Skip navigation

Tag Archives: subnetting

What have I been puzzling over on and off for the last few weeks? Enabling AirPlay discovery across VLANs.

The school I work at has been deploying Apple TVs to a lot of classrooms in the last several months, initially to solve a problem that Apple themselves had caused with buggy firmware for the Thunderbolt ports on their new MacBooks. Our teachers rely a lot on projectors, and the fact that around 30 of our teachers were suddenly unable to project from their brand new computers caused a huge problem. Enter Apple TV. The fact that you can use an Apple TV to mirror your computer’s display wirelessly was a huge hit with a lot of teachers who were tired of having to plug and unplug cables every time they wanted to put something up on the projector. Of course, the introduction of around 30 Apple TVs was not without its problems as well, especially as our wireless network started taking a hit from all the added traffic, especially when teachers wanted to stream video from their computer (over wireless) onto the Apple TV in their room (never mind the fact that Apple TVs have Netflix, Youtube, and Vimeo apps installed which would allow users to cut out the middleman of the computer).

Along with the influx of Apple TVs has come a wave of iPads and a lot of smart people thinking about educational uses for iPads.

Now all of this is great, and a lot of the kinks have been worked out or are being worked out by getting the Apple TVs hooked up to ethernet ports rather than going over the wire and by trying to figure out who still needs Apple TVs since the release of Apple’s Thunderbolt firmware 1.1 update, which solved the problem that got us so many Apple TVs in the first place. The big problem now is figuring out how to make our Apple TVs available to guest presenters during conferences and the like.

Our network is split up into several VLANs based on function, with students and faculty on networks that have their access controlled by a RADIUS server that looks at MAC addresses. We also have a WPA2-secured guest network for guests (duh). For individual guests who need access to functions on the access-controlled networks, it’s not too difficult to put their MAC in the system temporarily and remove them again when they leave, but that becomes impractical with high volumes of guests on campus. Logistically, it’s just too difficult to collect a thousand MAC addresses or even just a hundred for all the presenters at a conference, let alone spending the time, even with a script automating the process, to add and later remove all these clients from our RADIUS server.

Now if things were simple, we could just put a temporary hole in the firewall to allow traffic between the guest network and the network that has our Apple TVs on it. Unfortunately, Apple, in their desire to make everything as simple as possible, uses Bonjour (their implementation of multicast DNS) to make AirPlay-capable devices work together with almost zero user-intervention. Bonjour advertisement and discovery messages go out over link-local multicast, making it impossible, at least in an IPv4 setting, to ever get them out beyond Layer 2.

So what’s the solution?

Avahi.

Avahi is a FOSS implementation of mDNS that can, with the flip of a boolean switch in its config file, can reflect Bonjour packets between subnets.

I’m still reading through documentation and seeing how Avahi can be implemented in our network with as little extra strain to the infrastructure as possible, but in the mean time, here are a couple of articles touching on the subject from packetmischief.ca and Prolixium dot com.

Advertisements

If you’ve ever sat in front of a computer giving you one of those dreaded “no network connection” messages, you’ve probably clicked everything that looks like it might bring the Internet back at one point or another, and in your quest for connectivity, you’ve probably run across the term “subnet mask” at least once. If you don’t know a lot about networking, subnet masks might look kind of intimidating. I mean, there’s a lot of numbers and dots going on there.

A typical subnet mask that you’re likely to encounter in a home network should look like 255.255.255.0 unless whoever configured the network did something unusual. If you’ve encountered subnet masks at your office, they might look like 255.255.0.0 instead, but those are just typical subnet masks. Your mileage may vary.

So what the hell is a subnet mask, anyway? To put it simply, a subnet mask tells your network if traffic is going around locally or if it needs to go out onto a wider network.

Let’s break that down a bit more. At its heart, every IP address is a 32-bit binary number. Let’s take an IP address that most people have seen if they’ve ever set up a home wireless router; 192.168.0.1 is 11000000.10101000.00000000.00000001 in binary (though the dots are just there for us silly humans to see so that we can comprehend what we’re seeing). This address has a subnet mask of 255.255.255.0 (which is 11111111.11111111.11111111.00000000 in binary or, as the computer sees it, 11111111111111111111111100000000). Now if you or I were on this network and went looking for the address 192.168.0.42, it’s as plain as day that it’s on the same network and subnet, but a computer has to hold the address up against its assigned subnet mask and does a bit of binary math on it.

If you’re not familiar with the logical/binary AND operator, all you need to know is that it takes two one-bit binary arguments (a 1 or a 0) and compares them. If you pass in two 1s, you get back a 1, otherwise, you get a 0. Therefore, if you AND an address against a subnet mask, you will get back the network ID (in the case of the example I’ve been using, that’s the first three octets–192.168.0) followed by zeroes for the client ID. If the network ID of the address in question matches the address the traffic is coming from, then the system knows the traffic is local, otherwise, it needs to go outside of the local network.

I know what you’re saying right now–this is obvious stuff–why would I need to know about subnet masks? Well, if you’re dealing with simple networks, you mostly don’t. However, if you’re interested in splitting up your network into several subnets or VLANs (Virtual Local Area Networks). Let’s say that we have a network what starts at 192.168.8.0 and we want to split it into several subnets, say to isolate network traffic between an administrative office and a public segment of your network. The base network is 192.168.8 /24 (the /24 indicates the number of bits in the subnet mask). Let’s split that into two networks. To do that, we add 1 bit to the subnet mask, making it /25 and creating two subnets with address ranges of 192.168.8.1 - 192.168.8.127 and 192.168.8.128 - 192.168.8.254 (the 0 and the 255 addresses in the last octet are reserved addresses).

Now if you look at two addresses for traffic on this network, it becomes a bit harder to tell which subnet traffic belongs to. (Of course in this example, it’s still easy to tell, but bear with me; I didn’t want to make more subnets.) Your subnet mask is /25, which is 25 1s and seven 0s totaling 32 bits. AND that subnet mask against your target address and presto! There’s your answer.

Now you know, and knowing is half the battle.