About
El Blog!, Touppi's Super Eleet Blog.
Tuomas Toivonen
Subscribe
Subscribe to a syndicated feed of my weblog,
brought to you by the wonders of RSS.
Flavours
There's more than one way to view this weblog; try these flavours on
for size.
Links
These are a few of my favourite links.
Sun, 25 Mar 2007
Apple Bonjour, multicast DNS (MDNS) and BitTorrent
Amusing problems I've been having with my Internet service at home. I am subscribed with Welho, a local cable operator. Their Internet service is nothing special but having to wait over a month for DSL activation has always been two much for me. So when I returned from Damascus last year I decided to reinstate my service with Welho.
However, for the past couple of weeks performance has been terrible. A constant flow of over half a megabit per second has been coming in over the link. Some sniffing revealed that the traffic is multicast DNS, i.e. UDP traffic to port 5535 and multicast destination 224.0.0.251. Further debugging revealed that almost all of the traffic was DNS requests and responses for IN PTR _bittorrent_.tcp.local. Nice.
Apparently there are BitTorrent implementations that use multicasting and specifically the MDNS service to solicit tracker information. Despite quite a lot of googling I haven't found a specification for such a protovols nor details of which BitTorrent implementations use it.
Having found the source of the unwanted traffic I was still at a loss whether there was anything I could do to avoid it. I am not using BitTorrent (well, not at the moment, that is) so I wasn't exactly soliciting the traffic. Turns out that MDNS is what Apple's Bonjour (think iTunes sharing, for example) uses internally. Some experimenting revealed that whenever I switched on the WLAN on my Mac, an IGMP membership report was sent. In effect, the Mac announced that, yes, please, bring on all that MDNS traffic. Welho's network supports multicasting and I was also receiving an IGMP group membership query every two minutes. Disconnecting the Mac sniffing traffic with a Linux showed that after a few (unanswered) group membership queries the nexthop upstream router concluded membership as expired and the flood of BitTorrent MDNS ceased. Positively, roundtrip times to a host I was accessing over SSH dropped to under ten ms from an average of roughly 400 ms.
Finally, I decided to do away with Bonjour by disabling the mDNSResponder on my Mac. The launchctl command was helpful: "sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist". Now the IGMP queries go unanswered and no membership reports for MDNS are sent.
Moral of the story? Macs (or OSX) are nice and all, but too chatty for my tastes. With Linux I usually know what is going on, but the Mac just keeps talking behind your back (with the best of intentions to be sure, but still a bad idea). On the other hand, the BitTorrent over MDNS is clearly using a protocol for something it really wasn't intended to. And Welho doesn't escape blameless either. Bridging users to a /21 Ethernet segment allows MDNS to spread far too wide. The specification limits MDNS scope to link local, but it doesn't operate well in a /21 segment where the users are not on a LAN (as customarily understood).
Addendum: A note on a few interesting tools I used in debugging the problem. Debian package "mdns-scan" was interesting in scanning the /21 for services with MDNS. Running mdns-scan sends an "igmp v2 report" announcing membership in 224.0.0.251. Of course, the result was a flood of BitTorrent junk. Killing mdns-scan sends an appropriate "igmp leave" but it seems to take something like five minutes before the flood recedes. Another interesting Debian package: nemesis. With IGMP module of Nemesis it was easy to create IGMP report and leave messages from the command line. An IGMP report to announce membership and receive MDNS: "nemesis igmp -v -p 22 -i 224.0.0.251 -S 62.78.216.12 -D 224.0.0.251". A corresping IGMP leave is accomplished with: "nemesis igmp -v -p 23 -i 224.0.0.251 -S 62.78.216.12 -D 224.0.0.1". The -S switch specifies the source host address and should be modified.
Fri, 02 Feb 2007Funny dream I had yesterday night. In the dream, I was at the Cable Factory, at our office. There were some other people as well. We were discussing the new rules issued by the building management. According to the rules it was not allowed anymore to have mattresses at office facilities. We understood that the rule was enacted to discourage people from sleeping at their offices, something that I imagine happens around here somewhat regularly here, what with all the artistic types. But in the dream our core concern was trying to classify the US Army issue field beds that we have. Would they be considered as mattresses or not?
Might as well have banned sleeping at offices. It closing on five in the morning at the moment and I am still here, at the office (wasn't here yesterday though when I had the dream). With ramen noodles and yerba mate. Its snowing, but sparsely. Quite pretty actually. Surprisingly light out there, sort of yellowish fog. Listening to Songs: Ohia's "The Magnolia Electric Co". Very peaceful. A bit cold here but it always is during the night.
It's been already three weeks since we returned from Lebanon. Should take some time next weekend and sort through the pictures. And write a travel diary of sorts. It was a good trip. We got out in good time before the general strike and the clashes that followed. But time to sleep.