20250720 regular commit
This commit is contained in:
Petar Cubela
88
projects/gg/avahi_mdns-reflector/20250718-overview.md
Normal file
88
projects/gg/avahi_mdns-reflector/20250718-overview.md
Normal file
@@ -0,0 +1,88 @@
|
||||
|
||||
Here's a **structured summary** of your network requirements and design, incorporating your latest updates and clarifications:
|
||||
|
||||
---
|
||||
|
||||
### **Network Overview**
|
||||
|
||||
#### **1. VLANs and Subnets**
|
||||
| VLAN | Subnet | Gateway IP | Avahi Server IP | mDNS Proxy IP |
|
||||
|------|--------------------------------|------------------|------------------|----------------|
|
||||
| 15 | 172.16.19.0/255.255.252.0 | 172.16.19.254 | 172.16.19.250 | 172.16.19.251 |
|
||||
| 19 | 192.168.151.0/255.255.252.0 | 192.168.151.254 | 192.168.151.250 | 192.168.151.251 |
|
||||
| 7 | 172.16.111.0/255.255.248.0 | 172.16.111.254 | 172.16.111.250 | 172.16.111.251 |
|
||||
|
||||
**Note:** All VLANs are routed via the **Sophos XGS4300**, which acts as the **DHCP server** for all VLANs.
|
||||
|
||||
---
|
||||
|
||||
#### **2. Avahi Server Configuration**
|
||||
- **Local Avahi Servers**:
|
||||
- **VLAN 15**: Runs Avahi on `172.16.19.250` for local discovery.
|
||||
- **VLAN 19**: Runs Avahi on `192.168.151.250` for local discovery.
|
||||
- **VLAN 7**: Runs Avahi on `172.16.111.250` for local discovery.
|
||||
- **Central Avahi Server** (mDNS Proxy):
|
||||
- **IPs**: `172.16.19.251`, `192.168.151.251`, `172.16.111.251` (untagged interfaces for each VLAN).
|
||||
- **Configuration**:
|
||||
```ini
|
||||
[reflector]
|
||||
enable-reflector=yes
|
||||
#reflect-ipv=no
|
||||
#reflect-filters=_airplay._tcp.local,_raop._tcp.local
|
||||
```
|
||||
- **Purpose**: Acts as a **central mDNS reflector** to forward traffic between VLANs, enabling Apple devices in VLANs 15/19 to discover Apple TVs in VLAN 7.
|
||||
|
||||
---
|
||||
|
||||
#### **3. mDNS Proxy VM (Central Avahi Server)**
|
||||
- **OS**: Debian.
|
||||
- **Network Configuration**:
|
||||
- Uses **`/etc/network/interfaces`** to assign static IPs for each VLAN (ending in `.251`).
|
||||
- Interfaces are **untagged** (virtual) for each VLAN.
|
||||
- **Function**:
|
||||
- Forwards mDNS traffic between VLANs (e.g., `_airplay._tcp.local`, `_raop._tcp.local`).
|
||||
- Ensures Apple devices in VLANs 15/19 can discover Apple TVs in VLAN 7 via Bonjour.
|
||||
|
||||
---
|
||||
|
||||
#### **4. ESXi and VLAN Management**
|
||||
- **Hyper-Visor**: ESXi.
|
||||
- **vSwitch Configuration**:
|
||||
- Each VLAN is assigned a **virtual port group** with the corresponding subnet.
|
||||
- VMs (Avahi servers, mDNS proxy, etc.) are assigned to the appropriate VLAN port group.
|
||||
- **IP Assignment**:
|
||||
- VMs use **static IPs** (`.250` for local Avahi servers, `.251` for central Avahi server).
|
||||
|
||||
---
|
||||
|
||||
#### **5. Switch Configuration**
|
||||
- **Switches**: Managed Level 2 switches.
|
||||
- **IGMP Snooping**:
|
||||
- **Recommendation**: **Enable IGMP snooping** on all switches.
|
||||
- **Rationale**:
|
||||
- While mDNS (Bonjour) uses **UDP** and not IGMP, **other multicast services** (e.g., `546/udp` for DHCPv6, `80/443` for HTTP/HTTPS) may rely on IGMP.
|
||||
- IGMP snooping prevents unnecessary multicast traffic flooding, improving network efficiency.
|
||||
- **Note**: If only mDNS is used, IGMP snooping is **not strictly required**, but enabling it is **beneficial for future scalability**.
|
||||
|
||||
---
|
||||
|
||||
### **Key Considerations**
|
||||
- **Resource Allocation for VMs**:
|
||||
- **Avahi Servers (VLANs 15, 19, 7)**: Minimal resources (1 vCPU, 512MB RAM).
|
||||
- **Central Avahi Server (mDNS Proxy)**: Slightly higher resources (2 vCPUs, 1GB RAM) due to traffic forwarding.
|
||||
- **Firewall Rules**:
|
||||
- Ensure **UDP ports 80, 443, 546/udp, 546/tcp** are open between VLANs 15/19 and VLAN 7.
|
||||
- Allow **mDNS traffic (UDP 5353)** for Bonjour discovery.
|
||||
- **Testing**:
|
||||
- Use `avahi-browse` on Apple devices to verify Apple TV discovery.
|
||||
- Test service ports (e.g., `curl http://<AppleTV-IP>:80`) to confirm connectivity.
|
||||
|
||||
---
|
||||
|
||||
### **Summary of Design**
|
||||
- **VLAN Isolation**: Each VLAN operates independently with its own subnet and Avahi server.
|
||||
- **Central mDNS Proxy**: Acts as a bridge for Bonjour discovery between VLANs, enabling cross-VLAN service discovery.
|
||||
- **Network Efficiency**: IGMP snooping is enabled to optimize multicast traffic handling.
|
||||
- **Scalability**: The design supports future additions (e.g., more Apple devices, services) without overhauling the architecture.
|
||||
|
||||
Let me know if you’d like a **diagram** or **Debian interface configuration examples**! 🚀
|
||||
Reference in New Issue
Block a user