Lesson 22. Unmanaged Networking
|
Time |
This lesson takes approximately 1 hour to complete. |
|
Goals |
Understand the purpose and advantages of address assignment, naming, and browsing (service discovery) on a network Learn how AppleTalk and Bonjour function as service discovery protocols, and discover their advantages and disadvantages in a mixed platform environment Use Bonjour to locate services |
Welcome to Part 3, “Networking and File Services.” The first four lessons in this section cover Mac OS X networking topics, such as IP networks and services and advanced configurations, while the last four are devoted to file services.
In this lesson you will learn about the need for unmanaged networking and get a historical perspective on how AppleTalk led the way in ease of network configuration. To gain a more complete knowledge of similarities and differences between managed and unmanaged networking, the lesson includes detailed information about Bonjour, and some overview information about managed networking concepts. At the end, you will learn how to troubleshoot and monitor Bonjour activity.
Understanding Unmanaged and Managed Networking
Unmanaged or ad-hoc networking allows you to create a network without performing any configuration. This type of networking is ideal in situations where access to a managed network is not possible, such as at home or in an airport. The following figure shows some of the issues with unmanaged networks.
For an unmanaged network to function, it must fulfill the following main requirements:
• Assign IP addresses automatically
• Assign network names automatically
• Discover services automatically
Other considerations for unmanaged networking are:
• Plug-and-play networking
• No assumed user technical skills
• No assumed system administrator role
In this lesson, you’ll learn how Bonjour technology fulfills these requirements and lets you create an instant network of computers and smart devices just by connecting them together.
To understand how Bonjour works and to appreciate its role in simplifying networking, it’s worthwhile to see how managed networks deal with IP address and network name assignment. As shown in the following figure, traditional methods of network management included a DNS server, DHCP server, and static addressing.
In a managed network, IP addresses are assigned either automatically by a DHCP server or manually by a system administrator. In addition, network names are assigned by an administrator who must edit DNS files to map every assigned name to its corresponding IP address. Furthermore, an administrator needs to provide the information necessary for users to access services on the network.
So unlike an unmanaged network, a managed network not only requires skilled personnel, but also additional software and hardware resources, making it impractical in small offices, homes, and on the road.
A Look Back at AppleTalk
While Bonjour technology for creating instant networks is fairly new, Apple had long ago pioneered AppleTalk, which enabled instant networking without any configuration but was limited to the Apple platform. To connect a printer to a network, all you had to do was connect it to the network. Then, you could open the Chooser on your Mac OS 9 or earlier computer, select the printer from the list of available printers, and print to it. You typically didn’t need special knowledge to configure the printer.
Similarly, connecting Macintosh computers to a network and sharing files was easy: Just enable file sharing on one computer and look in the Chooser on the other computers to find the shared system on the network.
AppleTalk made simple plug-and-play configuration and network browsing possible, allowing Macintosh computers to thrive in locations where traditionally a network administrator was not available, such as K–12 schools and small businesses.
Mac OS X still supports AppleTalk to allow you to connect and access AppleTalk devices in a network, although this support is slowly being phased out. For example, as of Mac OS X version 10.4, Apple file-sharing services can be discovered via AppleTalk, but the connection itself must be made using TCP/IP.
Introducing Bonjour
Although AppleTalk excelled in ease of network configuration, a new IP-based protocol that provides the same ease of use and cross-platform flexibility was needed. So Apple engineered Bonjour, an implementation of Zeroconf, an open protocol built on other standards such as Internet Protocol (IP), domain name system (DNS), and Address Resolution Protocol (ARP).
The following figure shows the simple steps for requesting and discovering devices with Bonjour area request (1) and receiving a reply (2).
More Info
Zeroconf is a working group of the Internet Engineering Task Force (IETF). This group was chartered in September 1999 to create a standard for IP networking without configuration. A Zeroconf solution must allocate addresses without a DHCP server; translate between names and IP addresses without a DNS server; find services, such as printers, without a directory server; and coexist gracefully with large configured networks without damaging the network when a Zeroconf machine is added. For more information about Zeroconf, visit www.zeroconf.org.
