Duke Wireless Problem Caused by Cisco, not iPhone

jpallas writes "Following up to a previous Slashdot story, it now turns out that the widely reported problems with Duke University's wireless network were not caused by Apple's iPhone. The problem was actually with their Cisco network. Duke's Chief Information Officer praises the work of their technical staff. Does that include the assistant director for communications infrastructure who was quoted as saying, "I don't believe it's a Cisco problem in any way, shape, or form?""

deficient

Still others seem to imply that Duke's network was deficient in some way because the problem had not been encountered more broadly.

I would say that the network was deficient until the patch was applied. For him to say otherwise implies that there was no problem to begin with.

idiots

[SolusSD]

this is just another example of hair trigger IT morons with nothing but an MIS (Management Information Systems) degree and experience working on their mom's computer. I can hear it now, "but they are cisco certified!!!". Yeah- certification.. spend a few hours studying some high level networking material, take a test-- now your an *expert*. always blaming whatever is new touching their "pristine" networks.

Re:idiots

[ejtttje]

I don't meet one stupid developer who I have to explain to what NAT, proxies or TCP options are That's because we already studied them in our Networking class and wrote our own implementations from scratch for homework assignments while we were getting four-year degrees... ;-P

Just pulling your leg (mostly) ;) I have a feeling you know a lot more by now than anyone finishing a one semester course... and a lot of CS grads get through without taking a networking course in the first place... but the trick is, we both know a lot more than the new recruits wearing their certification diapers and intoning "cisco can do no wrong, buy nothing but cisco, cisco or bust" (because of course, the certified on a specific brand's interface, and have no idea what they're actually doing.)

For example, I love the story of when we visited a university with a cisco-sycophant net admin, and we wanted to put up a linksys wireless access point in the lab for the robots to connect to, and he was resistant until we pointed out cisco had recently bought linksys, so it was actually a cisco device too, and then it was OK. Siiiigh.

But anyway, 15-441 ftw! :)

Re:idiots

[nosilA]

I used to work with the "hair trigger IT moron." He has a CS degree from one of the best CS schools in the country, he has been running college networks since 2000, and he does, in fact, know what he's doing.

I will admit though, that he has been known to get ahead of himself. When he looked at the logs and saw a bunch of iPhone MAC addresses spewing garbage, but no other devices are, he assumed that it's an iPhone problem. The quote in Network World is unfortunate, but he is no "hair trigger IT moron." He continued working on getting to the root of the problem and solved it yesterday.

Re:idiots

[FDDIcent]

Sounds like a fun class, I was a CS minor, but I never got around to taking Networks, just OS/Datastructures/AI etc. Bummer. Your admin does sound like an idiot. The reason to say 'no' to a Linksys in an environment like mine have mostly to do with support (4 hour RMA), interference with other devices (our Cisco APs all talk to each-other), and management (I want to enforce security policy on you). Who cares if Cisco bought Linksys ;) Its the same reason why our server admins want all HPs, because they already have a shop full of HPs, support agreements etc. Not because HP is magical. There's always the option to change, but in a large enterprise, a homogeneous environment greatly reduces cost IMHO. Then again if I worked in an academic environment I'd be a lot less of a hardass, I work in Healthcare.

Re:idiots

[eipo]

Your assumption at the skill of the network folks at Duke is sadly mistaken. The people at Duke are very intelligent and experienced group of folks that detected a problem on the network that seemed to be related to the iPhone. In turn they contacted BOTH Apple and Cisco and began running dumps to try to figure out what was going on. In the beginning it did appear to be caused by the iPhone and only after a lot of testing and help from Cisco was the true problem discovered. They had Cisco network that functioned perfectly until iPhones started popping up, it wasn't a far stretch to suspect the new device introduced into a working system.

The only thing they did poorly was fail to realize how much the techie world is hot and bothered over ANY news about the iPhone. Had the cause seemed to have been the the latest Crackberry this would have never sweep through the iPhone loving media/techie-verse this quickly.

So come off your superiority complex a bit and cut them some slack. They managed to detect and solve this issue within a week on a massive University network with half the tech world breathing down their collective necks. It wasn't the work of inexperienced MIS folks but group of talented network professionals that had the misfortune of publicly grappling with the iPhone juggernaut and half million know-it-alls on forums like this.

Re:idiots

Hate to break it to you, but almost every industry sector is like that, be it software developers, construction workers, furniture makers, restaurant staff, and even medical staff.

