AirGroup

In addition to facilitating discovery for multicast DNS (MDNS) and simple service discovery protocol (SSDP) services, AirGroup influences which MDNS/SSDP multicast advertisements and discovery frames are propagated and forwarded to wireless stations, and which frames are discarded. AirGroup allows administrators to define and control which services are discoverable by wireless stations based on location, user role or VLAN. Multicast frames for disabled services are filtered by the APs and are not transmitted to wireless stations preventing service discovery and conserving airtime. When no broadcast or multicast filtering is enabled in a WLAN, all MDNS/SSDP multicast frames are propagated and forwarded to wireless stations at the lowest configured transmit rate. The total number of MDNS/SSDP frames that are generated by all active wireless stations across the system can be significant as modern operating systems can generate 5-20 MDNS queries during initial association or after roaming. When the recommended broadcast filtering ARP option is enabled in a WLAN profile and dynamic multicast optimization (DMO) is disabled, the propagation of MDNS/SSDP multicast frames is prevented. AirGroup must be enabled and specific services permitted for service discovery to occur. APs will only respond to MDNS/SSDP queries for services that are explicitly permitted by the admin based on the context of each wireless station. When DMO is enabled to support an IP multicast application and AirGroup is disabled, all MDNS/SSDP multicast frames are propagated and forwarded to wireless stations irrespective of the configured broadcast filtering option configured in the WLAN profile. Whilst the MDNS/SSDP multicast frames are optimized by being converted to unicast by the AP, no filtering is performed unless AirGroup is enabled. Once enabled, the APs will only respond to queries for services that are allowed.

Recommendation

If MDNS/SSDP services are required for your deployment, HPE Aruba Networking recommends enabling AirGroup and permitting the specific services that are required. This will prevent unnecessary MDNS/SSDP multicast frames from propagating to wireless stations. Once configured, APs will only respond to queries for services that are allowed based on the context of each wireless station. Alternatively, if MDNS/SSDP services need to be prevented and AirGroup is disabled, role-based policies may also be crafted to drop MDNS and/or SSDP messages originating from wireless stations. As MDNS and SSDP implement well-known destination multicast addresses, policies can be crafted to drop IP packets destined to those addresses:

• MDNS destination IPv4 address – 224.0.0.251/32
• SSDP destination IPv4 address – 239.255.255.250/32

Configuration

A detailed overview of the AirGroup service, configuration and operation is available at the AirGroup topic.