Chromcast SSDP and mDNS Service Control on Fortinet Wireless Controllers

Service control feature on FortiRu Controller’s been there for quite some time now. This has been very effective in managing the mDNS traffic on wireless side. Once you enable this feature on the Wireless controller you could manage the mDNS traffic flow across VLANS and ESSIDS by creating Service control policy.

This works well for mDNS traffic control for Airprint ,Airplay, etc. There are some limitation in case of chromecast multicast traffic management when it comes managing SSDP traffic.

FortiRU controller don’t support SSDP service control across multiple VLANs from day one. While still this can work between ESSIDs within VLAN.

Reason, In your FortiRU controller’s :

                           SSDP forwarding happens on data path
                           mDNS forwarding happens on user space.

Since SSDP traffic doesn’t hit the user space the Service control policy don’t get applied.

A real world condition:  If you try use your Windows computer with chromecast you mostly will notice mDNS traffic used for discovery and mirroring. While on a iPad running YouTube application and you try to mirror that application you will see SSDP application used for discovery. So, this very well depends on Device/Application using SSDP ( udp dst port 1900) for discovery.

Following a Feature request, now from SD 8.4 General release onward it will be supported.

SSDP

By default, on  FortiRU OS you will have apple service types available for service control while for chromecast you might need to create your own service types(FortiRu OS might be missing what exactly you want).

#Configuration on WLC controller is straight forward::

1.Enable service control

enable service control

2.Confirm that your interested service types are available on your WLC controller for service control

service type

3.SC-AP Group creation

sc ap group

4. Publisher and subscriber User Group creation.

user group

5. Finally Policy creation:

policy.PNG

To debug Service control issue on WLC-Controller:

FortiMeruXXX(15)# sup-cli
FortiMeruXXX]
FortiMeruXXX] tr ServiceMgr ffffffff

FortiMeruXXX] trace on (turn on the trace)

Once the issue is captured turn it OFF.

FortiMeruXXX] trace off (turn OFF the trace)

To debug on AP side:

AP level : (check the client connected AP and run the trace on the AP)

Conn ap  

ap X> trace on 
Real-time trace display enabled for severity >= 0. 

Once the issue is captured turn it OFF. 

ap X> trace off 
Real-time trace display disabled. 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s