Re: iPhone and Network Disruptions ...
On Wed, Jul 25, 2007, Warren Kumari wrote: > You have a couple of switches with STP turned off -- someone plugs in > some random cable, forming a bridge loop... and everything > continues running fine, until some time in the future when it all > goes to hell in a hand-basket. Now, I could understand the system > remaining stable until the first broadcast / unknown MAC caused > flooding to happen, but I have seen this system remain stable for > anywhere from a few days to in a few weeks before suddenly exploding. If you want to hear about something whacked along those lines - imagine two access points which had spanning tree disabled, connected to a pair of switches on a vlan which wasn't running stp (thanks to platform stp limitations, the switches running pvstp and said campus having >800 vlans), and said ap's would occasionally associate in infrastructure mode - which would cause a broadcast storm on that vlan and fill trunk pipes with spaf. Debugging that one was hilarious. Hum. Adrian
Re: iPhone and Network Disruptions ...
On Jul 24, 2007, at 5:34 PM, Iljitsch van Beijnum wrote: On 24-jul-2007, at 15:27, Prof. Robert Mathews (OSIA) wrote: Looking at this issue with an 'interoperability lens,' I remain puzzled by a personal observation that at least in the publicized case of Duke University's Wi-Fi net being effected, the "ARP storms" did not negatively impact network operations UNTIL the presence of iPhones on campus. The nagging point in my mind therefore, is: why have other Wi-Fi devices (laptops, HPCs/PDAs, Smartphones etc.,) NOT caused the 'type' of ARP flooding, which was made visible in Duke's Wi-Fi environment? Reading the Cisco document the conclusion seems obvious: the iPhone implements RFC 4436 unicast ARP packets which cause the problem. I don't have an iPhone on hand to test this and make sure, though. The difference between an iPhone and other devices (running Mac OS X?) that do the same thing would be that an iPhone is online while the user moves around, while laptops are generally put to sleep prior to moving around. There is also the weird property of many types of "flood vulnerable" systems that they seem to remain stable until some sort of threshold is reached before suddenly spiraling out of control. I am not sure of the exact mechanism behind this, but I have seen multiple instances of this happening. The standard scenario is basically: You have a couple of switches with STP turned off -- someone plugs in some random cable, forming a bridge loop... and everything continues running fine, until some time in the future when it all goes to hell in a hand-basket. Now, I could understand the system remaining stable until the first broadcast / unknown MAC caused flooding to happen, but I have seen this system remain stable for anywhere from a few days to in a few weeks before suddenly exploding. I have seen the same thing happen in systems other than switches, for example RIP networks with split-horizon turned off, weird frame-relay networks, etc. Unfortunately I have never managed to recreate the event in a controlled environment (In the few cases that I have cared enough to try, I form a loop and everything goes BOOM immediately!), and in the wild have always just fixed it and run away (its usually someone else's network and I'm just helping out or visiting or something). I HATE switched networks. A few observations: In *almost* all of the cases, things *do* go boom immediately! In the instances where they don't, there doesn't seem to be a correlation between load and when it does suddenly spiral out of control [0]. There is not a gradual increase increase in the sorts of packets that you would expect to see cause this (in a switched environment, you do not see flooded packets slowly increase, or even an exponential increase over a long time, there is basically no traffic and then boom! 100%). Anyway, I have wondered that triggers it, but never enough to actually look into much W [0] Except for one case that I remember especially fondly -- it was switched network with something like 30 switches scattered around -- someone had plugged one of those "silver satin" phone type cables (untwisted copper) between two ports on a switch -- the cable was bad enough that most of the frames were dropped / corrupted, but under high broadcast traffic loads enough packets would make it through to cause a flood, and then after some time (5-10 minutes) it would die back down... -- Never criticize a man till you've walked a mile in his shoes. Then if he didn't like what you've said, he's a mile away and barefoot.
RE: iPhone and Network Disruptions ...
On Tue, 24 Jul 2007, Frank Bulk wrote: If you look at Kevin's example traces on the EDUCAUSE WIRELESS-LAN listserv you'll see that the ARP packets are in fact unicast. Iljitsch's point about the fact that iPhones remain on while crossing wireless switch boundaries is exactly dead on. If you read the security advisory you'll see that it involves either L3 roaming or two or more WLCs that share a common L2 network. Most wireless clients don't roam in such a big way. With the exception of our 1000+ Cisco 7920 phones... Then again, they probably work just fine with Cisco's other products, heh. - d. -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli http://www.the-infinite.org/
RE: iPhone and Network Disruptions ...
