udpbroadcastrelay vs mcast-bridge vs mdns-bridge
-
@dennypage Sorry to bother you. I saw on https://redmine.pfsense.org/issues/16533 that you've created a new
mcast-bridgepackage (PR#1428) aimed at replacingudpbroadcastrelay.I don't use
udpbroadcastrelay, but I do use your excellentmdns-bridge. I checked the docs at https://docs.netgate.com/pfsense/en/latest/packages/udpbroadcastrelay.html and it seems that there is some overlap in the functions of these packages?If you have a few minutes I would love to know whether it makes sense to have both mdns-bridge and mcast-bridge installed, and if not, when you might choose one over the other.
Thank you
-
@luckman212 Some of this is already answered here, but I'll expound a bit...
First and foremost, udpbroadcastrelay is an very poor choice for forwarding mDNS information. It forwards mDNS packets blindly, without any validation or understanding of the content. Failure to understand the content means no filtering ability and implies forwarding of data that is invalid outside of the originating subnet such as link local addresses (169.254.0.0/16 and fe80::/10). Failure to validate the incoming packets brings obvious risk if the packets may originate from untrusted network segments.
Multicast Bridge is not actually capable of forwarding mDNS packets, as it does not allow configuration of link local multicast addresses (224.0.0.0/24 and ff02::/16) which are considered to be non routable. Packets from the link local multicast address space should never be blindly forwarded, and any forwarding of information should be data aware (like mDNS Bridge). Even if Multicast Bridge did allow forwarding of link local multicast addresses, all the reasons that make udpbroadcastrelay a poor choice for mDNS would apply because Multicast Bridge is not data aware.
Multicast Bridge is designed for bridging of generic UDP data such as messaging, or audio and video streaming.
Multicast Bridge is a good alternative to pimd if the sources and sinks are in attached networks. Compared to pimd, it offers the following benefits:
- Support for IPv6.
- Proper querier support (pimd can only act as a querier on its own configured addresses).
- Smaller and simpler code, offering easier inspection/validation.
Multicast Bridge is a good alternative to udpbroadcastrelay for multicast data (Multicast Bridge does not handle broadcast). Compared to udpbroadcastrelay, it offers the following benefits:
- Support for IPv6.
- Dynamic interest (IGMP/MLD) support.
- Awareness of link-local scope multicast addresses which should not be forwarded.
If you are interested to see the package for Multicast Bridge, you can find it here. I've also included a couple of pics below.
Hopefully this helps clarify things.
-
Thanks Denny. Very informative as always! In the end, after reading both, I believe I do not have a need for mcast bridge. mdns-bridge continues to work great for my fairly simple needs. Still I greatly appreciate the fact that you continue to contribute such excellent tools to the project.
I'm reminded of xkcd 2347...
-
@luckman212 said in udpbroadcastrelay vs mcast-bridge vs mdns-bridge:
I'm reminded of xkcd 2347...
LOL! Closer than you know... I used to be one of those random maintainers in Nebraska. There were actually a handful of us, but we all escaped the state before 2003.
