IPhones Flooding Wireless LAN At Duke

coondoggie sends us to a Network World story, as is his wont, about network problems at Duke University in Durham, N.C. that seem to be related to the iPhone. "The Wi-Fi connection on Apple's recently released iPhone seems to be the source of a big headache for network administrators at Duke. The built-in 802.11b/g adapters on several iPhones periodically flood sections of the school's wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time. Campus network staff are talking with Cisco, the main WLAN provider, and have opened a help-desk ticket with Apple. But so far, the precise cause of the problem remains unknown. 'Because of the time of year for us, it's not a severe problem,' says Kevin Miller, assistant director, communications infrastructure, with Duke's Office of Information Technology. 'But from late August through May, our wireless net is critical. My concern is how many students will be coming back in August with iPhones? It's a pretty big annoyance, right now, with 20-30 access points signaling they're down, and then coming back up a few minutes later. But in late August, this would be devastating.'" So far, the communication with Apple has been "one-way."

sigh

[bucky0]

coondoggie sends us to a Network World story, as is his wont,

At least the editors admit that coondoggie is filling the queue up with network world stories. Maybe they'll do something about it at some point

Critical?

[DogDude]

But from late August through May, our wireless net is critical.

Wireless? Critical? Dumb.

Re:Critical?

[gravos]

Mod parent up. My university has gone to all-wireless too, and it's completely retarded because it's so unreliable. **A MICROWAVE OVEN IN THE KITCHEN KNOCKS EVERYONE OFF THE NETWORK**, for christ's sake, and that's to say nothing of intentional disruption.

Re:Critical?

[Tuoqui]

Yes it is dumb. Run some cable and leave the wireless for students with laptops and shit. Cables are the best method for mission critical things anyways.

Ofcourse, if they are using it for everything even desktop computers in labs... It could very easily be that a few iPhones can bring down APs but that would be a colossally stupid idea to begin with and any network designer approving such a plan should be shot.

Re:Critical?

[snowraver1]

Pretty sure the point was that one should have a wired network that is critical, and a wireless network just for fun.

I agree 100% Wireless is nowhere near as reliable as wired.

Re:Critical?

[PCM2]

Yes it is dumb. Run some cable and leave the wireless for students with laptops and shit. Cables are the best method for mission critical things anyways.

Yeah. Unless you're a university, and your "mission critical things" (remember the definition of "mission"?) include things like ... ohhh, I dunno ... students with laptops and shit?

Re:Critical?

[Nasarius]

Why not? The most difficult exams I've had were of the take-home variety.

Re:Critical?

I've been in a number of classes where tests are administered over the WLAN using Blackboard (burn BB to hell!). If a WLAN AP goes down, and that's during a test, you've got the grades - and unhappiness - of 40+ people/class on your head. I'm sorry but that's completely unacceptable. This entire idea is completely stupid. Perhaps it might be a function of the subject matter but honestly, I would find this to waste my time. Engineering (my background) should not be administered on a laptop. Like you said: if a WAP tanks during a test, all of you are borked. What happened to good old pencil and paper? Is that not practical anymore?

So yes. Wireless is critical at Duke. It never should be. Ever. If I choose to take a test on my laptop, that's one thing. But if I'm paying to be there, it better be my choice. It doesn't matter if it's easier on the graders to use technology. I'm paying them to administer exams. The least they could do is put in some effort.

Bet you 10 to 1...

[g-san]

...it's their network. Why are we only hearing about it here? They probably have a loop in their network or some kind of ARP forwarding active they don't understand. You would think something like this would get caught early on in testing with the iPhone, this kind of problem tends to stand out. I also doubt the iPhone has enough horsepower to pump out 10Mbps of ARP requests, sounds like a networking device is sourcing these packets.

MAC address REQUEST?

I'm sorry, but there's something a little OFF here. No wireless hardware requests a MAC address. It may use MAC to authenticate to a table, but it goes for a DHCP lease.

Slashdot...sigh...

So you're telling me

[caller9]

I can take out a cisco WLAN controller with thin APs and aironet APs with an arp flood for a non-existent IP. Are they even in the same subnet? Is the whole wifi network from one building to another layer2? Or is the problem arising because it is actually layer3 from building to building and the APN name doesn't change.

Judging by the statement that they can exhibit the behavior after being handed from one access point to another kind of nullifies the theory that they may be trying to re associate with the users home network. They're trying to get back to the old AP, which arping wont do because it's on a different VLAN.

Mystery solved, now what can cisco do about it. I don't really care that it's an iPhone bug. I just think its one more DoS vector to patch up. Maybe de-associate the phone and drop traffic until it acts right? Set a threshold or something? You might still have a source of noise, hopefully it would realize it was dropped though. No link layer, no arp right?

Well tested

Not to mention that there are several hundred wireless access points on the Apple campus, and several hundred (possibly thousands) of iPhones on the same campus. You'd have thought that any inherent problem with the phone and networking would have been caught, isolated, patched, and distributed by now...

I'd lay odds there's something screwed with their network...

Re:Well tested

[statusbar]

Yeah, but the wireless access points at the Apple Campus are probably Airport Extreme base stations. Perhaps that is why it works there...

jeffk

Re:Well tested

[rob1980]

You would have thought, but what happens on paper and what happens in the real world are often two entirely different things. It all goes back to how many possible different configurations you can test for in a laboratory before you let something go loose in the wild.

Re:Well tested

[MidnightBrewer]

If you RTFA, you'll see that the iPhones were activated off-campus and were trying to access a non-existent IP, most likely related to the first IP that the iPhone came into contact with after being activated. Whenever the iPhone lost connectivity on campus, it would try to seek out that original IP upon re-establishing a connection. In the case of Apple testing on their own campus, the phones were most likely activated at Apple and stayed the majority of the time at Apple - thus the problem never had a chance to crop up. Bizarre behavior, but bugs will happen.

Re:Well tested

Since IE is the dominant browser (and has been for the quite a while), I'd say they go out of their way to make it work for Firefox , opera , etc.
Websites are developed for browser being used to most by their visitors. Unless theres been some change in the laws of common sense..

Re:Well tested

[domc]

You might think that is the case, but it is not. Firefox, being standards compliant, is very easy to develop for. Much of the work is in working around IE bugs and general weirdness.

Dom

Re:Interesting problem

[beheaderaswp]

What I want to know is what is a "MAC address request". I've never seen one. I've seen DHCP requests, ARP requests, even AARP requests- but not a MAC address request.

I didn't know MAC addresses were assigned dynamically.

But I'm over 40- what do I know?

Re:Taking out Cisco Router with ARP Floods?

[technormality]

18,000 arp requests a second? Smells like a spanning tree loop to me. Thats where I would start looking. Could be a single AP bridging the same vlan with spanning tree disabled. Anyone roaming into into its range could cause havoc.

What's the big deal?

[PCM2]

So, who cares? So he submits stories from Network World. He probably works for Network World. Does that fact alone make the story less valuable or interesting? If someone else had submitted the same story, it would be OK then? Slashdot has editors and a moderation system. There's nothing inherently deceptive in submitting your company's (or your own) stories.

Re:Economic class and higher education

[arminw]

.........but why should tuition be a barrier for anyone in a society as wealthy as ours?.......

You are a fountain of ignorance, at least concerning your diatribe against Duke. Instead of being wealthy and pay tuition, you can also simply be smart and hard working. My daughter just graduated from Duke, from which she had gotten a full scholarship. Without that, there would have been no way she could have afforded to study there. Many Colleges and Universities give scholarships to exceptional young people who do NOT come from wealthy homes. Most likely, someone like you wouldn't get such a scholarship, especially in view of your ignorant rant.

Re:Apple DHCP client

[GizmoToy]

Shouldn't the DHCP server be able to gracefully accept declines? It seems to me that getting a lease declined and then marking it unusable is a very poor implementation in the first place.

Re:Most likely a Cisco bug - firmware upgrade need

In reality, it seems that your router tends to substitute its own MAC address for non-local ARP entries (since all non-local packets go through the router, you really don't have to know what the real MAC address is)

Say what? The last time I saw something equally screwy it was a Cisco LightStream 1010 (ATM switch) running LANE (LAN Emulation) that played no part in layer 3 at all, yet it was still building up an ARP table of every IP datagram that flowed through it (and wondered why it kept running out of memory).

If you send out an ARP for an "unknown address", you'll get no response - it's not up to the router to respond on behalf of "non-local packets", it's up to the client to determine that the destination is non-local (by using the network and mask together) then picking a suitable gateway (usually default) for sending the packet on its way.

Therefore, the client already knows it needs to send the non-local/unknown-addressed packet through the router so it explicitly ARPs for the router's MAC address (if not already cached) - nothing to do with trying to get the MAC of the remote destination.

Re:The just in

[CrazyTalk]

The Real WTF is - wireless at Starbucks isn't free, you have to pay through T-Mobile.

Re:Most likely a Cisco bug - firmware upgrade need

...it is most likely ARP traffic. I'd bet some piece of the WLAN infrastructure at Duke is doing UNICAST instead of MULTICAST, and the resultant flood...

ARP is broadcast (not unicast nor multicast, unlike say, EIGRP which does use multicast); "floods" tend to be caused by broadcast (if from a single source - unicast if from multiple sources).

Re:Wrong problem

[gravesb]

I'm going to guess the one who has to work to put himself through school, because he realizes the cost of the education, and is more willing to dedicate himself to it. The rich kid who has his school handed to him generally looks at the education as a given, and doesn't put in the effort. In both my undergraduate and graduate studies, that was often the case. Of course, there are rich, smart, dedicated students, but your assertion that the rich kids who don't have to work do better in school has been very false in my experience.

Re:Economic class and higher education

[jrminter]

>> First, it's entirely possible to go to a perfectly respectable in-state school for just a few grand a year.

Where have you been living? I have financed the education of two children who were good students and went to good state schools (U of Oklahoma, and University of Buffalo.) Both approach $15K per year with tuition, room, board, and books. That is more that "a few thousand."

Back in the dark ages before the flood when I went to Florida State (B.S. 1977) and UMass (Ph.D. 1982) I could attend a good state school for about $2.5K. I could earn about 1/3 to 1/2 of that in a summer. Today's students can't do that anymore. I would also point out that much financial aid these days is in the form of loans. It is easy for a student at a state university to finish an undergraduate education with $50K in debt. An education at a private U can leave a debt load at least 2X...

Sounds plausible but what about Laptops?

[goombah99]

Okay if this is really the case, no DHCP network, then why does this same thing not happen when Laptops looking for DHCP addresses come in range of duke? For example, I would imagine that whenever there's a conference or perhaps when the student show up in september that all the laptops on campus are set to hunt for DHCP by default (since that's how one usually sets up wireless networks). Seems like you'd have the same sort of storm.

Re:Sounds plausible but what about Laptops?

[ronanbear]

Movement. Laptops are often off when they move and most people carry them very slowly if they're off. An iPhone can move around the campus a lot faster and will try to connect to every access point along the way. In colleges a lot of movement is at exactly the same time i.e. lunch and between classes. During these times a large number of devices could move from one node to another. The network might have trouble keeping up with all the movement of devices into and out of it.

Re:So when you

[SatanicPuppy]

Answer: Yes

Cisco has it's moments, but IMHO they're not remotely worth the premium you pay. Go with HP; they sell the same level of hardware and offer the same level of support, but it costs a hell of a lot less, and since it costs so much less you can get the hardware you actually need rather than just what you have to settle for because your budget doesn't swing more than one 10,000 dollar PIX.

Add to that the byzantine configurations, and it's easy for a non-gifted engineer to make pretty big mistakes.