Slashdot Mirror

← Back to Stories (view on slashdot.org)

IPhones Flooding Wireless LAN At Duke

Posted by kdawson on from the arp-storm dept.

coondoggie sends us to a Network World story, as is his wont, about network problems at Duke University in Durham, N.C. that seem to be related to the iPhone. "The Wi-Fi connection on Apple's recently released iPhone seems to be the source of a big headache for network administrators at Duke. The built-in 802.11b/g adapters on several iPhones periodically flood sections of the school's wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time. Campus network staff are talking with Cisco, the main WLAN provider, and have opened a help-desk ticket with Apple. But so far, the precise cause of the problem remains unknown. 'Because of the time of year for us, it's not a severe problem,' says Kevin Miller, assistant director, communications infrastructure, with Duke's Office of Information Technology. 'But from late August through May, our wireless net is critical. My concern is how many students will be coming back in August with iPhones? It's a pretty big annoyance, right now, with 20-30 access points signaling they're down, and then coming back up a few minutes later. But in late August, this would be devastating.'" So far, the communication with Apple has been "one-way."

18 of 441 comments (clear)

  1. Re:Interesting problem by Icarus1919 · · Score: 5, Funny

    That's preposterous. Summer is when teachers return to their coffins to rest. Who would the students learn from?

  2. Bet you 10 to 1... by g-san · · Score: 5, Insightful

    ...it's their network. Why are we only hearing about it here? They probably have a loop in their network or some kind of ARP forwarding active they don't understand. You would think something like this would get caught early on in testing with the iPhone, this kind of problem tends to stand out. I also doubt the iPhone has enough horsepower to pump out 10Mbps of ARP requests, sounds like a networking device is sourcing these packets.

    1. Re:Bet you 10 to 1... by blindbat · · Score: 5, Interesting

      Actually I was in an Apple store last Thursday and they were having the same problem. I was trying to connect to their network with another non apple device and finally connected on third attempt. The store employees were all aware that their phones were having trouble connecting and staying connected to the wireless. Many of the phones were having to connect through ATT.

  3. Re:Nothing new here by Anonymous Coward · · Score: 5, Interesting

    Sounds like they are having some issues with arp-whois being propagated across the subnets. Knowing Apple, each time these iPhones try to 'rendezvous' with all the Macs or iTuned PCs they refresh their ARP tables off the entire campus. Something is fucked up with their network machines if the arp boroadcasts are seen by the entire campus (hence the 30 access points going at once).

    What they need is an AP isolation: the connected client should not (easily) see other subnets and should definitely not be able to spam ARP broadcasts across subnets.

    Some BOFH admin really screwed up his net config.

  4. Re:Interesting problem by MoOsEb0y · · Score: 5, Informative

    Zombie graduate students.

  5. MAC address REQUEST? by Anonymous Coward · · Score: 5, Insightful

    I'm sorry, but there's something a little OFF here. No wireless hardware requests a MAC address. It may use MAC to authenticate to a table, but it goes for a DHCP lease.

    Slashdot...sigh...

    1. Re:MAC address REQUEST? by itwerx · · Score: 5, Funny

      No wireless hardware requests a MAC address.

      But the iPhone is from Apple, of course it would ask for a Mac address! Heck, they should be glad it didn't ask for a Mac-II address, things would be twice as bad!
      (You can do the math for a Mac-IIcx :)

  6. Taking out Cisco Router with ARP Floods? by xRelisH · · Score: 5, Interesting

    Umm, a bunch of ARP Requests by a few mobile devices shouldn't be knocking out a Cisco router. These AP's are supposed to be able to withstand much worse than a few of these things.

    I call bullshit. I say it's their IT/Computing Department is blaming their poor infrastructure on iPhone.

    1. Re:Taking out Cisco Router with ARP Floods? by technormality · · Score: 5, Insightful

      18,000 arp requests a second? Smells like a spanning tree loop to me. Thats where I would start looking. Could be a single AP bridging the same vlan with spanning tree disabled. Anyone roaming into into its range could cause havoc.

  7. Re:Critical? by Citius · · Score: 5, Interesting

    The number of students who use a wireless network for basic needs is rapidly growing at Duke. As a recent Duke graduate, I've been in a number of classes where tests are administered over the WLAN using Blackboard (burn BB to hell!). If a WLAN AP goes down, and that's during a test, you've got the grades - and unhappiness - of 40+ people/class on your head. Given that we're a rather nitpicky bunch over our grades, grade unhappiness doesn't end well for those who cause it... So yes. Wireless is critical at Duke.

    --
    Site slashdotted out? Use SharePapyrus under Site Directory
  8. Re:Interesting problem by beheaderaswp · · Score: 5, Insightful

    What I want to know is what is a "MAC address request". I've never seen one. I've seen DHCP requests, ARP requests, even AARP requests- but not a MAC address request.

