Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco TechAdvantage Webinars
Supporting Zeroc...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
•  Submit questions in Q&A panel and send to...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
PanelistsSpeakers
Ralph Schmieder
Technical ...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
•  In Personal Networks
There’s often no cen...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
•  BYOD: Massive influx of consumer devices
...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
•  Zero Configuration Networking
•  “To enab...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Personal Computer
Operating Systems
•  Windo...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
A subset of Zeroconf
•  DNS-SD defined by RF...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Same L2 Domain
Where’s my
Printer?
Different...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Same L2 Domain
Where’s my
Printer?
Differen...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
•  On IOS (wired & wireless)
•  Enables Zer...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
•  Typically in wired / wireless scenarios
...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
•  Service Discovery
Is your Phone Book. Te...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
•  Boundary elimination. Service discovery
...
Cisco Confidential 15© 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
VLAN 200VLAN 100
CAPWAP
Advertisement
•  Li...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
VLAN 200VLAN 100
CAPWAP
Query
•  Service qu...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
VLAN 200VLAN 100
CAPWAP
Cache Entry removed...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Q: Hey, Everybody! Who can print using IPP?...
Cisco Confidential 20© 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
ACLs – L2 / L3 Forwarding
•  Cache / Direct...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Initial Release Features
•  Gateway service...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
•  Catalyst 3560, 3750, current 4500 platfo...
Cisco Confidential 24© 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
•  Minimal, working configuration shown bel...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
•  Enabling Service Discovery Gateway funct...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
•  Filters are like ACLs for services
•  Qu...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
•  Service-Type:
Uses Regular Expression St...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
with redistribution:
without redistribution...
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
mDNS CACHE
================================...
Cisco Confidential 31© 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Scalable Architecture
Unified Access
Networ...
Cisco Confidential 33© 2013 Cisco and/or its affiliates. All rights reserved.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
•  Thank you!
•  Please complete the post-e...
Upcoming SlideShare
Loading in …5
×

Supporting Zeroconf and Apple Bonjour in the Enterprise using Cisco’s Service Discovery Gateway TechAdvantage Webinar

6,272 views

Published on

Designed for plug-and-play access on local networks, Zeroconf is constrained on the campus, where traffic is segmented on different VLANs. But with BYOD growing in workplaces and schools, users expect their devices to work seamlessly, so they can find media players, printers and other resources just like they do at home.

The Cisco Service Discovery Gateway is a new feature for Catalyst switches that solves this problem. With Cisco, network administrators can now enable mDNS and DNS-SD across local network boundaries to provide service discovery on their campus. By attending this webinar, you will learn how to manage and deploy mDNS / DNS-SD in your network so that end-users can bring their own device and have the experience that they expect.

Download the replay and watch the live demo from WebEx at: https://cisco.webex.com/ciscosales/lsr.php?AT=pb&SP=EC&rID=70458457&rKey=03cd4a54c568a086

Published in: Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,272
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
125
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Supporting Zeroconf and Apple Bonjour in the Enterprise using Cisco’s Service Discovery Gateway TechAdvantage Webinar

