Slashdot Mirror
Duke Wireless Problem Caused by Cisco, not iPhone
jpallas writes "Following up to a previous Slashdot story, it now turns out that the widely reported problems with Duke University's wireless network were not caused by Apple's iPhone. The problem was actually with their Cisco network. Duke's Chief Information Officer praises the work of their technical staff. Does that include the assistant director for communications infrastructure who was quoted as saying, "I don't believe it's a Cisco problem in any way, shape, or form?""
Still others seem to imply that Duke's network was deficient in some way because the problem had not been encountered more broadly.
I would say that the network was deficient until the patch was applied. For him to say otherwise implies that there was no problem to begin with.
this is just another example of hair trigger IT morons with nothing but an MIS (Management Information Systems) degree and experience working on their mom's computer. I can hear it now, "but they are cisco certified!!!". Yeah- certification.. spend a few hours studying some high level networking material, take a test-- now your an *expert*. always blaming whatever is new touching their "pristine" networks.
We live in a such a great time. Information can spread from any source to the entire globe in minutes. However, no one actually makes sure it is correct. I'm going to go put tin foil around my bee hives.
...for the poor guy who said it wasn't a Cisco problem when he starts getting those Apple fanboy death threats.
"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
..get some statements and reflections from the usual crowd all-knowing trolls who instantly pointed at Apple in the previous, related thread? Just for some reference, ofcourse.
I'm curious to find more information on this. TFA just says "Cisco has provided a fix". What nature of fix was this? Was it actually a flaw in the routers, or did someone just configure them wrong?
Given the widespread use of Cisco routers compared to the isolated nature of the problem, it sounds a bit like Duke is just trying to save face.
its NEVER the network! Cisco is untouchable! :)
This is unfortunately a common issue with people. When two events happen at about the same time, people assume they're somehow connected. The autism and vaccine link, for example, is one of those things where they get their shots and soon afterwards, they notice their child is acting strangely. Then there's the old "this coincidence must be a sign of the divine" theory.
We run into this all the time when doing server administration. For example, one of our developers found that web pages were slower on our new virtual servers. The obvious thought is that virtualization=slow. It turns out that compression hadn't been turned on for those servers. Since he was going over a slow VPN connection, it made a fairly significant difference. Once switched on, they worked about the same as real servers.
I read in another article that some Gartner group guy speculated that it was a problem with the wireless network at Duke's security settings, that they were using LEAP (Lightweight Extensible Access Protocol). Since that was an unusually technical speculation by a Gartner-ite, I'm curious if anybody can confirm/deny that.
So it wasn't Apple's iPhone but Cisco's Linksys iPhone that was causing problems, am I right?
Many network IT folks just understand how to change settings on routers (what you learn to do in a "certification" course on a router) and understanding networking. Networking is more than just some router settings, and understanding the organic interdependent flowing nature of a network is critical to debugging problems. Just knowing something is causing a problem, and blaming the most recent change as the cause (as opposed to some underlying problem that this change simply brings to light). A senior IT official should, even if he doesn't know the exact problem, know that weird entworking problems are often way more complex than they seem, and should not jump to knee-jerk conclusions (especially based on some 1994 anti-mac bias about networking)
>>Duke's Chief Information Officer praises the work of their technical staff.
This sounds like every company in america... praise for mediocraty. The "technical" people on an
IT staff at a famous university can not figure out what is wrong with traffic on a network?? When
I saw the original post I thought it had to be a joke... Duke, not being able to figure out a network
problem?? They should not be praised, they should have been fired.
And yeah, don't go on with this "oh, but its a big network" retort either... If you work on a big
network, you should be able to fix it.
I heard a *story form some one that was an old GECO programmer way back when. In the midst of telling me stories about 3 foot diameter platters on huge racks and resistors the size of fists, he went on to tell a story of Cisco and and imminent wireless network failure.