With Bonjour, which is available in Mac OS X v10.2 and later, you can create unmanaged networks that are plug and play. Bonjour configures each device’s IP settings automatically and then makes the services available on each device easily accessed by all the devices on the network.
Bonjour works on a network subnet, making it ideal for ad-hoc local area networking. Simply bring your Macintosh computer running Mac OS X v10.2 or later into range of another AirPort-enabled Macintosh computer running Mac OS X v10.2 or later—or plug in an Ethernet cable—and Bonjour configures your computer and accesses the services and capabilities of other computers available on the network. Bonjour does this over the worldwide standard IP networking protocol.
Examples of ad-hoc local area networking include sharing computers in conference rooms, airports, hotels, and homes.
When you connect two or more devices that implement Bonjour, they can do the following, without needing a dedicated DNS server, DHCP server, or directory server:
• Addressing: Automatic network address assignment
• Naming: Automatic network name assignment and translation between names and IP addresses
• Browsing: Service discovery without a directory server
Bonjour is part of Apple’s open-source Darwin effort. Developers wishing to incorporate Bonjour into their products can access implementations for Mac OS 9, Mac OS X v10.1, POSIX (such as Linux), and Windows.
Assigning Addresses
When a computer is first connected to a network, it needs an address so other devices can access it. To do this, Bonjour devices use the industry standard IPv4 link-local addressing. When configured to use DHCP and DHCP isn’t available, the device randomly assigns itself an IP address in the 169.254/16 range (169.254.1.0 to 169.254.254.255) and checks to make sure no other device is using that address on the subnet. It continues checking for conflicts during the lifetime of the link.
A Mac OS X computer with a link-local address can access all other devices on the subnet, and they can all access it. When accessing devices outside the subnet, our computer is dealing with a larger managed network and it needs a managed IP address, such as one from the DHCP server or one that’s been manually entered. The ability to start with a link-local address and later substitute a valid IP address when a DHCP server is configured shows how link-local addressing can be complementary when reaching beyond the local subnet.
Link-local addressing first appeared in Mac OS 8.5 and Windows 98. Mac OS X and the extension protocol for IPv4, called IPv6, includes link-local addressing. Before Mac OS X v10.2, you could not access a link-local address from a machine with a static address or vice versa, but that restriction was lifted starting with Mac OS X v10.2 and later.
Naming Your Network
If an IP address is randomly assigned, networking is available but not user friendly. Others must know your random IP address to access your Bonjour host. Because people remember names better than numbers, DNS is used for mapping IP addresses to domain names. Bonjour provides domain-name-to-IP-address resolution using multicast DNS. Multicast DNS is especially helpful because the computer’s randomly picked IP address may change over time, but the service should still be accessible via its Bonjour name.
In the past, if you needed to log in to a computer on your local subnet via the secure shell command ssh, you would have to know the computer’s IP address. When using DHCP, the IP address often changes. In a multicast DNS environment, if you set the computer’s Bonjour name to “powermac,” you could open Terminal and type
ssh powermac.local
to log in to it without ever needing to know its IP address. You could also open the Terminal application and choose Connect to Server from the File menu.
Note
This guide refers to a Bonjour “service” instead of a Bonjour computer. A single computer may have multiple Bonjour services running and available, such as Personal File Sharing, iChat, Windows File Sharing, and so on.
Every Bonjour host contains a small DNS responder to respond with the service’s IP address when another client requests a lookup of the hostname. Whereas a typical DNS lookup is pointed at a single DNS server, Bonjour allows multicast DNS requests that are visible to all Bonjour DNS responders on the local link. These DNS responders ensure name-to-address lookups get resolved, even without having a centrally managed DNS server or if computer IP addresses change over time. The following figure shows how a Bonjour multicast query is answered by an mDNS responder—in this case, a printer.
A computer has three names, which can be different or identical:
• Computer name: You can define the computer name in the Sharing pane of System Preferences. This name, which supports Unicode characters (including mixed case, spaces, and non-Roman languages), is the name you will see when you use Connect to Server to browse for servers. It also is the name of the folder that contains all mounted partitions. The computer name can contain any Unicode characters (up to 63 bytes of UTF-8). AppleTalk also uses the computer name, however the computer name is available only to machines in the same local link.
• Bonjour name: You can define the Bonjour name, which is also referred to as the local host name in the Sharing pane of System Preferences. Unlike the computer name, the Bonjour name is limited to the same restrictions of DNS: Roman characters, no spaces, almost no punctuation, and cannot start with a number. The Bonjour name is for AFP (Apple Filing Protocol) URLs, SMB (Server Message Block) URLs, SSH (Secure Shell), FTP (File Transfer Protocol), and HTTP (Hypertext Transfer Protocol) and is available only to other machines on the same subnet. By default, the Bonjour name is the same as the computer name, with spaces replaced by dashes, symbols removed, and the suffix .local appended to the end. However, you can change the Bonjour name (but not the suffix .local) using the Edit button in the Sharing pane of System Preferences.
Tip
If you change the Bonjour name, keep it as similar to your computer name as possible to avoid confusion.
You can use the Bonjour name with command-line tools such as ftp, ssh, telnet, and ping. Your Bonjour name is also the name that will appear to Windows users in the Network Neighborhood.
The computer name is the default name used for Bonjour service registrations. In addition, the computer name provides a suggested default for applications to use. However, you can use any name as long as it is up to 63 bytes of UTF-8 character (unlike the Bonjour name of the computer, which has more stringent requirements). For example, you can use iTunes to advertise a network service that shares music files and call it “Dave Pugh’s Party Music Mix.”
• Hostname: The hostname is defined in the hostconfig file, which is discussed in more detail later. The hostname is used by scripts and services such as ftp and telnet that run from the command line. By default, the host name is set to the word AUTOMATIC. The hostname is defined by the following set of rules, in order:
1. If defined, hostname is the hard-coded name in the /etc/hostconfig file.
2. If available, hostname is the name returned by the DHCP or BOOTP server.
3. If available, hostname is the DNS name associated with the system’s primary address.
4. If defined, hostname is the Bonjour Name.
5. If none of the above rules are met, hostname is defined as localhost.
Network Browsing—DNS Service Discovery
Link-local addressing (IP address assignment) and multicast DNS (name-to-address lookups) provide access to services only if the service name is previously known. To find services or device names, Bonjour supports service discovery, or browsing. Service discovery has been available to Macintosh users via AppleTalk and SLP, but traditionally not to the larger IP community because IP did not have built-in support for discovery. The Zeroconf Working Group solution to this limitation is DNS Service Discovery.
Presented with the same process of request and reply, the following figure shows that Davids-mac (1) is requesting an Internet Printing Protocol (IPP) service (2). The IPP protocol is commonly used in printing.
DNS Service Discovery relies on the DNS ability to do a key-value lookup. Whereas DNS traditionally uses a domain name key to look up an IP address value, DNS Service Discovery extends the meaning of key to include a service type and the value to be the service type’s name. Because DNS supports multiple responses, DNS Service Discovery allows you to see all available services of a specific type on the local subnet.
Note
DNS Service Discovery looks for services, while DNS looks for devices. This distinction is key to how network protocols really work, such as where an IPP client is looking for “things that speak IPP.” In this case, the search for IPP services might return a list of IPP printers. It could also include an IPP archival storage device used in document management situations where IPP is the protocol used to archive (print) documents to an offline storage management system.
For example, to search for an IPP printer, your computer sends IPP requests to the local subnet, which might look like the following:
PTR _ipp._tcp
Bonjour-compatible IPP printers would respond with their Bonjour name, such as inkless-printer. When the computer displays the list of available printers, you can select inkless-printer and print to it.
DNS Service Discovery complements link-local addressing and multicast DNS by completing the networking requirements of assigning IP addresses, matching names to IP addresses, and browsing for services.
A main limitation of browsing protocols is the level of additional traffic generated to support them. Although AppleTalk is easy to use, it is a browsing protocol. Every browsing protocol generates additional network traffic; Bonjour takes a number of steps to reduce traffic to a minimum, thereby making it an excellent method for local browsing.