  1. 1. Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved. Cisco TechAdvantage Webinars Supporting Zeroconf and Apple Bonjour in the Enterprise Using Cisco’s Service Discovery Gateway Ralph Schmieder Amit Dutta Follow us @GetYourBuildOn
  2. 2. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 •  Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists •  Please complete the post-event survey •  For WebEx audio, select COMMUNICATE > Join Audio Broadcast •  Where can I get the presentation? Or send email to: ask_techadvantage@cisco.com •  Join us for upcoming TechAdvantage Webinars: www.cisco.com/go/techadvantage •  For WebEx call back, click ALLOW phone button at the bottom of participants side panel
  3. 3. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 PanelistsSpeakers Ralph Schmieder Technical Marketing Engineer rschmied@cisco.com Amit Dutta Product Manager amdutta@cisco.com Stephen Orr Distinguished Systems Engineer sorr@cisco.com Tarunesh Ahuja Technical Engineering Leader tahujae@cisco.com David Lapier Product Marketing Manager dlapier@cisco.com
  4. 4. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 •  In Personal Networks There’s often no central services available. How do I get an address? How do I easily find my printer? How do I stream music to my music device in the living room? •  Need for ad-hoc IP Connectivity and Service Discovery Addressed by Zeroconf / DNS-SD / Bonjour, LLMNR / UPnP SSDP, DLNA, (ZigBee) to name a few •  Problem solved... Right? DNS-SD=DNS Service Discovery, LLMNR=Link Local Multicast Name Resolution, UPnP SSDP=Universal Plug and Play Simple Service Discovery Protocol, Digital Living Network Alliance
  5. 5. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 •  BYOD: Massive influx of consumer devices to be placed on Enterprise networks •  Consumer devices are typically located within a single Layer 2 domain in the home •  Customer expect to have the same type of services in the Enterprise / Campus but also across L3 boundaries •  Device types include mobile devices (iOS, Android), printers, cameras, PCs etc.
  6. 6. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 •  Zero Configuration Networking •  “To enable communications of hosts and services on a network that may not contain configuration services such as DNS and DHCP without needing a guy in a white lab coat.” •  Three components of the Zeroconf architecture 1.  Addressing 2.  Naming 3.  Discovery •  Available on Safari Books http://www.zeroconf.org/
  7. 7. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Personal Computer Operating Systems •  Windows •  Mac OS X •  Linux Appliances & Networking •  Printers •  Access Points •  Switches •  Routers Mobile Devices •  Smartphones •  Tablets •  Android / iOS based AV Equipment •  Speakers •  Cameras •  Displays •  AV Receivers Software •  Applications •  Network Management SoftwareExamples, non-conclusive lists http://www.cisco.com/web/sbtg/gui_mockups/sa520w_v1119/bonjourConfig.htm
  8. 8. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 A subset of Zeroconf •  DNS-SD defined by RFC 6763 "DNS-Based Service Discovery" •  Typically transported via multicast DNS (mDNS) •  mDNS defined in RFC 6762 "Multicast DNS" Dynamically find resources like Printers or Displays •  No central infrastructure required (no DHCP, no DNS, …) •  Works on link-local only addresses, if need be IP address family agnostic •  IPv4 •  IPv6
  9. 9. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Same L2 Domain Where’s my Printer? Different L2 Domain (other subnet) I’m here! Talk to me...
  10. 10. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Same L2 Domain Where’s my Printer? Different L2 Domain (other subnet) Service Browsing stops here! Nobody's talking to me!?
  11. 11. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 •  On IOS (wired & wireless) •  Enables Zeroconf service discovery across VLANs Easy to manage Designed to scale Transparent to consumer devices IPv4 and IPv6 •  Network-wide solution •  Enhances BYOD on the campus •  Can be combined with role-based access control, ‘Better Together’
  12. 12. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 •  Typically in wired / wireless scenarios Wired printers / Wireless devices Wired Displays (Apple TVs), Wireless devices •  Large-Scale Environments Buildings with multiple floors General L2 segregation using VLANs •  At first Layer 3 Hop / Distribution Layer •  Think "DHCP helper" for Service Discovery &