It seems that years ago, some where in Europe, there was an issue with Cisco equipment failure at intervals. Massive wireless network failures and completely indeterminable. After bringing in a team of engineers for some thing like 9 months to assess the situation, they were still unable to determine the cause of failure. Until some one had peered in the way packets were being labeled under VLAN. Apparently Cisco had a number algorhithm issue, by which, say, every 10,000th packet, was getting dropped after being mislabeled and misdirected. After a so many identifying packets were getting dropped, total failure would ensue. I believe there was speculation of a Linux hardware and Cisco compatablity thing happening. Same protocols, just one was taking the shorter route to completion and it just happened to be Cisco to which all fingers pointed.
*The details of this may not be exact, but the ideas and names will remain the same to point out the guilty.
Is Kevin Miller related to Mike Nifong? Beware the science coming out of this institution.
Cool. Cisco screws up, iPhone gets blamed, but nobody minds, because iPhones are so cool.
... (smiles) iPhones are cool aren't they!"
Boss: "Did you get those reports done?"
Underling: "Sorry Boss, I Couldn't. iPhone Congestion."
Boss: "iPhone?
Underling: "They sure are boss!"
Boss wanders off feeling good.
Underling returns to screwing around with his iPhone.
I think that after spending a number of years working in Cisco only networks, I'm constantly amazed at the generally poor compatibility and functionality of Cisco equipment.
This ranges from critical recovery steps being removed from the 7200 series G2 NPE (NEVER make one of these crash to ROMMON on boot. The fix is to RMA the NPE) for Xmodem recovery of bootloaders - something a basic 827 router has to their latest 7961 VoIP SIP phones that are apparently RFC compliant for SIP communications - but aren't.
There are MANY things that make Cisco equipment worse and worse as the years go by. Part of it I believe is the outsourcing of the people who write the software for these things now. Chances are that they weren't even around with Xmodem was in use - and I bet a lot of the coders have NEVER admin'ed a network of Cisco gear. This is the only thing I can think behind removing essential recovery procedures for $35,000AU routers.
There's a whole new direction that Cisco is heading, and with the stupid things missing from their new gear, I'm starting to wonder if it's a direction that will have huge impacts for the worse in the network admin side of life.
Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
All of our 100mbit servers and the Cisco switches they connect to have to be nailed to 100/Full, because the Cisco hardware refuses to negotiate properly with HP Proliants and Sun hardware. Yet a $40 D-Link can manage just fine.
Not to mention how buggy IOS releases have become in recent years.
I wonder how many folks will start checking out Juniper.
/.ers list the total number of IT troubleshooters who have never made a bad call...
.. er, that's it.
Shouldn't that be "fuck's sake" or "fucks' sake" - certainly not "fucks sake"..?
assistant director Kevin Miller said it was Apple's fault.
"Kevin Miller, assistant director, communications infrastructure, with Duke's Office of Information Technology, laid the blame for Duke's networking problems squarely on the iPhone.
"I don't believe it's a Cisco problem in any way, shape or form," Miller said firmly."
Yup.. he put the ASS in assistant director.
Hey guys,
Please keep this quiet until the first software update for the iPhone becomes available.
I told my CIO the same story. I'm reading up on networking now, and I think I can fix it.
Thanks,
Anonymous
Director of Networking
To be fair, who hasn't had an issue where you were SURE it wasn't one thing, when it actually was. I would imagine most of you, like me, have seen issues where you still can't explain how you fixed it.
They should still ban iPhones... and all mobile telephones. Annoying junk!
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
The sick thing is that it was OBVIOUS it was a Cisco problem from the start. If you make the assumption that the iPhones are somehow defective, it's still a Cisco problem because any defective behavior from an iPhone would be indistinguishable from malicious behavior from a student. The fact that the iPhone was involved really was a non-issue all along.
It was terribly irresponsible of them to go off blaming Apple and, worse, absolving Cisco of responsibility.
Why is everyone picking on Sake? I mean, sure it's served slightly warm and in tiny cups, but it's not all that bad to drink, is it?
