Cisco to unveil Apple Bonjour gateway for enterprise WiFi networks

Cisco plans to add code to its wireless LAN controllers to make Apples Bonjour-based technologies like AirPlay and AirPrint better behaved on enterprise networks.

BACKGROUND: IT groups petition Apple to fix Bonjour protocol

The code will turn the controller into a Bonjour gateway, and couple this with policy-based end user privileges. For users, this will mean that Apple clients will be able to find and access network-attached AirPrint printers, Apple TVs and the like on different subnets, so everything will just work as it does on their own home networks.

A second expected result will be a big decrease in the amount of Bonjour-based discovery traffic that today is putting a heavy load on enterprise nets teeming with Apples MacBook laptops, iPhones, iPads and more.

Cisco is hosting a Webcast seminar and demonstration of its still-in-development Bonjour Gateway Tuesday, July 24, at 10 a.m. Pacific (1 p.m. Eastern).

The webcast will also present Ciscos plan to extend one of its existing technologies, called Network Based Application Recognition, to its wireless LAN firmware. For the first time, Cisco WLAN controllers will be able to dissect packets and compare them to a database of about 1,500 application signatures to identify a specific application -- such as a video conference versus a Netflix video, or a Skype voice call -- to be prioritized, blocked, or given bandwidth limits, for example.

Bonjour, originally called Rendezvous when introduced in the early 2000s, is Apples latest implementation of zero configuration networking or Zeroconf, which is a group of open Layer 2 protocols to automatically and quickly set up an IP network, without having to set up services such as Dynamic Host Configuration Protocol, DNS, and DNS Service Directory. (More background is online at a page maintained by Stuart Cheshire, Zeroconfs pioneer, who was later hired by Apple.)

And in simple home Wi-Fi networks, thats just what happens: Apple clients broadcast for services, the services identify themselves, and client and service simply connect, paving the way for specific Apple protocols like AirPrint for printers and AirPlay for sharing multimedia among Apple clients via an intervening Apple TV box

But the strengths of Bonjour become problematic in more complex networks, which now can have hundreds, thousands or tens of thousands of iPhones and iPads advertising for services, but unable to connect if theyre on separate subnets. And the discovery traffic can, according to some colleges and universities, sometimes hit 90% of the network load. The problems are pressing enough that last week a group of higher education IT managers finalized a petition to Apple, asking for a range of Bonjour, and related, changes to make the protocols better citizens on enterprise networks. [See "IT groups petition Apple to fix Bonjour protocol"]

Cisco is the third WLAN vendor to address these issues with a Bonjour gateway. Aerohive this week announced the release of HiveOS 5.1 and HiveManager 5.1, which now include its Bonjour gateway, first announced in March. Rival Aruba Networks announced a similar capability, also in March, and is expected to release it before the end of 2012.

On a Cisco WLAN, Apple clients will advertise for Bonjour services, just as they do now, says Chris Spain, vice president of product marketing for Ciscos wireless business unit. The Cisco access point then will tunnel those requests back to the WLAN controller, and match them with an inventory of available AirPrint printers, Apple TVs, iTunes libraries and the like on any subnet in the enterprise network. The controller identifies the user, matches the authenticated user with his or her access privileges and grants access to the requested Bonjour service or not, based on group policies. 

So faculty but not students might have access to Apple TVs in specific rooms, or to certain AirPrint printers.

Ciscos Webcast promotional page puts it this way: With the Cisco Bonjour Gateway, available in a future software update, the wireless controller will answer device service queries in proxy of the server. Once the client gets a response it can connect via layer 3. Now file servers, printers, video devices, or any Bonjour server device can be accessed across subnetsmaking it easy for users to access the services they need.

Spain says Cisco is currently testing the gateway to find out how and to what degree it can reduce Bonjour discovery traffic. In effect, with the intervening controller, every Bonjour request-response appears to the client device as a local, single-network transaction. Because the controller acts as a proxy for other Bonjour services on other subnets, it can minimize broadcasts, at least in theory.

We think the gateway will reduce the total amount of Bonjour traffic over the network, says Spain.

The Tuesday webcast will also demonstrate Ciscos application visibility and control (AVC) over wireless LANs. This software, which identifies specific applications based on deep packet inspection compared to a catalog of application signatures, has been around for years as part of Ciscos popular ISR routers and other products, especially to optimize relatively slower, shared resources like WAN links. This code is now being embedded on the Cisco WLAN controllers and given yet another Cisco acronym, NBAR, for Network Based Application Recognition.

By being able to see specific applications on the Wi-Fi links, the controller can then apply pre-determined policies to manage and optimize them. Voice or video applications, which are sensitive to jitter and latency, might be given priority treatment by the WLAN, for example. Or some applications, such as bandwidth hungry Netflix streaming video might be blocked; other applications might be given a specific bandwidth allocation.

Previously, Ciscos WLAN firmware had some limited ability to identify applications. But the inclusion of AVC will now make this broader, deeper, and more specific, and allow IT to associate more granular controls on specific applications, according to Spain.

John Cox covers wireless networking and mobile computing for Network World.



Blog RSS feed:


Read more about anti-malware in Network World's Anti-malware section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Cox

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts