IP Subnets / VLANs / Network Segmentation

I can't seem to find any details on how communication really happens in homekit, is there a session diagram somewhere? I would like to create an app, but want to undestand this question.


I have configured my home/testing lab with several networks/subnets on VLANs, and my Homekit devices are in my internet-of-things (IOT), and segmented for security reasons into their own network. I have created firewall rules to allow my computers and iOS devices/Homekit Hubs to initiate IP sessions through to the IOT network, but disallow (new) connections from IOT to the other VLANs. I also have mDNS reflection configured to rebroadcast across the VLAN boundaries.


This appears to mostly work, but occasionally have accessories go "Unresponsive" and can't tell if that's because they truly need to be able to initiate a IP conversation/session or if their WiFi connection is just unreliable as many Accessories seem to do just fine.


So, can anyone answer:

Do all Sessions initiate from the iPad/iPhone/HomePod/AppleTV, or do the Accessories need be able to initiate? If so, I'll have to move them out of the IOT network, but I was really hoping to avoid that.


Thanks for any pointers!

Brett

Ah! I have the same questions and was hoping someone would have answered.

IP Subnets / VLANs / Network Segmentation
 
 
Q