Here's a **structured summary** of your network requirements and design, incorporating your latest updates and clarifications: --- ### **Network Overview** #### **1. VLANs and Subnets** | VLAN | Subnet | Gateway IP | Avahi Server IP | mDNS Proxy IP | |------|--------------------------------|------------------|------------------|----------------| | 15 | 172.16.19.0/255.255.252.0 | 172.16.19.254 | 172.16.19.250 | 172.16.19.251 | | 19 | 192.168.151.0/255.255.252.0 | 192.168.151.254 | 192.168.151.250 | 192.168.151.251 | | 7 | 172.16.111.0/255.255.248.0 | 172.16.111.254 | 172.16.111.250 | 172.16.111.251 | **Note:** All VLANs are routed via the **Sophos XGS4300**, which acts as the **DHCP server** for all VLANs. --- #### **2. Avahi Server Configuration** - **Local Avahi Servers**: - **VLAN 15**: Runs Avahi on `172.16.19.250` for local discovery. - **VLAN 19**: Runs Avahi on `192.168.151.250` for local discovery. - **VLAN 7**: Runs Avahi on `172.16.111.250` for local discovery. - **Central Avahi Server** (mDNS Proxy): - **IPs**: `172.16.19.251`, `192.168.151.251`, `172.16.111.251` (untagged interfaces for each VLAN). - **Configuration**: ```ini [reflector] enable-reflector=yes #reflect-ipv=no #reflect-filters=_airplay._tcp.local,_raop._tcp.local ``` - **Purpose**: Acts as a **central mDNS reflector** to forward traffic between VLANs, enabling Apple devices in VLANs 15/19 to discover Apple TVs in VLAN 7. --- #### **3. mDNS Proxy VM (Central Avahi Server)** - **OS**: Debian. - **Network Configuration**: - Uses **`/etc/network/interfaces`** to assign static IPs for each VLAN (ending in `.251`). - Interfaces are **untagged** (virtual) for each VLAN. - **Function**: - Forwards mDNS traffic between VLANs (e.g., `_airplay._tcp.local`, `_raop._tcp.local`). - Ensures Apple devices in VLANs 15/19 can discover Apple TVs in VLAN 7 via Bonjour. --- #### **4. ESXi and VLAN Management** - **Hyper-Visor**: ESXi. - **vSwitch Configuration**: - Each VLAN is assigned a **virtual port group** with the corresponding subnet. - VMs (Avahi servers, mDNS proxy, etc.) are assigned to the appropriate VLAN port group. - **IP Assignment**: - VMs use **static IPs** (`.250` for local Avahi servers, `.251` for central Avahi server). --- #### **5. Switch Configuration** - **Switches**: Managed Level 2 switches. - **IGMP Snooping**: - **Recommendation**: **Enable IGMP snooping** on all switches. - **Rationale**: - While mDNS (Bonjour) uses **UDP** and not IGMP, **other multicast services** (e.g., `546/udp` for DHCPv6, `80/443` for HTTP/HTTPS) may rely on IGMP. - IGMP snooping prevents unnecessary multicast traffic flooding, improving network efficiency. - **Note**: If only mDNS is used, IGMP snooping is **not strictly required**, but enabling it is **beneficial for future scalability**. --- ### **Key Considerations** - **Resource Allocation for VMs**: - **Avahi Servers (VLANs 15, 19, 7)**: Minimal resources (1 vCPU, 512MB RAM). - **Central Avahi Server (mDNS Proxy)**: Slightly higher resources (2 vCPUs, 1GB RAM) due to traffic forwarding. - **Firewall Rules**: - Ensure **UDP ports 80, 443, 546/udp, 546/tcp** are open between VLANs 15/19 and VLAN 7. - Allow **mDNS traffic (UDP 5353)** for Bonjour discovery. - **Testing**: - Use `avahi-browse` on Apple devices to verify Apple TV discovery. - Test service ports (e.g., `curl http://:80`) to confirm connectivity. --- ### **Summary of Design** - **VLAN Isolation**: Each VLAN operates independently with its own subnet and Avahi server. - **Central mDNS Proxy**: Acts as a bridge for Bonjour discovery between VLANs, enabling cross-VLAN service discovery. - **Network Efficiency**: IGMP snooping is enabled to optimize multicast traffic handling. - **Scalability**: The design supports future additions (e.g., more Apple devices, services) without overhauling the architecture. Let me know if you’d like a **diagram** or **Debian interface configuration examples**! 🚀