Abilene Christian University, which began widespread deployment of iPhones and iPod touch devices starting in late 2007, set up separate SSIDs and VLANs for Bonjour services, says Arthur Brant, ACU's director of networking service. Originally just for faculty, the professors had to manually connect each Bonjour device to the correct SSID, via a captive portal provided by the WLAN controller. Apple TV adds to the complexity.
"We did have to manually set up the Apple TVs within the captive portal registry so that they could connect - and stay connected - to this dedicated SSID," Brant says. "This was an acceptable process when we had half a dozen Apple TVs, but not something that scales to hundreds of Apple TVs. This solution was, again, 'functional.' but the faculty/staff limitation proved to be the next hurdle we had to cross."
Then students wanted to use Apple's AirPlay mirroring to show their iPhone 4S or iPad screen on a flat-panel display through Apple TV. ACU has to set up yet another dedicated SSID, which authenticates users against ACU's network access control (NAC).
Universities and colleges are also finding that hundreds or thousands of Bonjour-enabled devices are constantly using the multicast protocol to find each other. The result is an astonishing amount of discovery traffic. Aruba Networks says that some of its higher education WLAN customers have found that Bonjour can account for 90% of the WLAN traffic at some times. Mathew Gast, Aerohive Networks director of product management, counted 400 Bonjour services available when visiting one customer.
"Now, having 400-plus services on a single VLAN isn't a problem," he wrote in a blog post. "After all, that network was running fine. It's having 400 services on the first VLAN, another 400-odd services on the second VLAN, and so on. If you blindly share everything, you will give an appropriate meaning to the word 'flood' as your network drowns in multicast."
The University of Washington had to disable multicast in a few areas due to excessive multicast/broadcast traffic, says David Morton, UW's director of mobile communications. "This breaks Bonjour so we try to limit the areas where we have to implement these measures."
Breaking Bonjour is a problem. "From a user's perspective, it is difficult to understand why it works at home, but not on our network," Morton says. "We've had several discussions with Apple about this issue and would love to see them offer a solution."
"Even if you could get multicast to work on a large scale, would you really want to be presented with a list of 500 Apple TVs, presuming the software could even handle that, or 1,000 printers?" asks William Green, at the University of Texas, which disabled multicast. "And would you want just anyone to be able to connect to all those Apple TVs? Suppose someone projected something inappropriate: How would you find out who did it to educate them on proper use of the resource?"
The alternatives are awkward, he says: cabling iPads directly to classroom Apple TV boxes, and with multiple groups, cabling through a complex and expensive switching system; or setting up separate Wi-Fi access points that aren't part of the campus WLAN. "This creates support problems and authentication difficulties, usually limiting it to instructor-use only," Green says.
These IT managers are not optimistic that Apple will decide to make their jobs easier.
"Whether or not Apple will make such a change, I honestly don't know," says ACU's Brant. "In your typical home or consumer network scenario, Bonjour works great....I personally believe that the target segment for the Apple TV is the consumer space, and so I really don't see Apple changing course with their Bonjour service, because it meets the needs of the consumer market."
John Cox covers wireless networking and mobile computing for Network World.
Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.