CubelaPetar/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c83d178b7709663439b6e20d29156ab80d9f3005
notes/projects/gg/avahi_mdns-reflector/20250718-overview.md
Petar Cubela b79839500c 20250720 regular commit
2025-07-20 22:29:13 +02:00

88 lines
4.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
Here's a **structured summary** of your network requirements and design, incorporating your latest updates and clarifications:
---
### **Network Overview**
#### **1. VLANs and Subnets**
| VLAN | Subnet | Gateway IP | Avahi Server IP | mDNS Proxy IP |
|------|--------------------------------|------------------|------------------|----------------|
| 15 | 172.16.19.0/255.255.252.0 | 172.16.19.254 | 172.16.19.250 | 172.16.19.251 |
| 19 | 192.168.151.0/255.255.252.0 | 192.168.151.254 | 192.168.151.250 | 192.168.151.251 |
| 7 | 172.16.111.0/255.255.248.0 | 172.16.111.254 | 172.16.111.250 | 172.16.111.251 |
**Note:** All VLANs are routed via the **Sophos XGS4300**, which acts as the **DHCP server** for all VLANs.
---
#### **2. Avahi Server Configuration**
- **Local Avahi Servers**:
- **VLAN 15**: Runs Avahi on `172.16.19.250` for local discovery.
- **VLAN 19**: Runs Avahi on `192.168.151.250` for local discovery.
- **VLAN 7**: Runs Avahi on `172.16.111.250` for local discovery.
- **Central Avahi Server** (mDNS Proxy):
- **IPs**: `172.16.19.251`, `192.168.151.251`, `172.16.111.251` (untagged interfaces for each VLAN).
- **Configuration**:
```ini
[reflector]
enable-reflector=yes
#reflect-ipv=no
#reflect-filters=_airplay._tcp.local,_raop._tcp.local
```
- **Purpose**: Acts as a **central mDNS reflector** to forward traffic between VLANs, enabling Apple devices in VLANs 15/19 to discover Apple TVs in VLAN 7.
---
#### **3. mDNS Proxy VM (Central Avahi Server)**
- **OS**: Debian.
- **Network Configuration**:
- Uses **`/etc/network/interfaces`** to assign static IPs for each VLAN (ending in `.251`).
- Interfaces are **untagged** (virtual) for each VLAN.
- **Function**:
- Forwards mDNS traffic between VLANs (e.g., `_airplay._tcp.local`, `_raop._tcp.local`).
- Ensures Apple devices in VLANs 15/19 can discover Apple TVs in VLAN 7 via Bonjour.
---
#### **4. ESXi and VLAN Management**
- **Hyper-Visor**: ESXi.
- **vSwitch Configuration**:
- Each VLAN is assigned a **virtual port group** with the corresponding subnet.
- VMs (Avahi servers, mDNS proxy, etc.) are assigned to the appropriate VLAN port group.
- **IP Assignment**:
- VMs use **static IPs** (`.250` for local Avahi servers, `.251` for central Avahi server).
---
#### **5. Switch Configuration**
- **Switches**: Managed Level 2 switches.
- **IGMP Snooping**:
- **Recommendation**: **Enable IGMP snooping** on all switches.
- **Rationale**:
- While mDNS (Bonjour) uses **UDP** and not IGMP, **other multicast services** (e.g., `546/udp` for DHCPv6, `80/443` for HTTP/HTTPS) may rely on IGMP.
- IGMP snooping prevents unnecessary multicast traffic flooding, improving network efficiency.
- **Note**: If only mDNS is used, IGMP snooping is **not strictly required**, but enabling it is **beneficial for future scalability**.
---
### **Key Considerations**
- **Resource Allocation for VMs**:
- **Avahi Servers (VLANs 15, 19, 7)**: Minimal resources (1 vCPU, 512MB RAM).
- **Central Avahi Server (mDNS Proxy)**: Slightly higher resources (2 vCPUs, 1GB RAM) due to traffic forwarding.
- **Firewall Rules**:
- Ensure **UDP ports 80, 443, 546/udp, 546/tcp** are open between VLANs 15/19 and VLAN 7.
- Allow **mDNS traffic (UDP 5353)** for Bonjour discovery.
- **Testing**:
- Use `avahi-browse` on Apple devices to verify Apple TV discovery.
- Test service ports (e.g., `curl http://<AppleTV-IP>:80`) to confirm connectivity.
---
### **Summary of Design**
- **VLAN Isolation**: Each VLAN operates independently with its own subnet and Avahi server.
- **Central mDNS Proxy**: Acts as a bridge for Bonjour discovery between VLANs, enabling cross-VLAN service discovery.
- **Network Efficiency**: IGMP snooping is enabled to optimize multicast traffic handling.
- **Scalability**: The design supports future additions (e.g., more Apple devices, services) without overhauling the architecture.
Let me know if youd like a **diagram** or **Debian interface configuration examples**! 🚀
Reference in New Issue View Git Blame Copy Permalink