Caching
The multicast DNS responder running on Mac OS X maintains a cache of multicast packets to prevent requesting information that it already has. For example, when one host requests a list of LPR print spoolers, the list of printers comes back multicasted, so it is visible to all local hosts. The next time a host needs a list of print spoolers, it already has the list in its cache and does not need to reissue the query. The following figure shows how only a new device connected to the network will respond to a request for services.
Suppressing Duplicate Responses
To prevent repeated answers to the same query, service queries include a list of valid responses. For example, if a host is browsing for printers, the first query includes no print services and gets ten available print services. The next time the host queries for print services, the query includes the ten known print services. Only hosts that provide print services but are not listed in the query respond.
Exponential Back-Off and Service Announcement
When a host is browsing for services for an extended period, it reduces the query traffic sent over time. The host issues an initial query, and subsequent queries are sent exponentially less often: after 1 second, 2 seconds, 4 seconds, 8 seconds, and so on, up to a maximum delay of 1 hour.
This does not mean that it takes over an hour for a service browser to identify new services. When a service starts up on the network, it announces its presence with the same exponential back-off delay. This way, the background noise is kept to a minimum, but new services are seen very quickly.
Note
Some network administrators would argue that any additional traffic on their network is cause for concern, no matter what the level of “chattiness.” Unfortunately, the tradeoff for not providing functionality such as service discovery would typically require someone to manually configure the system for novice users. With today’s level of built-in 100/1000BASE-T Ethernet, it is much less costly to send a few packets across the network than to send an administrator to configure each user’s workstation, especially as new Internet-enabled devices get added to existing networks.
Adopting Bonjour
As mentioned earlier, Bonjour and Zeroconf implement IP networking without configuration for existing devices as well as new classes of devices or services. Bonjour support in Mac OS X provides simple configuration for home or cafe computing scenarios (where people need to network computers in a coffee shop or bookstore). Examples of applications that take advantage of Bonjour are iChat, iTunes, and iPhoto.
Today, most early Bonjour adoption outside of Apple has focused on network printer support. Before Bonjour, network printer manufacturers had to decide whether to include legacy support for AppleTalk to allow easy network configuration, in addition to the expected IP printing support. By supporting Bonjour, printer manufacturers have an alternative way to allow easy network operation.
Brother, Canon, Epson, Hewlett-Packard, Lexmark, and Xerox support Bonjour, often called Zeroconf (on older printers you may also see the name Rendezvous, which is what Apple called it in Mac OS X v10.2 and Mac OS X v10.3).
Other manufacturers that have announced Bonjour support are:
• Sybase: Sybase’s Adaptive Server Enterprise 12.5
• World Book, Inc.: World Book’s 2003 Mac OS X edition allows students to automatically share their World Book research and bookmarks
• Philips: Future electronics products
• TiVo: To listen to shared music or view shared photos on a TV
• Aspyr: Networked games
Bonjour is ideal for accessing devices that do not include a monitor or keyboard and where the only option for configuration is first accessing the device over a network. Because the manufacturer must provide some initial configuration option, a Bonjour address that is dynamically assigned when the device joins the network would be preferable to a static address that might be incompatible with the network or conflict with an existing network device. Bonjour-enabled devices have the advantage of working on both configured and unconfigured networks because a Bonjour-enabled device can choose an appropriate address and advertise its services to the local subnet. Because many new devices include embedded servers for accessing or updating their software, such as HTTP, FTP, or SSH servers, Bonjour is excellent for locating these devices on the network.
Troubleshooting Bonjour
Even though Bonjour is meant to address zero configuration scenarios and requires no management, there might be situations where you will need to troubleshoot Bonjourenabled networks. Here are a few troubleshooting tips that can help you understand what is happening on a network where Bonjour is used. It is helpful to remember that Bonjour is associated with services, not devices. A single device (for example, a Macintosh computer) might have multiple Bonjour services running concurrently (for example, Personal File Sharing, iChat, and iTunes).