Everyone knows that Duke's got problems with open access. It's the access point's fault, not the new units that play a little rough with seasoned pros.
Though the expert officials blaming the wrong party should find a new line of work. I suggest politics.
--
make install -not war
and forcing 100/full, you had better be doing it at both ends.
If you aren't, then the devices will come up as half duplex (assuming they properly implement the standards), you have a duplex mismatch, and you _will_ have network problems. 802.3u requires an end which is set to autonegotiate to assume half duplex if the other end will not autonegotiate.
Except, some Suns can not be forced and will only autonegotiate, in which case you MUST set the switch port to half duplex if you're forcing.
"National Security is the chief cause of national insecurity." - Celine's First Law
Typical reaction. Something goes wrong, blame the user.
After all you and your staff would never mess up, your high status, reputation and salaries are at stake. The fact that you have outstanding trouble tickets, perform patches and upgrades without testing are coincidental.
So something goes wrong, you blame the user, remove them and claim problem solved. In the background you quietly find the problem and fix it (as part of routine maintenance). Your reputation is intact and all is good with the world. If only their were no users it would all be perfect.
Might want to tag this as an apple story, since the previous article was in the apple section.
I and my group have experienced this at work all the time almost whenever a new person is hired into the network team. Cisco gear do NOT play nice with Sun Microsystems, be it their desktop workstations or their servers. The Cisco gear refuses to properly auto-negotiate with the equipemnt causing issues such as duplex/simplex mis-matches (i.e. the workstation thinks it is connected at 100 Full duplex, while the switch thinks it is connected at 10 Half duplex). Needless to say this causes all kinds of collisions, IErrors, OErrors, etc., on the system and the network. All the Sun gear must have their associate network partner's port forced to 100 Full, and we do the same for the system as well. How do I know the problem is with the Cisco gear? Because the workstation/server works fine if you use a HP, Xylan, Baynetworks, or other switch. The net network engineers immediately believe it is the Sun equipment because they have been brainwashed into believing that Cisco can't make a mistake or a poor product. It usually takes us to demonstrate using 2 or more other switches that the problem only happens on the Cisco. Cisco still denies that there is a problem as well.
Oh and if you don't believe me, do a google "Cisco problems with Sun"...
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
I wish I had a nickel for every jerk who has instantly pointed the finger at Apple for any IT issue in which Macintoshes were involved.
Or described the NuBus "proprietary" and the AT bus and Micro Channel as "standard."
Or claimed that the ASCII standard defines CR+LF as the proper character combination for a line break.
Or asked me to "go to the 'START' button" on my Mac and, when I said I didn't have one because I was on a Mac, told me that Macs weren't supported even though their website says that they are.
"How to Do Nothing," kids activities, back in print!
Let me get this straight, Cisco blamed the outage on the iPhone? How could any single device be allowed to take down the network? It's just a WiFi client, the network shouldn't let this happen. Of course it's Cisco's fault.
How good can it be, if it isn't HD?
Seems to be all the rage at Duke. One would think they'd learn from their past mistakes.
"It is a miracle that curiosity survives formal education." -Albert Einstein
Depends. If you're telling a story about your friend Forest having sex with alcoholic beverages during a trip to Japan, then "For fucks sake." is appropriate.
obviously no deficiencies vs. no obvious deficiencies
duh...
When this story was first reported it was pretty obvious that it was misconfigured Cisco products, and not the iPhones, that were causing the flooding.
The story here is Duke blaming the innocent before looking into the problem
What about a publicity seeking IT hound, then?
If you mod me down, I shall become more powerful than you could possibly imagine.
Smelled like a network problem.
;)
rm999, blindbat, Doctor Memory, and Funk_dat69, you all owe me a beer. Go drink it for me and think about what you've done.
This problem isn't restricted to Suns. In the last hosting environment I managed, all of the Cisco gear had to be hard-coded to full duplex/100Mb in the IOS, as auto-detect was busted. All of the Dell networking gear worked like a champ though. Cisco gear is overrated.