If you look at Kevin's example traces on the EDUCAUSE WIRELESS-LAN listserv you'll see that the ARP packets are in fact unicast. Iljitsch's point about the fact that iPhones remain on while crossing wireless switch boundaries is exactly dead on. If you read the security advisory you'll see that it involves either L3 roaming or two or more WLCs that share a common L2 network. Most wireless clients don't roam in such a big way. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Iljitsch van Beijnum Sent: Tuesday, July 24, 2007 4:35 PM To: Prof. Robert Mathews (OSIA) Cc: North American Network Operators Group Subject: Re: iPhone and Network Disruptions ... On 24-jul-2007, at 15:27, Prof. Robert Mathews (OSIA) wrote: > Looking at this issue with an 'interoperability lens,' I remain > puzzled by a personal observation that at least in the publicized > case of Duke University's Wi-Fi net being effected, the "ARP > storms" did not negatively impact network operations UNTIL the > presence of iPhones on campus. The nagging point in my mind > therefore, is: why have other Wi-Fi devices (laptops, HPCs/PDAs, > Smartphones etc.,) NOT caused the 'type' of ARP flooding, which was > made visible in Duke's Wi-Fi environment? Reading the Cisco document the conclusion seems obvious: the iPhone implements RFC 4436 unicast ARP packets which cause the problem. I don't have an iPhone on hand to test this and make sure, though. The difference between an iPhone and other devices (running Mac OS X?) that do the same thing would be that an iPhone is online while the user moves around, while laptops are generally put to sleep prior to moving around.
Re: iPhone and Network Disruptions ...
On Jul 24, 2007, at 5:34 PM, Iljitsch van Beijnum wrote: On 24-jul-2007, at 15:27, Prof. Robert Mathews (OSIA) wrote: Looking at this issue with an 'interoperability lens,' I remain puzzled by a personal observation that at least in the publicized case of Duke University's Wi-Fi net being effected, the "ARP storms" did not negatively impact network operations UNTIL the presence of iPhones on campus. The nagging point in my mind therefore, is: why have other Wi-Fi devices (laptops, HPCs/PDAs, Smartphones etc.,) NOT caused the 'type' of ARP flooding, which was made visible in Duke's Wi-Fi environment? Reading the Cisco document the conclusion seems obvious: the iPhone implements RFC 4436 unicast ARP packets which cause the problem. I don't have an iPhone on hand to test this and make sure, though. The difference between an iPhone and other devices (running Mac OS X?) that do the same thing would be that an iPhone is online while the user moves around, while laptops are generally put to sleep prior to moving around. But I know that I have walked around IETF meetings with my laptop open, and I know others do too, and I don't recall ever hearing about this problem at an IETF meeting from Jim Martin and the other NOC volunteers. Regards Marshall
Re: iPhone and Network Disruptions ...
On 24-jul-2007, at 15:27, Prof. Robert Mathews (OSIA) wrote: Looking at this issue with an 'interoperability lens,' I remain puzzled by a personal observation that at least in the publicized case of Duke University's Wi-Fi net being effected, the "ARP storms" did not negatively impact network operations UNTIL the presence of iPhones on campus. The nagging point in my mind therefore, is: why have other Wi-Fi devices (laptops, HPCs/PDAs, Smartphones etc.,) NOT caused the 'type' of ARP flooding, which was made visible in Duke's Wi-Fi environment? Reading the Cisco document the conclusion seems obvious: the iPhone implements RFC 4436 unicast ARP packets which cause the problem. I don't have an iPhone on hand to test this and make sure, though. The difference between an iPhone and other devices (running Mac OS X?) that do the same thing would be that an iPhone is online while the user moves around, while laptops are generally put to sleep prior to moving around.
Re: iPhone and Network Disruptions ...