  13. 13. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 •  Service Discovery Is your Phone Book. Tell me, where I can reach Mr. Printer Doesn’t necessarily mean that you can actually reach / talk to Mr. Printer •  Access Control Is like caller screening Even if a person is not listed in the phone book, you might call that person because you know the number “I know Mr. Printer is at 1.2.3.4, let’s call him even if I don’t see him in the phone book” •  Better Together use the phone book for easy lookup (Service Discovery) use the caller screening for security (ACL / SGT / SGACL ...)
  14. 14. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 •  Boundary elimination. Service discovery crossing L2 domains •  Service control. Like with ACLs, the visibility of services can be controlled •  Granular Filter Capabilities. On either a global or per-interface basis •  Multi-Protocol Support. IPv4 and IPv6 •  Converged Access. Wired and wireless network support •  BYOD readiness. Provide transparent access to user devices
  15. 15. Cisco Confidential 15© 2013 Cisco and/or its affiliates. All rights reserved.
  16. 16. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 VLAN 200VLAN 100 CAPWAP Advertisement •  Link Local Multicast seen in SAME VLAN only •  Cached at Gateway •  Instance Name, Type, Interface Name, TTL, Resource Record data etc. enabled Training ATV RAOP Service VLAN 100 CTO Office IPP Service VLAN 200 Instance name Other Services VLAN XYZ RAOP! IPP!
  17. 17. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 VLAN 200VLAN 100 CAPWAP Query •  Service query seen and answered by Gateway •  Original Device not bothered •  Cache maintenance done on TTL / when device goes offline enabled Training ATV RAOP Service VLAN 100 CTO Office IPP Service VLAN 200 Instance name Other Services VLAN XYZ IPP? IPP! RAOP? RAOP!
  18. 18. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 VLAN 200VLAN 100 CAPWAP Cache Entry removed when •  Device disappears when TTL expired •  Service is explicitly removed by Device enabled Training ATV RAOP Service VLAN 100 Instance name Other Services VLAN XYZCTO Office IPP Service VLAN 200 Instance name Other Services VLAN XYZ
  19. 19. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 Q: Hey, Everybody! Who can print using IPP? “PTR (QM)? _ipp._tcp.local.” Q: Color Printer, tell me about your service? “SRV (QM)? Color Printer in Cube 1._ipp._tcp.local.” “TXT (QM)? Color Printer in Cube 1._ipp._tcp.local.” A: I do! “PTR Color Printer in Cube 1._ipp._tcp.local.” Service Name, Unicode, Descriptive A: Here’s your info! SRV=print-server.local [0][0][631] “TXT Location=Floor1 PDL=PostScript” Q: where can I reach print-server.local? “AAAA (QM)? print-server.local.” A: Here you are! “print-server.local AAAA 2001:db8:100::123” RFC 2782 (DNS SRV Service Types) and RFC 6355 (Service name and Port numbers) •  SRV record contains the hostname and port where the service can be reached •  TXT record has additional info describing the service. Always talking to ALL
  20. 20. Cisco Confidential 20© 2013 Cisco and/or its affiliates. All rights reserved.
  21. 21. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 ACLs – L2 / L3 Forwarding •  Cache / Directory of available services •  Filter Services Permit / Deny globally -or- on per-interface basis Inbound & outbound filters Service Types and Instances Wildcarding / Regular Expressions ACLs for Service Discovery •  Process Service Discovery message-set Includes Proxy functions •  Combination with other technologies RBAC with ACLs / SGTs / SGACLs Unicast / multicast forwarding Cache Filter Services Message Handling Identity* Location* Policy Network *future
  22. 22. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Initial Release Features •  Gateway service at Layer 3, proxy across Layer 3 boundaries •  Wired and wireless VLANs •  Service-based filters on ingress and egress, per VLAN •  Build cache, distribute only when configured •  Limited Role-Based Access Control •  Service logging •  Design target: Support for up to 14,000 services per switch, no pre-set limit for number of clients per service
  23. 23. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 •  Catalyst 3560, 3750, current 4500 platforms 15.2E release, target FCS August 2013 •  Catalyst 3760 and 3850, Catalyst 5760 Wireless LAN Controller Target FCS August-Sept 2013 •  Catalyst 6500 Q3 CY13 •  ISR-G2, ASR1000 and ISR 4400 series Q4 CY13 Futures are Subject to Change Without Notice
  24. 24. Cisco Confidential 24© 2013 Cisco and/or its affiliates. All rights reserved.
