June 23, 2006

Zero Configuration Networking with Linux

Author: Peter Enseleit

Zero Configuration Networking (Zeroconf) is a standard method of establishing communications between computers and allowing them to advertise and access each others' resources. It is designed to ease some of the complexities involved in computer networking -- in fact, it is designed to remove them altogether, by requiring no user configuration at all. Zeroconf is generally intended for use with small ad-hoc networks such as those typically found in a home environment. With Zeroconf, users should be able to plug two computers together with a crossover cable and instantly be able to access services hosted by one computer on the other, and vice versa.

Zero Configuration Networking consists of three elements:

Network layer address assignment

The network interface on your computer needs a network address in order to communicate with other computers. Zeroconf uses the Internet Protocol (IP), so it needs to assign an IP address as the network address. A Zeroconf-enabled computer will not usually assign an IP address automatically if one already exists for that computer. However, if no IP address is configured, a link-local IP address is automatically allocated from within the IP address range prefixed by 169.254. Two Linux programs for achieving this result are zeroconf and zcip.

Translation between network names and network addresses

Computers need to know a remote computer's network address to be able to communicate with it, just like a postman needs a street address to deliver mail to. On most networks, when a request is made from your computer to talk to another computer using a human-readable network name, such as biffo.com, the first thing that happens is that the human-readable name is translated into a network address, usually by querying a server hosting a Domain Name Service (DNS), which responds with the network address of the network name given. If you don't have a DNS server at your disposal, you still need to translate a network name into a network address some other way.

Zeroconf's solution is to use Multicast DNS. Computers on Zeroconf networks configured with link-local IP addresses, as described above, are assigned to the Multicast DNS domain .local. Therefore, if a computer's host name is biffo and it is on a Zeroconf network configured with a link-local address, its fully qualified domain name is biffo.local. Multicast DNS translates biffo.local to the computer's IP address.

Nss-mdns, in association with a Multicast DNS responder daemon such as Avahi or Apple's mDNSResponder, can take care of this name to address translation in a Linux Zeroconf network.

Location or discovery of services by name and protocol

A network of computers is useless if the computers have nothing they can share. The way that computers share information or data is usually by making a service available to other computers. Zeroconf uses something called DNS Service Discovery to "discover" what services a computer has made available to other computers. Avahi and mDNSResponder are two implementations of DNS Service Discovery that both discover and advertise services.

Apple's Rendezvous, now renamed to Bonjour, is the most advanced implementation of Zeroconf to date, but Mac OS X isn't the only OS that can use Zeroconf. With all three of the above elements installed and working, Zero Configuration Networking becomes a reality for a Linux system as well.

Installation

There are two main implementations of Zeroconf in Linux distributions. KDE by default uses mDNSResponder and kdnssd (part of kdelibs). It usually ships with the zeroconf:/ ioslave module for Konqueror, which enables Konqueror to browse for Zeroconf Services. SUSE uses this implementation.

GNOME seems to be tending towards the use of Avahi and libnss-mdns. Ubuntu uses this implementation.

If you have installed a distribution with either of these implementations, you may already have Zeroconf working on your machine. Otherwise, the required packages are probably easily accessible in software repositories

Some Linux distributions have issues with Apple's license, so they prefer the LGPL-licensed Avahi over mDNSResponder.

For Zero Configuration Networking with Avahi you need to install the packages for avahi,
zeroconf, and nss-mdns. Another useful package is the service-discovery-applet.

You next need to add mdns to the hosts line in /etc/nsswitch.conf:

hosts:     mdns dns

You may also need to allow UDP traffic from and to port 5353 in your firewall. If you use Firestarter for your firewall, you may have to turn it off, or follow the instructions supplied here, to make it work with Zeroconf. You may also have to modify your firewall to allow access to some of the Zeroconf advertised services.

Once Zeroconf is installed, applications should be able to take advantage of service advertising and discovery through Avahi. If an application has not implemented Zeroconf integration, you can still configure it to advertise its service with Avahi by creating an XML-based *.service file in /etc/avahi/services/, which specifies the service available and some details about it. Other Zeroconf enabled computers will then be able to discover this service. See the Avahi documentation for details.

Using applications over a Zeroconf network

Once you have a working Zeroconf network, you should be able to use most normal network services, such as Web servers and FTP servers. You should also be able to use the Zeroconf-enabled services of programs that have been specifically written to take advantage of Zeroconf service advertising and discovery, including those that make use of Avahi. These include Rhythmbox and Banshee, which can share music over a network using the Digital Audio Access Protocol (DAAP). With Rhythmbox and Banshee you can share music with and play music from instances of Rhythmbox, Banshee, and iTunes on other computers.

The Epiphany Web Browser can find bookmarks shared over the local network, with, for instance, the program avahi-bookmarks.

Ekiga, previously known as GnomeMeeting, allows you to discover other Ekiga users on your local network through the Ekiga address book and call them directly.

GShare allows users to setup a shared folder on their local computer. Once set up, this shared folder can be accessed through the file browsers Nautilus (Go -> Network -> 'network:///'), and Konqueror (Network Folders -> Network Services -> 'zeroconf:/') as a WebDAV file share. Konqueror also allows for simple discovery of some other Zeroconf services and Zeroconf-enabled KDE applications.

Avahi Discover allows you to view details of services advertised on a Zeroconf network, and to manually connect to them using the information it supplies. You can also discover services advertised on Apple Mac OS X computers and other Zeroconf-enabled Linux computers with the Zeroconf Service Discovery applet for GNOME. With this applet you can select a Zeroconf service and, in some instances, click on it to launch an associated application -- for example VNC shared Remote Desktops, which allow you to view and optionally control a remote computer's desktop.

Security considerations

Easy networking does not necessarily mean secure networking. Using Zeroconf automatic IP address configuration may allow computers on a network to become targets of attack, since these computers may not have otherwise been configured with a network address. Such attacks may include a malicious computer spoofing the identity of a legitimate computer and having network traffic redirected to it. An attacking computer could cause a legitimate computer to break its network connection, or cause it to be configured only with certain addresses or never actually obtain an IP address.

Malicious computers posing as legitimate computers may provide avenues through which various attacks upon a computer may be launched. For instance, a malicious computer may advertise a Zeroconf-enabled Apache Web server, which, when navigated to, could capture username and password information.

Before deploying a Zeroconf network you should investigate the security implications that may be involved and, where possible, take precautions to avoid potential problems.

Conclusion

Is Linux capable of realizing the potential of Zero Configuration Networking? The short answer is yes. It already has the required infrastructure in place, and many applications are already using Zeroconf to both advertise and discover services. There is still plenty of room for improvement, though. Automatic discovery of printers,for instance, is one area where Zeroconf integration would be much appreciated by users.

With the rapid pace of development in the open source community, the number of applications incorporating Zero Configuration Networking features is likely to grow, and the future of Zero Configuration Networking in Linux looks bright.

Additional links

IETF Zeroconf Charter
RFC 3927 Dynamic Configuration of IPv4 Link-Local Addresses
Draft paper discussing Multicast DNS
Draft paper discussing DNS-Based Service Discovery
Zeroconf entry in Wikipedia
Zeroconf in KDE

Click Here!