It's actually rare to find an industry where almost everybody is top-notch, simply because most companies don't want to pay the premiums for these folks. I can only think of a few off the top of my head: NASA, Google, most engineering firms...

Re:idiots

[gb506]

He continued working on getting to the root of the problem and solved it yesterday.

Well, he HAD to continue to work the problem, that's his job, he didn't really have the option of simply ignoring the situation, did he? Not sure that constitutes a pat on the back.

The quote in Network World is unfortunate, but he is no "hair trigger IT moron."

It does, in fact, show that he's willing to drop statements to the press such as "I don't believe it's a Cisco problem in any way, shape, or form," quite prematurely and without factual foundation. In the end a.) he should have kept his mouth shut until he definitively knew what was happening, and b.) if she was at all concerned that the guy was prone to getting ahead of himself, Tracy should have muzzled him from the moment the issue first came to light. Any story involving a potential iPhone problem at this juncture is going to get mega exposure, and Miller and Futhey should have realized that.

Re:idiots

[jayhawk88]

Uh huh. Because you've never made a mistake or misdiagnosed a problem when something is broken and your entire customer base is screaming at you to fix it.

Jesus, I love how you all are posting here like you single handly created the first router and invented TCP/IP. Let's try and look at this from the Duke IT perspective: 1. Wireless network is (presumably) working great. 2. iPhone is released, students start showing up with it. 3. Wireless starts getting slammed. Yes it was a wrong conclusion and faulty logic but come on, was it really that horrible? When something breaks the first thing you ask is "What has changed", in this case iPhones were introduced to the network. I guarentee that would have been the first thing I would have looked at.

Re:idiots

[EGSonikku]

Perhaps they should have waited a week then and not announced prior to discovering the true issue that the iPhone was at fault.

Re:idiots

[Maniac-X]

I guess this truly puts me in the minority, because I do both IT and development stuff pretty equally well, though i do favor development a little (don't tell anyone)

Of course there are arguments to work in a homogenous environment, I encountered the same arguments in my first year IS classes. My teacher insisted it was much more efficient to buy mass amounts of generic-branded PCs because the "support was better" in case of hardware failure. Of course I argue that if I build them myself, I already know by the time each one is deployed that the hardware is not a lemon (burn-in testing), and it's probably going to last quite some time.

In my opinion, it is far better to spend a little more on in-house support, mix and match quality hardware for the best results (performance and reliability-wise), than it is to go all-out generic and be RMAing whole machines all the time. Yes, it's more work in the end, but overall there seem to be less problems. Besides, the biggest upside is, no matter who you hire onto your IT team, they WILL learn how things actually work, and how to actually fix them, after a while. The RMA-everything method discourages learning by experience, imo.

Re:idiots

[ktappe]

Let's try and look at this from the Duke IT perspective: 1. Wireless network is (presumably) working great.

That word "presumably" was pretty close to the heart of this entire debacle. It's an assumption and those are the first things you should throw out when performing logical troubleshooting.

2. iPhone is released, students start showing up with it. 3. Wireless starts getting slammed. Yes it was a wrong conclusion and faulty logic but come on

Come on what? Logically fixing this problem is their primary job. Not publicly pointing the finger at Apple before that logic had run its course.

was it really that horrible? When something breaks the first thing you ask is "What has changed", in this case iPhones were introduced to the network.

What they essentially did was the same as if an engineer blamed a person walking across a bridge for the bridge collapsing. The iPhones were making completely normal use of infrastructure yet they were blamed when that infrastructure failed. Engineers (be they civil or network) need to make sure their house is clean before they start casting aspersions. Speaking as an OS engineer myself, I do not blame the user when the OS crashes; I examine the OS. The user should not be able to make it crash just as iPhones should not be able to take down a wireless network.

Re:idiots

[CryBaby]

The only thing they did poorly was fail to realize how much the techie world is hot and bothered over ANY news about the iPhone.

No, what they did poorly was their job as problem solvers. They made the classic mistake of trying to solve a problem in reverse -- they started out with an assumption and then looked for evidence to support that assumption. For whatever reason, they wanted to rule out Cisco as the cause, so they did. This prevented them from finding the real cause as quickly as they might have.

Had they kept an open mind, they would have looked for more evidence before making a determination. For example, they could have asked some other universities (who undoubtedly now have iPhones on their wireless networks) whether or not the same type of problem was occurring there. With the answer being "no", they would have learned that the problem must have something to do with the combination of the iPhone and their specific network. That would have opened the doors to start looking at network configuration and/or faulty networking equipment. Obviously, that's exactly what happened in the end, but my point is that they erected a barrier in the problem solving process by "trusting" their Cisco equipment rather than suspecting it along with everything else.

