OIT filters CUPS (Common UNIX Printing System) broadcast traffic on the wireless networks operated by OIT. We do so because such traffic can contribute to degraded wireless network service, while being unnecessary for the wireless network functionality OIT supports.
CUPS (Common UNIX Printing System) is a printing system used by a variety of UNIX-like operating systems.
CUPS supports a number of network printing protocols, include AppSocket (JetDirect), Internet Printing Protocol (IPP), and Line Printer Daemon (LPD). These protocols do not require the use of broadcast traffic. However, one of CUPS' features allows printers and print servers to announce their services to the network via periodic broadcast messages. (These announcements are sent to UDP port 631. Note that TCP port 631 is the port normally used by the Internet Printing Protocol (IPP).) Other CUPS clients on the same IP subnet as the CUPS server may listen to these broadcast CUPS announcements to learn about those print services and make those print services available to the local CUPS client. This may allow the local CUPS client to use those networked CUPS services without need for the user to first configure the client to know about the networked CUPS services.
These broadcast CUPS announcements are not strictly required for printing functionality with CUPS. These announcements can make it convenient to discover CUPS printers and print servers on the same IP network as the client, simplifying print queue setup on the CUPS client. But even in the absence of these CUPS announcements, it is still possible to configure a CUPS client to use a network-attached printer or print server by specifying the printer's DNS hostname and other information. In fact, that's normally required to configure the CUPS client to use any printer or print server attached to a network other than the same network to which the CUPS client is presently attached.
As the number of CUPS servers on a network grows, the volume of these periodic broadcast messages also grows. Each CUPS server sends a separate announcement for each print queue it offers to the network.
Broadcast traffic is a vital part of the network; its existance is not inherently bad. However, as the volume of broadcast traffic grows network service can degrade. Wireless networks are especially sensitive to the effect of broadcast (and multicast) traffic. While the volume of CUPS broadcast traffic is not overwhelming, on our wireless networks it is high enough to contribute to degraded service.
Because CUPS broadcast traffic contributes to degraded wireless service, and because this traffic is not strictly necessary to allow wireless-attached clients to print to network printers, OIT filters the CUPS broadcast traffic. Measurements taken shortly before this filter was installed showed that CUPS broadcast traffic amounted to 10-12% of the broadcast and multicast traffic on our primary wireless network.
It is true that this filter prevents wireless CUPS clients from browsing to discover wireless CUPS printers and wireless workstations acting as print servers. However, the wireless networks provided by OIT are intended for use by workstations and other devices acting as clients. These wireless nework are not intended as an appropriate way to attach servers; that includes printers and print servers. Such servers are best attached via OIT Ethernet Service. A device (such as a printer or print server) attached via OIT Ethernet Service may be assigned a static DNS hostname and IP address; CUPS clients (both wireless and wired) can be configured to print to such printers and print servers without the need to discover the servers via announcement broadcasts.
OIT began filtering CUPS broadcast traffic in February 2011.
IPv4 traffic destined to UDP port 631 is discarded by the filter if the traffic is destined to the IPv4 subnet-directed broadcast address or to the IPv4 limited broadcast address.
The filter is applied at the edge of the wireless services provided by OIT. It applies to traffic sent by a wireless client as that traffic arrives at the wireless access point or the wireless controller. This filters the traffic before it would be flooded to other clients, even if those clients are on the same leg of the network, or behind the same wireless access point.
The traffic is also filtered at the campus network's core Ethernet switches; all buildings (or groups of buildings) are attached to these core switches. It's installed in such a way as to apply only to those networks supporting wireless services provided by OIT. This causes the filter to apply to traffic (for our wireless networks) as that traffic passes through the campus core on its way from one leg of the network to another. (In some cases, multiple buildings share a single connection to the campus core.)
We do not filter unicast traffic destined to UDP (or TCP) port 631. Unicast traffic to TCP port 631 is used by the Internet Printing Protocol (IPP).