Camping on quad since 1996.
In my experience this is only true with the older interfaces: hme, qfe, eri. The newer ones such as bge, ce, and e1000g work just fine with Cisco equipment using auto-negotiation.
It's kind of funny: most posts here complain about the Duke IT staff, either about their lack of competence or that they didn't wait until they had all the facts before claiming that this was an iPhone related problem.
Some people here who know the IT staff at Duke defended them and objected the claim of lacking competence, and there is no reason not to believe them, since everybody else is just guessing.
So most posters rushed to explain what happened without having seen the whole picture, didn't look into the details and therefore show exactly the behavior that they are attacking the Duke staff for.
memomo: free web based language trainer DE-EN-ES-FR-IT
This problem isn't restricted to Suns. In the last hosting environment I managed, all of the Cisco gear had to be hard-coded to full duplex/100Mb in the IOS, as auto-detect was busted. All of the Dell networking gear worked like a champ though. Cisco gear is overrated.
I just don't get this. Auto-detect has never failed me, except when I messed up myself. When one end is hard-coded to full duplex and the other end is autonegotiating, the other end picks half duplex. That's what the standard says must happen, brain-dead though it is. The fix is to set both ends to autonegotiate, or if you like debugging weird problems, hard code both ends to full duplex. Anyway, the problem is gone with gigabit ethernet, because autonegotiation is enforced.
Finally! A year of moderation! Ready for 2019?
They had Cisco network that functioned perfectly until iPhones started popping up, it wasn't a far stretch to suspect the new device introduced into a working system.
As a fellow computer professional, I can assure you that this is exactly how computers work. When I write a function that works perfectly for all the test cases I can think of, and then other people start using it and discovering bugs, it's only logical to assume that the problem is with their code, not mine. After all, my function was a perfectly functioning system until they started using it.
If you read slashdot regularly, you see this all the time. Somebody comes up with a new way to "break" Microsoft Windows security, and then Microsoft points out that it's not really their fault, but the guy who wrote the "virus" was doing things he wasn't supposed to. They don't even need to provide a patch, because it's not their fault, but they do, anyway. (Isn't that nice of them?)
...just not the one from Apple!
I don't understand why so mach noise around this problem. If your browser crashes on a website it's something wrong with your browser, not a website. If your system goes down because of couple new mobile phone it's something wrong with your network, not a phone.
At least they didn't go for a conviction this time.
Once upon a time, a soon to be mommy and daddy loved each other very much (the lust was strong as well as the drinks)
Cisco is notorious for autodetect failures and some of their equipment has been known to fail to autodetect when connected to other examples of their equipment.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Notorious? You sound like you've done your homework on this one. What are some examples that make these problems "notorious"?
... have been sacked.
As someone in another forum pointed out, and it's a good point...
Cisco provided a NEW patch, or just finally got Duke's IT staff off their ass and over to a patch set that's been readily available for some time?
+++OK ATH
Duke? Duke? Where have we heard ... that before? ... surely not?)
Dear iPhone, Welcome to the the asylum.
GUILTY! GUILTY! GUILTY! UNTIL PROVEN INNOCENT? (Of OMG being white
ROUNDLY CONDEMNED BY THE STAFF and the entire 'LEFT' BY HYSTERICAL CONSENSUS.
Notwithstanding an opportunist (now EX-)prosecutor.
RR
TROLL CREDO: "I don't caree how you mod me, just as long as you do."
I haven't seen the problems in a while, because I've been on the applications side for some time, but once upon a time you could see this problem just by connecting autodetecting, 100Mbps+FDX ports on two catalyst 5000 switches together. Sometimes they would figure things out and play nice. Sometimes they wouldn't, and bad things happened.
Beyond that concrete example (cat5ks aren't generally even in service any more because the backplane was somehow non-y2k-compliant) I've simply lost track of the number of network admins who have warned me not to do something or who have simply complained about it. So even if it weren't true (might not be any more, maybe they have it figured out now?) it's become one of those computer axioms.
You don't have to take my word for it though; google for "cisco autonegotiation failure" and you'll find more references than you'll ever need. Many of those will track back down to people not following the spec, because that's life, but many of them also go to clear examples of cisco being lame.
Cisco isn't the best. They're like McDonalds. You can get the same burger in any country :P
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Okay, now I'm not being antagonistic, I'm really curious (in a survey sort of way)... Cisco isn't the best, but what is your opinion what is?
Who puts together the best router solution?
Who's switches would run your ideal network?
Who kills at the SANS device space?
Who's VoIP gateways are seen as the best?
Who's Security devices rule?
What manufacturer offers all these type devices?
Who supports their products better?
My experience with bge's and e1000g's is different. They tend to come up at 100/hdx until fixed. The ce's seem to be better, but then the only ce's we're using are fiber cards.
An understandable, but fallacious, intermediate conclusion.
Free Software: Like love, it grows best when given away.
It was a problem with the iPhone that caused the Cisco WAP's to lock up. The iPhones like to ARP for IP's that aren't on the network, so the Cisco's don't respond, and the iPhones hammer the AP's with ARP requests and bring them down. I would know because I work Telecom at a prominent University and we had the same problem.
Adtran, check them out.
Even a Vyatta or other OSS router is as good as or better than all but the biggest, and most horribly expensive, Ciscos.
But you knew that, because you couldn't point to any evidence that refuted my opinion that Cisco has more than just market share in common with MS.
I don't know many Cisco haters, and I know plenty of Microsoft haters. My experience with Cisco gear goes like: unbox the layer 3 switch, connect the serial cable, configure IP addresses on a couple ports or VLAN's, tell it 'ip route', go get some lunch. Setting up a Windows server requires a 60 page guide from the NSA and four days of work to get something that should have been usable out of the box.
Now, their warranty, contracts, support, and pricing are all unreasonable (HP seems to be the better bet), but I've been known to order up a dozen refurbed Cisco VLAN-savvy switches and light up a new office building for pretty reasonable money when that fit the requirements, and the stinking things just work forever.
I'm not aware of any OSS routers that can handle 24 vlan'ed ports for $500, but I'd be happy to learn about them. The case is certainly there for some of their other products - I frequently sell clients a matched set of 1U redundant firewalls (freebsd-based) that beat the pants off PIX on price, reliability and ease of use.
I also have good luck installing WRT-54GL's in schools to get them on wireless. It's all a matter of picking the right tools from the right vendors, and occasionally Cisco has one.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
I'm bewildered that so many people seem to think there's fault in what the tech department did. From everything I read so far, they followed the best course of action as far as the diagnoses is concerned and solved the problem.
The access points are crashing in groups. Analysis of the traffic shows this occurs when iPhone spews what appears to be garbage to them. Along side further diagnoses, they open tickets with Cisco and Apple saying there a suspicion that a combination of iPhone and their Cisco network is causing downtime and provide the evidence that shows this to be likely. They work with both groups, and, lo and behold, this IS what was happening (though the garbage was not actually garbage). iPhone stressed the network and brought out a flaw (a known one I think) in the Cisco equipment they had. They fixed/patched it. A week later and the network is working.
Yes, tech people can make mistakes and do so all the time, but I fail to see that here. About the only thing I didn't hear that I would have liked to hear is whether or not they did web searches for the problem to speed up the process.
Overall, the fact that there's a story at all and this whole snafu seems to be a result of either the media, the schools relationship department or other upper managers or a combination thereof. Really, they made it sound like it was an iPhone problem (and technically it was!, it just wasn't where the core fault lied) which is actually a reasonable suspicion given the circumstances. Beyond that, though, I doubt the story was worthy of reporting in the first place. The story was information, not news.
My two cents.
--Dave Romig, Jr.
Likely related.
7 0724-arp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-200