Bonjour control

  • 1
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hi, I understand that Extreme policy can control the Bonjour traffic. So, here I have two questions;

(1) Is there any demerit when I make a policy that AP rejects the bonjour packet at the edge?

(2) Usually, how much percentage of the traffic occupied by the bonjour traffic?

Thank you in advance.

Regards,

Yutaka Sasaki
Photo of Yutaka Sasaki

Yutaka Sasaki

  • 102 Points 100 badge 2x thumb

Posted 2 years ago

  • 1
  • 1
Photo of Brad Parker

Brad Parker, Technical Support Engineer

  • 3,266 Points 3k badge 2x thumb
I've had quite a few requests through the years where the switch can have a lot of trouble once bonjour is introduced in the network. The problem is that it can be a very chatty protocol and if you have a lot of different endpoints sending, it can quickly get out of hand. If you can cut it off at the AP instead of it going to the switch, I can only see it improving things. 
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
A big problem with Bonjour (or any other link-local protocol used by many clients) on Wi-Fi results from multicasts (and broadcasts) being sent with the slowest transmission speed of the Wi-Fi version used. Many multicast packets thus result in a lot of airtime wasted by these protocols, without a real benefit.

On a wired network they can cause a problem with IGMP snooping, because practically every client both sends an receives the respective multicast groups, which results in many IGMP snooping entries, possibly too many for the switch.
Photo of Yutaka Sasaki

Yutaka Sasaki

  • 102 Points 100 badge 2x thumb
Hi Brad, Hi Erik,

Thanks a lot! Both of your comments are very helpful to me.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Another problem with Bonjour, MDNS, and LLMNR multicast traffic using group addresses within 224.0.0.0/24 is the associated CPU load of switches. If a switch receives a multicast packet with group address in this range on an IP interface, it will forward this packet to the CPU. This results in increased CPU load.

The GTAC Knowledge Article How can I block mDNS with an ACL using MAC addresses is related to this problem.