    I didn't know MAC addresses were assigned dynamically.

    But I'm over 40- what do I know?

    --
    Another consultant who stuck it out.

    "We are the Priests, of the Temples of Syrinx..."
  9. Re:Critical? by PCM2 · · Score: 5, Insightful

    Yes it is dumb. Run some cable and leave the wireless for students with laptops and shit. Cables are the best method for mission critical things anyways.

    Yeah. Unless you're a university, and your "mission critical things" (remember the definition of "mission"?) include things like ... ohhh, I dunno ... students with laptops and shit?

    --
    Breakfast served all day!
  10. Re:sigh by HTTP+Error+403+403.9 · · Score: 5, Funny

    "18,000 address requests per second"

    It's like me at the discotheque on Saturday night.

    --
    I'm not a Troll, it's reverse psychology.
  11. So when you by phoebe · · Score: 5, Interesting

    spend thousands of dollars on expensive Cisco AP equipment, a factor above consumer grade systems, and something goes wrong, the extra instrumentation doesn't help and the vendor just blames somebody else? Is this a good reason not to go with expensive equipment, or just colossal incompetence of the administrator who configured everything?

  12. Re:Most likely a Cisco bug - firmware upgrade need by Anonymous Coward · · Score: 5, Insightful

    In reality, it seems that your router tends to substitute its own MAC address for non-local ARP entries (since all non-local packets go through the router, you really don't have to know what the real MAC address is)

    Say what? The last time I saw something equally screwy it was a Cisco LightStream 1010 (ATM switch) running LANE (LAN Emulation) that played no part in layer 3 at all, yet it was still building up an ARP table of every IP datagram that flowed through it (and wondered why it kept running out of memory).

    If you send out an ARP for an "unknown address", you'll get no response - it's not up to the router to respond on behalf of "non-local packets", it's up to the client to determine that the destination is non-local (by using the network and mask together) then picking a suitable gateway (usually default) for sending the packet on its way.

    Therefore, the client already knows it needs to send the non-local/unknown-addressed packet through the router so it explicitly ARPs for the router's MAC address (if not already cached) - nothing to do with trying to get the MAC of the remote destination.

  13. Re:Economic class and higher education by Dhalka226 · · Score: 5, Informative

    Instead of being wealthy and pay tuition, you can also simply be smart and hard working.

    He mentioned scholarships, though it was in an offhand way. You're certainly free to disagree with what he's saying, but insulting him twice in six sentences while "refuting" him with a point he already made is absolutely wrong on any level.

    Besides which, your own point is really no gem either. Your advice to get a scholarship is to be smart and hard working? It's half true, sure. Colleges do give scholarships to people with good grades--though often you also need extra-curricular activities to put you ahead even though that really has nothing to do with intelligence or hard work, merely interest in organized activities--but those are limited. If every student in the nation suddenly became smart and hard working, it would still help only an exceptionally small percentage of them receive a scholarship. In fact, since Duke is a good school you can be relatively sure that the vast majority of students who are accepted there are already smart and hard working, so even in your limited example

    I happen to think the way the OP handled himself was flamebait, but the question he raised about free education is a debate worth having. Preferably without insults.

    Congratulations to your daughter for getting in, getting money and getting through--but just because she did doesn't mean everybody else can, even those equally smart and hard working.

  14. Re:Interesting problem by kayditty · · Score: 5, Informative

    I have no idea why no one on the entirety of slashdot knows anything about networks. If I were to reply to every wrong post in this thread alone, I'd be here all fucking morning, so I'm just going to deal with this one.

    DHCP is not implicit in any network topology. It may be modern and 'expected,' but, jesus christ, every time there's a network discussion on this site, DHCP is strewn all over it like shit on a truck stop toilet. Just because you were born in 1995 and have an "ADSL" connection that uses DHCP (well, it probably uses PPPoE now) doesn't mean you're qualified to say anything, and it certainly doesn't mean there aren't real networks that have never even heard of the silly little protocol.

    That said, the initial DHCP request does go to a broadcast address, but it certainly has nothing to do with ARP. It goes to the global broadcast address (MAC: FF:FF:FF:FF:FF:FF). There's no such thing as an ARP address. ARP is a network layer protocol lying atop Ethernet (primarily; it isn't limited to Ethernet, of course). It is a MAC address you are thinking of.

    Your use of commas is worse than your knowledge of low-level network protocols, really. I don't even know why I bother. Whoever mods this shit up, go fuck yourself. And whoever's out there that actually does know what they're talking about (surely there's someone else out of two million users), like I do, fuck you for not replying and setting these morons straight. It's a ridiculous place to read for technological discussion, anymore.

  15. Re:Interesting problem by winomonkey · · Score: 5, Funny

    Isn't the term "zombie" a little bit redundant?