I don't think the Duke IT people are incompetent, unintelligent, lacking in education, etc. Rather, I think this is an interesting little case study that illustrates how even highly competent people can allow their preconceptions to undermine their problem solving efforts. After all, our instincts, gut reactions, feelings, etc. are extremely useful when diagnosing a problem. They are often correct or at least highly informed on a level that is difficult to quantify. So, it's not easy to consider that your instincts may be completely wrong -- that you may be looking at an entirely new and surprising situation in which your instincts only serve to mislead you. Effective problem solving requires creativity, deliberate role-playing (e.g. "playing devil's advocate") and a certain amount of (forced) objectivity. Unfortunately, too few technical professionals display these traits when attempting to diagnose a problem and fail to understand that problem solving, in a general sense, is a discipline unto itself.

Re:idiots

[tgibbs]

The only thing they did poorly was fail to realize how much the techie world is hot and bothered over ANY news about the iPhone.

This hardly seems like a minor error. They apparently went public with a premature conclusion about a new product before they actually knew what was going on, thereby holding themselves and Duke University up to ridicule.

And it is an unfortunately typical knee-jerk reaction reflects the arrogance typical of many IT departments: "The problem isn't with our network; it must be your computer or software that is screwing things up."

Re:idiots

[Thrudheim]

You forgot this point: "4. Why is it that our network is getting slammed but similar networks at other universities are not?"

One does not need a technical background to know that if the iPhone caused problems for these kind of networks, we should be seeing them all over the place. A simple, logical process of elimination would soon cast strong doubt on the iPhone as the cause. It had to be the way that particular network interacted with the iPhone. Hence, it was the network and not the phone.

Re:idiots

[gb506]

That response would last about one week into the new school year. Dude, there were over 150 of the darn things ALREADY on campus, and it's a ghost town compared to September when the kids return!

Three things:

1.) if you think that Duke students will put up with an IT staff too closed minded to resolve a problem with their own network, which would result in making their $500 iPhones useless on wifi, you're crazy. The kids pay the big $$$ to go there, IT toads can be easily replaced.

2.) Duke U. has been out front in embracing iPhone's parent, iPod, as a learning tool, going so far as to issue them to incoming freshmen a few years back, if you think that some pasty cheeto eater in IT would be able to gloss over his own network problem by banning iPhone when Duke has embraced iPod in the classroom, you're friggin stoned.

3.) Lastly, and maybe most importantly so far as the iPhone itself is concerned, there are ALREADY over 150 known iPhones on the Duke campus accessing the network. The iPhone has been out for only 3 weeks. How many do you think there will be when the population on campus grows exponentially with the start of the school year? What that says is that the iPhone is ALREADY a massively disruptive technology, and that anyone who does not understand that we are seeing a massive shift away from traditional computing is either deluded or stupid.

I fart in your general direction!

So what was it

I read in another article that some Gartner group guy speculated that it was a problem with the wireless network at Duke's security settings, that they were using LEAP (Lightweight Extensible Access Protocol). Since that was an unusually technical speculation by a Gartner-ite, I'm curious if anybody can confirm/deny that.

Most Don't understanding networking

[henryhbk]

Many network IT folks just understand how to change settings on routers (what you learn to do in a "certification" course on a router) and understanding networking. Networking is more than just some router settings, and understanding the organic interdependent flowing nature of a network is critical to debugging problems. Just knowing something is causing a problem, and blaming the most recent change as the cause (as opposed to some underlying problem that this change simply brings to light). A senior IT official should, even if he doesn't know the exact problem, know that weird entworking problems are often way more complex than they seem, and should not jump to knee-jerk conclusions (especially based on some 1994 anti-mac bias about networking)

Re:I'll feel bad...

[samkass]

when he starts getting those Apple fanboy death threats.

You mean when hack journalists start reporting unsubstantiated rumors of death threats.

Re:The Information Age

[The_Fire_Horse]

No, Wikipedia is peer moderated.
While not perfect, obvious mistakes or blatant lies are eventually picked up and corrected - this is why you shouldnt quote Wiki's, but use the references they cite.

To be fair....

[Vacuous]

To be fair, who hasn't had an issue where you were SURE it wasn't one thing, when it actually was. I would imagine most of you, like me, have seen issues where you still can't explain how you fixed it.

