Hi folks, I have a question about the RAAT discovery protocol that Roon Servers use to discover available Outputs and how that differs between Bridge and Ready Outputs.
My network is segmented into different VLANs for security. My ambition is to have all IoT devices (incl Roon Server and Roon Outputs) on an IoT VLAN and all personal computing devices (incl all Roon Controls) on the Default. All connections from Default to IoT are allowed but only established/related connections are allowed from IoT to Default. After a lot of trial and error and sniffing around with Wireshark I have arrived at configurations where Roon works perfectly and ones where UPnP works perfectly. What I am trying to do is find one where both work flawlessly with as few security compromises as possible.
The closest I have come is to have my Roon Server on the Default VLAN but all the Outputs on the IoT VLAN. The controls can all see the Server and the Server can see the Roon Bridge Outputs (in my Case RPis running DietPi) but not the Roon Ready dCS Vivaldi Upsampler. All three are attached to wired ports tagged identically and subject to identical firewall rules.
Would be really grateful if somebody could point me at some documentation on the difference between the RAAT discovery flow for Bridge vs Ready Outputs which would help me understand which ports I need to open to make the Vivaldi streamable.
You may need to setup a multicast reflector for it to work. Not sure why it got moved here though, such topics belong to Tinkering AFAIK. There you might also find previous discussions and examples.
There isn’t any docs widely available to my knowledge as they don’t support this model your on your own they only support a flat network structure. Ports used are not fixed they are variable I believe and it uses multicast for discovery of RAAT which is via UDP. Roon does not support having server on one vlan and devices to playback on another. Some have had success using UDP Proxy of some sort. If you search on there you will find a lot of similar threads one might have more info on the ports. But this is what Roon designate as tinkering and you won’t get any official support.
Blackjack is correct. This does belong in Tinkering and I have moved it there.
Roon is not supported in the environment you are trying to setup. The best option is to be in Tinkering where other users who may have tried (and succeeded) in a VLAN environment might comment. Also, this would be the sub forum to search to see if your questions or help might already exist as a previous post.
Thanks for the all the replies folks! I will read all the links and give this a new try over the weekend.
I really thought RAAT was documented and I had just somehow missed it. Disappointed to learn that it is all so secret squirrel. Anyway, I will take the steps I think are necessary to secure my network with or without Roon’s support.
Shouldn’t be too hard to figure out, I just assumed others already had.
RAAT itself is irrelevant to the issues you face, it’s just a particular data protocol on top of TCP/IP streams. What’s relevant is the UDP-multicast-based endpoint discovery process, which is restricted to a single subnet.
Thanks Fernando, I consider discovery as part of the protocol but that’s just semantics.
If it were as simple as you suggest then surely discovery of Bridge and Ready Outputs would work identically, and yet that’s not what I am seeing. I am wondering if anyone out there has figured out the difference.