Can Bonjour Gateway only advertise Bonjour services on the VLANs that it is set up to scan?

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Hi Hivenation

I am trying to implement Bonjour Gateway on a network that has a large number of bonjour services (well over 1200) and am running into a lot of stability issues.

For the sake of this example, let's say that there are 4 VLANs: 1, 2, 3, and 4.

I would like to have the Bonjour services from VLANs 1, 2, and 3, scanned by the Bonjour Gateway service and passed to each of the other VLANs. I would like VLAN 4 to receive the relayed Bonjour advertisements from the gateway, but NOT be scanned by the gateway. VLAN 4 contains a LOT of Apple laptops, whose Bonjour advertisements for Remote Desktop, etc, are things that I am not interested in passing over to VLANS 1, 2, and 3.

If i set up Bonjour Gateway to scan all four VLANs, the services are all passed properly between the VLANS, but as the service count is so high, the results are unreliable and unstable (it is mentioned elsewhere in Hivenation posts that 500 services is the recommended 'soft'-limit for services being handled by a gateway with 1000 being possible under ideal conditions.).

If I turn off scanning on VLAN 4, then predictably only the services that I want to be relayed from VLANS 1, 2, and 3 show up in my HMOL bonjour monitor, however they are not relayed to VLAN 4. The device acting as the Bonjour Gateway can successfully probe all the VLANs, but the services are not being relayed to VLAN 4.

The wording on the Bonjour gateway configuration is as follows:

"Scan the following VLANs for services:" (I have set this as 1-3)

"Advertise the following services to clients in VLANs throughout the network" (where "throughout the network" seems to imply that VLAN 4 would be included as the B.G. device is able to communicate with that VLAN).

Question is, can Bonjour services only be relayed to a VLAN that the Bonjour Gateway service is actively scanning?
Photo of Neil

Neil

  • 5 Posts
  • 3 Reply Likes

Posted 5 years ago

  • 1
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
Yes, Several Bonjour Gateway enhancements have been made in the 6.0r1 release. You can now create filter policy rules to control which Bonjour services Bonjour Gateways share with each other. The filter rules use source and destination VLANs, the number of wireless hops away the BDDs (Bonjour Designated Devices) are from each other, and realm names to enforce policy.

http://www.aerohive.com/330000/docs/h...

Hope this helps.
Photo of Neil

Neil

  • 5 Posts
  • 3 Reply Likes
Thanks Jonathan,

It's excellent to know that some additional granularity is in the pipeline.

Following your response, I've had support upgrade my HMOL instances to 6.0r1 but have noticed that none of the deny rules i create in my bonjour gateway settings have any impact. Am I correct in assuming that this new granular functionality will not be properly available until the 6.0 HiveOS images are available for the HiveAPs and the Bonjour Gateway VMs? I am currently not able to update the devices or VMs beyond 5.1r5 via my HMOL accounts....
Photo of Jonathan Hurtt

Jonathan Hurtt

  • 98 Posts
  • 48 Reply Likes
Yes Neil, you are correct. There are no images for the Access Points with 6.0r1, that feature will be available in 6.0r2 due out soon.