Re:Correlation is not cause and effect

[farker+haiku]

For example, one of our developers found that web pages were slower on our new virtual servers. The obvious thought is that virtualization=slow. It turns out that compression hadn't been turned on for those servers.

So how was he wrong? The virtual servers were slower.

Obviously a Cisco Problem All Along

[smack.addict]

The sick thing is that it was OBVIOUS it was a Cisco problem from the start. If you make the assumption that the iPhones are somehow defective, it's still a Cisco problem because any defective behavior from an iPhone would be indistinguishable from malicious behavior from a student. The fact that the iPhone was involved really was a non-issue all along.

It was terribly irresponsible of them to go off blaming Apple and, worse, absolving Cisco of responsibility.

Re:More information?

[physicsnick]

"Given the widespread use of Cisco". So Windows must be pretty good too, right? You misunderstood. I wasn't implying anything about the quality of Cisco routers.

Suppose Duke University (and only Duke university) suddenly has problems with all of their Windows boxes. Do you think it's a Windows problem? Given the widespread use of Windows compared to the isolated nature of the problem, it's far more likely that they themselves configured something incorrectly, otherwise all universities should be encountering similar problems.

This isn't to say that there aren't such problems; just as you said, both Cisco and Windows have widespread flaws that affect all universities. But for THIS particular problem, it's more likely to be just a misconfiguration, simply because of the fact that it's localized to Duke.

Jumping to conclusions

[faloi]

Seems to be all the rage at Duke. One would think they'd learn from their past mistakes.

Re:More information?

[HockeyPuck]

Cisco is the Microsoft of networking gear. Their stuff is complete crap compared to the alternatives in every category. It's also overpriced. I think you hit the nail on the head. Alternatives in every catagory. Which means you have 500 different vendors. From core routers, to access switches to firewall appliances, to Content/Caching engines to telephony to wireless, heck Cisco even makes storage switches. If there's a nework problem, you call up ONE company. You sign one large support contract, makes it very easy to have 'one neck to choke' when there's an issue.

When you build a server (not a hobbiest linux box at home) would you rather buy all the parts (cpu, ram, disk, etc..) from ONE vendor, or would you rather buy each component from someone else? You'd call up IBM/hp/dell/sun and order a server, so when the ram breaks you call the same vendor as when the CPU breaks.

While cisco gear may not be the best in every catagory, the solution as a whole is pretty good and there's not a networking vendor that can provide an 'end to end' solution. Plus there's something to be said for being able to put firewall/content/PoE/WAN modules in a single chassis.

Integration and consolidation does save power.

Re:More information?

[HockeyPuck]

I'm not saying that there aren't vendors with single produts that are better, but NOT all companies/customers are looking for 500 different vendors. You wouldn't build a server farm from 50 different linux servers b/c "IBM w/redhat is better at dns, HP w/Ubuntu is better at samba, Dell/slackware is better at sendmail..." you'd go outta your mind supporting such a hetergenous infrastructure.

Cisco/MSFT have plenty in common. All religions aside, when you hire someone it's much easier to find someone that is familiar (CCIE) with a broad range of cisco products than to find one that has (as you put it), "Juniper for routers. Extreme for Network Switches. Juniper/Netscreen, Fortinet, or even Checkpoint for firewalls." The same holds true if you were hiring someone with office skills. It's much easier to find someone that is well versed in MS-Office than it is to find someone that has the same skillset in lotusnotes, wordperfect, etc...

Building an IT infrastructure is more than just having the 'fastest, best out there'. It's building the best solution for YOUR environment. I work with plenty of clients that have Juniper in the core and cisco at the access/distribution layer.

Re:More information?

[profplump]

There are benefits to having only one provider -- like consolidated support and supposed interoperability.

There are also costs, like lock-in -- not only are in a position to be taken advantage of by your single provider in terms of price, but you're actually likely to dimiss technically superior solutions if they don't come from your provider, and your solutions will be inflexible outside the bounds set by your provider.

Take Exchange email as an example. It's not a terrible way to do mail folders, and the integrated calendar is handy. But it means that only Outlook can read your mail, and Outlook only runs on Windows machine and Windows only runs on x86 hardware. Those may all be reasonable choices, but it's not reasonable to make them all simply because you want to run Exchange.

I know Exchange supports IMAP, but there are companies (like my current employer) that won't turn on the IMAP interface because it doesn't fit their one-provider toolchain. I develop on a company-provided linux system for a product that runs entirely in linux, but I have to launch a VM to check my email because of single-provider lock-in.