Cisco Logo

Architect & DE Discussions

As the saying goes, “every stick has two ends”. While laptops, smartphones and tablets have enabled us to be more mobile without compromising on being “connected,” with it comes challenges such as WIFI accessibility, power consumption and your ability to find network based services, like a printer wherever you happen to be.

To facilitate the ability for an end user to discover Services on a network, various Service Discovery protocols have been introduced. One of the most popular is DNS-SD (DNS-Service Discovery), which in conjunction with mDNS (multicast DNS) make up Apple’s offering called Bonjour. Bonjour enables end users to discover Services on their local network. While Bonjour is focused on smaller networks (e.g. Home Networks) with the advent of mobile customers wanting to discover services in close proximity, Bonjour becomes an ideal option to facilitate that. However, as Bonjour utilizes mDNS which is constrained to a single VLAN, customers are not able to discover services across multiple VLANs.

There are a few approaches being proposed to support Bonjour across multiple VLANs:





Which approach should be used depends on your network deployment.  For small networks (e.g. Home networks) the first approach could suffice where the second approach provides some services filtering options to control which services are shared. The third approach will enable the Bonjour solution to scale.Irrespective of which approach is used to discover services across VLANs, additional challenges that need to be considered are; location, volume of services and security. With respect to location of the Services, when you discover services across VLANs, in many cases you want to assure the services are in close proximity to you.  Do you need to learn about printers across your network versus just printers adjacent to you?

On volume, when sending a query for services, your device will learn about services across your network. Managing the number of Services learned by your client can be a challenge. When considering the security requirements, should Services that have restricted access, only be advertised to customers that are authorized to utilize the Service?  If so, do we need to tie the Service authorization to Service accessability to assure that only those authorized to learn about a Service have network connectivity to the Service.

While Bonjour has been very successful in small mobile work environments, the requirement to extend Bonjour network coverage drives the need for support across multiple VLANs, which introduces additional challenges. They include support for services by location, the volume of services you learn about and security.  Extensions to DNS-SD are being explored at the IETF to facilitate sharing of services across multiple VLANs.  As Bonjour becomes more ubiquitous, the solutions to enable support across your network will evolve. Subscribe to our blog and check back over the next few months, as we provide updates and information on the Bonjour solution offering.


Comments Are Closed

  1. Return to Countries/Regions
  2. Return to Home
  1. All Architect & DE Discussions
  2. All Security
  3. Return to Home