Name Conflict Resolution
The Bonjour name is based on the initial installation assistant values entered for First Name and Last Name, and you can modify the Bonjour name in the Sharing pane of System Preferences anytime after the initial configuration. You can type any valid name into this field and Bonjour will map the name to a valid link-local name, as well as check for duplicate name conflicts on the local subnet. If a duplicate name is found, Bonjour will increment the current Bonjour name until a unique name is found. If two users have the Bonjour name jan on the same subnet, one machine may end up with the Bonjour name jan-2.local. To avoid any confusion that might arise from having duplicate names, use names that are most likely to be unique.
Packet Sniffing
Bonjour uses a standard DNS packet format, but on UDP Port 5353 instead of 53. You can use the tcpdump, ethereal, tethereal, or other packet-sniffing tools to monitor Bonjour activity and detect abnormalities. For example, to capture Bonjour packets only using tcpdump, use the following commands:
• sudo tcpdump -i en0 dst port 5353
• sudo tcpdump -i en0 | grep mdns
Log Monitoring
Use Console to view the system log and look for mDNS entries to detect errors or other types of problems. You can also view the mDNS entries in the system log using the following command:
grep mDNS /var/log/system.log
What You’ve Learned
• Zeroconf is an IETF working group whose purpose is to enable IP networking without configuration.
• Apple’s implementation of Zeroconf is called Bonjour.
• Zeroconf and Bonjour have three main areas of work: addressing, naming, and service discovery (browsing).
• Address assignment is implemented using IPv4 link-local addressing.
• Naming is handled by multicast DNS.
• Service discovery is handled by DNS Service Discovery.
• To troubleshoot Bonjour-enabled networks, you can use packet sniffers, logs, and third party utilities to determine the problem, as long as you’re using unique Bonjour names.
References
URLs
Bonjour information: http://developer.apple.com/networking/bonjour
Zeroconf Working Group information: www.zeroconf.org
Apple Service and Support page: www.apple.com/support
Bonjour Browser provides a convenient GUI interface to explore what devices are responding to each Bonjour-enabled service: www.tildesoft.com/Programs.html
Multicast DNS: www.multicastdns.org
Lesson Review
1. Describe how Mac OS X is designed to support networking without requiring configuration.
2. What are the three key networking issues addressed by Bonjour?
3. What is IPv4 link-local addressing? Describe its use in Bonjour?
4. What is multicast DNS? Describe its use in Bonjour?
5. What is DNS Service Discovery? Describe its use in Bonjour.
6. What is the difference between a computer name and a Bonjour name?
Answers
1. Mac OS X includes support for work based on the IETF’s Zeroconf Working Group for Zero Network IP Configuration. The Apple implementation is called Bonjour. Bonjour configures Mac OS X for network support without requiring the user or network administrator to do any configuration.
2. IP address assignment, naming, and service discovery (browsing)
3. Link-local addressing allows a computer to self-assign an IP address when the computer is configured to use DHCP but no DHCP server is available. With link-local addressing, a computer randomly selects an address from the 169.254/16 range and checks to make sure no other device is using this address throughout the lifetime of the link. This is referred to as link-local since the address is valid only on the local link, or subnet.
4. Every Bonjour host contains a small DNS responder. This DNS responder can respond with the service’s IP address when it sees another client requesting a lookup of its host name. Whereas a typical DNS lookup is pointed at a single DNS server, Bonjour allows multicast DNS requests that are seen by all Bonjour DNS responders running on the local link. The DNS responder ensures name-to-address lookups happen, despite not having a centrally managed DNS server, as well as when IP addresses change over time.
5. DNS Service Discovery relies on the DNS capability of doing a key-value lookup. Whereas DNS traditionally uses a domain name key to lookup an IP address value, DNS Service Discovery extends the meaning of key to include a service type and the value to be the service type’s name. DNS supports multiple responses, which allows someone looking for a specific type of service to see all services of that type on the local subnet.
6. The Bonjour name is your link-local multicast DNS host name, which you can use with command-line tools like FTP, ssh, Telnet, and ping, as well as Mac OS X Windows File Sharing. The computer name is the default name that Bonjour uses for DNS Service Discovery.