mDNS gateway overview

Reflection mechanism

With the reflection mechanism, the mDNS packets received in one VLAN are reflected to all the other mDNS gateway-enabled VLANs based on filters. Only the packets containing the following records are supported for reflection:

  • PTR record—Contains service-name to service-instance-name mapping.
  • SRV record—Contains service-instance-name to UDP/TCP port number and hostname mapping.
  • TXT record—Contains more information about the service-instance, such as, vendor information.
  • A record—Contains hostname to host IP address mapping.

Filters

Filters are used to control the service discovery both within and across VLANs. You can configure filter rules in the service profiles based on service-name and service-instance-names. If a profile is configure for a VLAN, then the filter rules in the profile will be used to filter packets transmitted out of the VLAN interface.

Filtering is performed based on parameters extracted from the first record.

Example of mDNS service discovery

The following figure shows an example topology where mDNS gateway is useful. Consider the following:

  • Enable mDNS only on Switch 1 in VLAN 1, 2, and 3.
  • Create a configuration rule in Switch 1 for VLAN 3—No host in VLAN 3 must discover any external printers.

When Host 1 in VLAN 3 sends an mDNS query to Switch 1, the query is reflected in VLAN 1 and VLAN 2. The Wireless Printer 1 in VLAN 1 generates a response that the Switch 1 receives and reflects to VLAN 2 and not to VLAN 3, because a rule is configured for VLAN 3 to not allow any printer service.

However, Host 1 will still be able to access Wireless Printer 2, because it is present in the same VLAN 3.

Figure 1  Example of mDNS service discovery

Limitations

Following are a few limitations when configuring mDNS gateway:

  • Filtering is performed only based on parameters extracted in the first mDNS record.
  • Filtering is applied only on the egress mDNS packets.
  • Only IPv4 mDNS packets are supported.
  • mDNS gateway is recommended for deployments where mDNS is enabled on lesser VLANs. Because, the switch allows the mDNS packets to be reflected in only 256 mDNS VLANs, in incremental order of VLAN IDs, and in the VLAN from where the packet was initiated.
  • mDNS packets are rate limited at 150 packets per second.
  • When switches are connected directly with each other, you must enable mDNS only on one switch to prevent a reflection loop.
  • You must enable debug logging only for troubleshooting an issue. Enabling debug logging on a high scale mDNS configuration might lead to high CPU utilization and the system may slow down.