IPv6 multicast background traffic (Part 7) - iChatter and the Future of Zero Config

by Jeremy Barth [Published on 3 Jan. 2012 / Last Updated on 3 Jan. 2012]

In this article we'll go over examples of how Apple utilizes Bonjour in its products.

If you would like to read the other parts in this article series please go to:

Introduction

In the previous post we discussed Bonjour, Apple's offering in the zero config networking space. While we began this series with Microsoft, on corporate LANs you'll clearly see many Apple products, services and applications, including iPhones and iPads connecting via enterprise wireless. To provide a sense of how Apple utilizes Bonjour in its own products, we’ll go over a few examples here. Then we'll take a step back and wrap up the series with some final thoughts.

IP this and IP that: IPv6, iPhone, iPad, iPhoto and iTunes

If you try to print from an iPhone or iPad, the device issues DNS-SD multicast queries looking for printers that support AirPrint. Actually, even without AirPrint you can print but you’d explicitly need to configure some form of internet printing, e.g. CUPS (not for the fainthearted, though the process is described by several bloggers). Here’s a sample packet capture showing the various mDNS lookups issued to ff02::fb when an iPad was trying to locate an AirPrint device (there weren’t any on the LAN in question and after three tries the iPad gave up).


Figure 1

iPhoto and iTunes

If you fire up iPhoto on an iMac, you’ll see mDNS requests to ff02::fb such as:


Figure 2

Notice the mDNS queries being made for _dpap._tcp._local, Apple’s Digital Photo Access Protocol (DPAP).

Finally, when you start iTunes on a Mac, it looks for various media-related services (DAAP for "Digital Audio Access Protocol," RAOP for Remote Audio Output Protocol and others that are somewhat more human decipherable).


Figure 3

What iTunes is doing here is not dissimilar to Windows Media Player acting as an UPnP Control Point performing a multicast discovery of UPnP devices and services on a local LAN. The Microsoft IPv6 service discovery protocols we discussed in a previous post, e.g. Windows Media Player Network Sharing Service and Media Extender Service, are somewhat analogous to Apple's digital media access protocols. While iTunes is not a UPnP Control Point there are "bridging" products, such as the Allegro Media Server, that try to create some neutral ground between the Bonjour and DLNA/UPnP camps.

While reverse engineering and security are not the point of this series -- IPv6 multicast is -- packet traces can reveal important things about application behavior and one's enterprise network. For example, if you're concerned about mobile devices on your enterprise LAN and wanted to audit the use of peer-to-peer multimedia, you might run periodic mDNS sweeps for the names we found in the iTunes discovery packet. If you have Bonjour installed on your Windows PC, you can initiate a scripted command line search for the P2P services above by:

c:\windows\system32\dns-sd.exe -B _daap._tcp
c:\windows\system32\dns-sd.exe -B _appletv-pair._tcp

Sleepless in Seattle

Another interesting angle to the Bonjour framework is its notion of a “sleep proxy service.” As defined in Wikipedia:

The Sleep Proxy Service is an open source component of zero configuration networking, designed to assist in reducing power consumption of networked electronic devices. A device acting as a sleep proxy server will respond to Multicast DNS queries for another, compatible device which has gone into low power mode. The low-power-mode device remains asleep while the Sleep Proxy Server responds to any Multicast DNS queries.

When the Sleep Proxy Server sees a query which requires the low-power-mode device to wake up, the Sleep Proxy Server sends a special wake-up-packet ("magic packet") to the low-power-mode device. Finally, communication parameters are updated via Multicast DNS and normal communications proceed.

In most corporate Windows 7 LANs there is no obvious need for such a service. For one thing, PCs typically are not configured to act as servers. One possible exception that could take advantage of this capability is described in the Wikipedia article: “Printer sharing: a printer may be connected and shared from a computer supporting sleep proxy service. The computer can go to sleep when not in use, but will wake when needed to service a print job being sent from a different computer.”  In practice, most printers are shared from central servers these days and a printer attached to a local user’s PC is likely not intended to be shared, but Sleep Proxy Server could be of use in the exceptional case where a private PC supports a shared printer.

The overall point is that sleep proxying capabilities are an example of the kinds of innovative capabilities we’re starting to see in zero config environments. Here’s an mDNS packet from a PC that was looking for a Bonjour sleep proxy. Note that the question is of type “QM”: the requester is looking for a multicast response. A query type of QU would indicate that a unicast answer was being sought, but QM is far more prevalent as it's the logical default for a multicast DNS framework.


Figure 4

Wrapping Up

So what does this all mean? Technology and people don’t exist in isolation and we are entitled to ask: where does it make sense to use zero config? Do we really need or want devices and services to self-configure and announce themselves on the network? I’ll fall back on YMMV: Your Mileage May Vary.

Zero config clearly has the potential to add value in many environments:

  1. Home networks
  2. Small businesses
  3. Convention centers
  4. Ad hoc wireless networks
  5. Schools, which tend to be IT personnel constrained

In general, highly dynamic environments where services need to be provided on a localized subnet, and there is little centralized administration, are good fits for zero config.

Larger installations, which have paid administrators and careful top-down systems management, may want to be more cautious. There are security issues with devices coming and going without any central monitoring or control. As we saw earlier, the trust model for link-local name resolution (both mDNS and LLMNR) is more liberal than many corporate admins would feel comfortable with, though sometimes concerns about spoofing can seem overwrought (there are often much easier ways for insiders to acquire information illicitly). If the personnel resources are available, properly setting up a directory service and vetting the devices you’re attaching to your network will always yield a more stable, known environment. My techno-geek side loves the idea of devices coming and going on their own and providing services autonomously without administrative intervention. My curmudgeon side worries if this is really a good idea in the typical professional office network.

That said, the boundaries are porous. As mobile devices begin to offer ad hoc P2P services in their own right, it’s unclear how you’d find them in the absence of zero config service discovery. As the capability of consumer devices grows and the next generation of young workers comes into the workplace, pressure will mount to accommodate them and zero config technologies will thus grow in importance.

On the subject of the zero config wars, personally I find Apple’s Bonjour framework cleaner, simpler and more elegant. For people who feel they can benefit from zero config printing in a Windows environment, you may want to explore Apple’s free offering. And because mDNS is an open, general-purpose spec, anyone can write applications that take advantage of it. However, there is equally big money behind the DLNA vision and it is likely both frameworks will persist in the marketplace.

In a nutshell, my personal box chatter philosophy is: be liberal at home, conservative at the office. If you are not planning on utilizing zero config on your corporate LAN, it may be worth considering disabling its various components. Conversely, if your interest has been piqued by this series of blog posts, who knows, you may find a way to take advantage of zero config and provide novel benefits to your company. If you do, feel free to post a comment and share your ideas.

If you would like to read the other parts in this article series please go to:

Advertisement

Featured Links