[X4U] Bonjour too chatty?

[David Ledger]

At 16:48 -0600 3/2/11, Joe Sporleder wrote:
>
<snip for size>
I recent incident with a dying Linksys router - my colleague claims 
that Bonjour's excessive chattiness exposed the problem with the old 
router - it caused the old router to "bleed" bonjour traffic onto our 
ISP's network (the radio station is using a wireless WiMAX setup for 
Internet access).
>
>He also says that Bonjour is way too chatty and causes management 
>and performance headaches, especially on larger networks like one 
>might find at a college campus. Is his beef with Bonjour legitimate? 
>He claims it is hard to turn off because it is so ambiguous with a 
>lot of Apple's software (like iTunes), and printers that support 
>Bonjour networking.
>
>Here is a snippet of an email message he sent:
>************************************************************************
>I am very frustrated with Apple right now, to the point of being 
>pissed off.  The ³Bonjour² service is just one of many things that 
>upsets me with Apple.  We have had to go so far as to put all of our 
>printers on a separate network, so the Apples won¹t be able to print 
>to unauthorized printers.  This of course means that instead of 5 
>seconds, it now takes anywhere from 1 to 4 minutes to send a 2 page 
>document to my printer, since it has to go through a network 
>authorization process now.  We had people ³being funny²Š and sending 
>obscene images to printers in the library and the chapel, with no 
>way to trace who did it, since ³Bonjour² happily set it up to print 
>directly to the networked printers, rather than through the print 
>server.  We also had unauthorized people print to our expensive 
>large-format color printer, making ³Free² posters for personal use. 
>We also are under federal mandate to do everything possible stop 
>file sharing of copyrighted materials, which is damn near impossible 
>when every copy of iTunes on the block will happily search for, 
>find, and offer to copy any music, movie, or photo files it finds 
>anywhere on campus.
>
>I also have Macs that we use for video editors with Final Cut Pro. 
>That is ALL they are supposed to do, but Apple will no longer allow 
>me to permanently remove any of their ³Features² like iTunes, 
>iPhoto, Safari, Garage Band, and several other crap applications 
>that I do not need or want on these machines.  I had the old Macs 
>set up how I wanted them, but on the new ones, when I delete 
>features and applications, they are put back on EVERY update.  Even 
>when I delete them as administrator, they are downloaded and 
>reinstalled every time a new user logs in. Apple insists this is 
>necessary to maintain their ³Mac User Experience².  I think it is 
>crap, and I don¹t want a ³user experience², I want an appliance that 
>edits video.
>**************************************************************************
>
>As you can tell, this "colleague" comes from mostly a Windows world.

One client of mine, back in the days of 10Mb/s Ethernet, refused to 
have Macs on the network because of the chattyness of AppleTalk (over 
Ethernet). You can't have zero-config systems that are reasonably 
responsive to change without extra chattyness. If you're using 
100Mb/s or faster networks I'd be surprised if that chattyness is 
causing network traffic problems unless you have hundreds of Macs. 
I'm sure they have a lot of Bonjour using Macs at Infinite Loop.

Your colleague seems to be using a sledgehammer to crack hit printer 
security nut. Bonjour can only find devices and services which 
publish their availability to a Multicast DNS responder (MDNS). He 
just has to turn that off at each printer.

<http://support.apple.com/kb/ts1629> says that Bonjour access to MDNS 
is via UDP to port 5353. Filtering out port 5353 at the router where 
he has his authorisation would also work.

Also see:
<http://developer.apple.com/library/mac/#documentation/Cocoa/Conceptual/NetServices/Articles/NetServicesArchitecture.html>.


He also doesn't seem to know, or maybe would rather misunderstand, 
about Macs. He says that iTunes, iPhoto, Safari and Garage Band are 
automatically re-installed if he deletes them. He says that they are 
re-installed when a new user logs in. This would imply to me that 
they are being re-installed in the user's own Applications folder. 
Possibly by the user because they want them. I have never tried 
deleting any of these apps, so I can't say if re-installation 
happens. We can be sure that it doesn't happen with Garage Band as 
this is part of iLife which is a paid-for product. Apple isn't going 
to ensure everyone has a copy of a paid-for product for free. My 
10.6.5 iMac has all of iLife licensed and installed, except for 
Garage Band; and it's never been auto-installed.

David


-- 
David Ledger - Freelance Unix Sysadmin in the UK.
HP-UX specialist of hpUG technical user group (www.hpug.org.uk)
david.ledger at ivdcs.co.uk
www.ivdcs.co.uk