  25. 25. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 •  Minimal, working configuration shown below •  Allows all services announcements into the cache •  Responds to all service queries with cache content •  Global configuration, applies to all SVI / VLAN interfaces service-list mdns-sd permit-all 10 service-routing mdns-sd service-policy permit-all in service-policy permit-all out redistribute mdns-sd
  26. 26. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 •  Enabling Service Discovery Gateway functionality •  Filters define what gets accepted and what not (in / out) •  Interface Filters take precedence over Global Filters Global Configuration service-routing mdns-sd service-policy <service-list> in service-policy <service-list> out redistribute mdns-sd ! Per-Interface Configuration interface Ethernet0/0 ip address 172.16.31.4 255.255.255.0 ipv6 address 2001:DB8:1:100::/64 eui-64 ipv6 enable service-routing mdns-sd service-policy <service-list> in service-policy <service-list> out !
  27. 27. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 •  Filters are like ACLs for services •  Queries, Announcements, Types and Instance names •  Define what should be learned and responded to •  Applied globally or on a per-Interface basis •  Default action is Deny! •  match on service-type service-instance message-type •  either deny, permit •  sequenced •  uses regular expression (instance & type) service-list mdns-sd <name> {permit|deny} <sequence_number> match message-type {query|announcement|any} match service-instance <instance-name> match service-type <DNS service type string>
  28. 28. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28 •  Service-Type: Uses Regular Expression String matches the SRV advertisements and queries Example are _ipp._tcp (Printing), _xmpp._tcp (Jabber) •  Service-Instance Uses Regular Expression String matches the explicit service instance (a service name) service instances can use Unicode, White Space etc. Example “my fånçy printer in røøm 123._ipp._tcp” •  Message-Type enumeration either ‘any’ or ‘query’ or ‘announcement’ •  First Match, Logical ‘AND’ of Matches service-list mdns-sd limited deny 10 match message-type announcement match service-type _raop._tcp ! service-list mdns-sd limited deny 20 match service-type _airplay._tcp ! service-list mdns-sd limited permit 30 match service-type .* ! Filter denies AirPlay Services, allow all the rest:
  29. 29. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 with redistribution: without redistribution: •  Redistribution of service announcements (removal of / adding a service) •  Either configured globally or per interface •  ENABLED: announcements will be forwarded to other interfaces instantly pro: quicker update of client info con: more announcements / multicasts •  DISABLED: only a query by a client will result in a response by the cache pro: less announcement traffic con: clients may use outdated information (until it times out) or don’t see new services instantly _raop._tcp?   No! Cached!  _raop._tcp! !!!  _raop._tcp! _raop._tcp?   No! ??? Cached!  _raop._tcp!
  30. 30. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 mDNS CACHE ======================================================================================================== [<NAME>] [<TYPE>][<CLASS>] [<TTL>/Remaining] [Accessed] [If-idx] [<RR Record Data>] _ssh._tcp.local PTR IN 4500/4288 9 2 Lab Mac._ssh._tcp _sftp-ssh._tcp.local PTR IN 4500/4288 9 2 Lab Mac._sftp-ssh _services._dns-sd._udp.local PTR IN 4500/4288 1 2 _rfb._tcp.local _rfb._tcp.local PTR IN 4500/4288 9 2 Lab Mac._rfb._tcp Lab Mac._ssh._tcp.local TXT IN 4500/4288 3 2 (1)'’ Lab Mac._sftp-ssh._tcp.local TXT IN 4500/4288 3 2 (1)'’ Lab Mac._rfb._tcp.local TXT IN 4500/4288 3 2 (1)'' •  show cache content •  show requests •  show statistics •  show interfaces
  31. 31. Cisco Confidential 31© 2013 Cisco and/or its affiliates. All rights reserved.
  32. 32. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 Scalable Architecture Unified Access Network Wide Security Manageable BYOD •  Network-wide solution at L3 / distribution layer •  Wireless and wired connectivity •  Built-in cache management and service discovery •  Available for Unified Access, WLCs, Catalyst and WAN / ISRs •  Service filters to control visibility and access •  Enhanced with Identity Service Policy, ISE, SGT & SGACL •  Clients operate transparently •  IPv6 and IPv4 fully supported
  33. 33. Cisco Confidential 33© 2013 Cisco and/or its affiliates. All rights reserved.
  34. 34. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 •  Thank you! •  Please complete the post-event survey •  Join us for upcoming webinars: Register: www.cisco.com/go/techadvantage Follow us @GetYourBuildOn

×