at a High School segmented into 12 wired VLANs and 4 wireless. Since I am using Microsoft Hyper-V to run Avahi, I had to create two Avahi servers to connect all of the VLANs (Hyper-V) has a limitation of 12 virtual ethernet interfaces per VM). Now everything works great, but I fear that the two servers are echoing each other’s broadcasts, since they share the wireless VLANs. What can be done to remedy this?

    • By Joel Knight on Feb 17, 2014 at 8:04pm MDT |

      Hey Mike, thanks for the feedback. Have you considered giving your VM a single vNIC (sorry, I don’t know the HyperV term for the guest NIC) and tagging your VLANs all the way to the VM? You would end up with a VM-on-a-stick instead of a multi-legged VM.

  18. By Chris on Apr 3, 2014 at 9:23am MDT |

    Can a single computer with a Single NIC be used? if so how would you configure the NIC and the Port on a 2960G cisco switch.

    • By Joel Knight on Apr 7, 2014 at 8:36pm MDT |

      Hey Chris,

      Yes, a single NIC would work as long as you’re able to do VLAN tagging (802.1Q) on the NIC of your Avahi box. You’d create one VLAN interface for each of the VLANs you want to exchange Bonjour messages between. The configuration for this is going to be up to whatever OS you’re running; they’re all different.

      On the Catalyst you’d do something like this:

      conf t
      interface gigX/Y
      description To Avahi box
      switch trunk encap dot1q
      switch mode trunk
      spann portfast trunk

  19. By David Fung on Jun 3, 2014 at 10:43pm MDT |

    Hi,

    Sorry, based on the above link (http://avahi.org/) redirection, I can’t locate the Avahi open source software. Do you know where I can download it?

    Thanks!

    • By Joel Knight on Jun 4, 2014 at 7:31pm MDT |

      Hmm, looks like their site is off air. I don’t know of any other official site or mirror. Most of the Linux distros and the BSDs all have binary packages though. Have you tried that?

  20. By David Fung on Jun 7, 2014 at 1:03am MDT |

    Thanks. I will try other Linux OS.

  21. By Niko K on Jul 22, 2014 at 6:18pm MDT |

    Hi Joel, this is an awesome post! I tried using the idea and apply it to VPN. I have a device with two NICs and also acts as a router gateway and VPN server.

    I have avahi running properly on the device with reflecting turned on. I also see in the logs that avahi successfully registers eth0 (internet), eth1(lan) and ppp0 (my machine VPNed in) for mDNS pooling.

    But still no dice! iOS device that is in eth1′s network cannot see the AirServer I have running on my laptop that is VPNed in through ppp0.

    Just as extra info:
    my laptop can ping addresses in eth1.
    addresses in eth1 have internet traffic routed properly through eth0.
    VPN technology is PPTP.
    System logs says that avahi says: “avahi-daemon[1540]: Invalid query packet.” Is that the query from the iOS device asking for an AirPlay server?

    In any case, I’m at the end of my wits now and was hoping maybe you could give a tip or two to get through this!

    Thanks!

    Niko

    • By Joel Knight on Jul 23, 2014 at 9:48am MDT |

      Thanks Niko!

      What does the output of “avahi-browse -at” look like? (I think that’s the right command. Maybe avahi-browse -ac?)

      My first thought is that multicast is not passing on your PPTP link and Avahi has nothing in its cache to reflect on the eth1 LAN interface. If memory serves, I too get that invalid query packet message from time to time. I chalked that up to Avahi falling behind a little bit with respect to the current versions of the AirPlay protocol, but I never chased it down or dug into it.

      • By Niko K on Jul 23, 2014 at 11:01am MDT |

        Hi Joel

        I think your hunch is valid, before and after I connected via PPTP VPN the avahi-browse -ac and -at both showed only devices from the eth1 interface, no devices from ppp0.

        This is despite the fact that after connecting via PPTP VPN the system logs shows this:

        Joining mDNS multicast group on interface ppp0.IPv4 with address 192.168.1.37.
        daemon.info avahi-daemon[2007]: New relevant interface ppp0.IPv4 for mDNS.
        daemon.info avahi-daemon[2007]: Registering new address record for 192.168.1.37 on ppp0.IPv4.

        To test your hunch, I will VPN my iPhone which for sure broadcasts AirPlay multicast (as opposed to AirServer which is a 3rd party app on my macbook pro) and then re-examine the avahi-browse -ac, -at outputs… OK just did the test and same results, outputs only show eth1 devices.

        Not sure if relevant but when connecting through PPTP VPN the IP address that the devices is configured to give to the connecting client (on pppX) is from the same subnet that eth1 has (192.168.1.X)

        Here is a sample log of when I connect via PPTP VPN:

        daemon.notice pppd[10158]: Connect: ppp1 /dev/pts/2
        daemon.notice pppd[10158]: local IP address 192.168.1.36
        daemon.notice pppd[10158]: remote IP address 192.168.1.38

        This is with my laptop already connected (ppp0) and given IP of 192.168.1.37…

        • By Joel Knight on Jul 23, 2014 at 12:13pm MDT |

          If you plug your laptop into the LAN and look at avahi-browse -ac/-at, do you see the AirPlay service showing up?