Hank, Warren, & Fellow Nanogers: Looking at this issue with an *'interoperability lens,'* I remain puzzled by a personal observation that at least in the publicized case of Duke University's Wi-Fi net being effected, the "ARP storms" did not negatively impact network operations UNTIL the presence of iPhones on campus. The nagging point in my mind therefore, is: why have other Wi-Fi devices (laptops, HPCs/PDAs, Smartphones etc.,) NOT caused the 'type' of ARP flooding, which was made visible in Duke's Wi-Fi environment? Why did this issue become MOST prominent with the introduction of Apple's iPhone on campus? In that sense, my *original question* regarding iPhone's 'unique' operational circumstance(s) will have/need to be considered. Initial analysis tells me that we may not be far into that aspect but, we might need to... Again, I wish to thank you for the responses. All my best, Robert. -- begin:vcard fn:Prof. Robert Mathews n:Mathews;Robert org:University of Hawai'i adr:Wentworth Hall, Room# 2, 200 W. Kawili St. (ITO);;415 Nahua St., Ste 814 & 815 (HNL) / ;Honolulu & Hilo;HI;96815/96720;U.S.A email;internet:[EMAIL PROTECTED] title:Distinguished Senior Research Scholar on National Security Affairs & U.S. Industrial Preparedness tel;work:+ 315.853.7853 (NY) / + 703.655.7124 (VA/WDC) tel;fax:+ 315.859.1998 note;quoted-printable:This visiting card contains two distinct addresses, = =0D=0A= one for Honolulu Hi., and the other for Hilo, Hi. = =0D=0A= =0D=0A= If writing to Prof. Mathews is your preference,=0D=0A= then it must be noted that he can presently = =0D=0A= be reached through the following address, = =0D=0A= and it is:=0D=0A= =0D=0A= 119 St. Mary's Avenue,=0D=0A= Clinton, NY 13323.=0D=0A= U.S.A x-mozilla-html:FALSE url:http://www2.hawaii.edu/~mathews version:2.1 end:vcard
Re: iPhone and Network Disruptions ...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Prof. Robert Mathews (OSIA) wrote: > > Fellow Nanogers: > > Reports have floated across my desk in the past week, which have > suggested that iPhones owned by faculty, staff and students have > been flooding university campus Wi-Fi networks in parts of the > country. For example, see: *"Duke Wi-Fi Crippled by Apple iPhones" > *at > http://www.sci-tech-today.com/story.xhtml?story_id=10200AG9NMHU > Since that story first aired, and by applying a patch that was > subsequently provided by Cisco, Duke has now come to see the > elimination of the problem, see: "*Duke Resolves iPhone, Wi-Fi > Outage Problems"* at > http://www.eweek.com/article2/0,1895,2161065,00.asp > > There are certain aspects of this story in which I have the most > interest, and the following questions (if I may be permitted to > list them) detail my concern - adequately. I wish to ask you: 1) > is the iPhone an extra-ordinary device when comparing it with > devices of a comparable nature, which also request ties to a Wi-Fi > network, (there are many that use Wi-Fi enabled Smart-phones and > PDAs on campuses -- so, why do 'they' not pose a similar problem) > 2) is this problem a result of poor planning and services > implementation at certain campuses, 3) is this story - a product of > great exaggerations? 4) if there are technical issues indeed that > permit iPhones in particular to DoS Wi-Fi nets, what can these > storms be attributed to, and what can/should be done about it? > Hi Robert, While I am not at liberty to discuss specifics of customer cases, I think that you will find some of the answers to your questions in a Cisco Security Advisory which was released today: http://www.cisco.com/warp/public/707/cisco-sa-20070724-arp.shtml - -Mike- > If you are in a position to respond, I would like to hear from you, > either publicly or privately. If there is enough group interest > in the matter, I would be most happy to summarize. > > All the best, Robert. -- - -- Mike Caudill <[EMAIL PROTECTED]> PSIRT Incident Manager DSS PGP: 0xEBBD5271 +1.919.392.2855 / +1.919.522.4931 (cell) http://www.cisco.com/go/psirt -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGpkkoimPJSeu9UnERApprAJ9KYWlGBiSsjDUeBhtdBusbmO8BIwCfbIjs C2UXzGWZ3biS7EmZSf6hzz4= =1Ne9 -END PGP SIGNATURE-
Re: iPhone and Network Disruptions ...
Adding to the random speculation pile this just arrived in my mailbox: -- Cisco Security Advisory: Wireless ARP Storm Vulnerabilities Advisory ID: cisco-sa-20070724-arp http://www.cisco.com/warp/public/707/cisco-sa-20070724-arp.shtml It sounds like a badly configured pair of wireless controllers can, under fairly normal conditions, lead to an ARP storm... I have no idea if this is the actual issue that occurred at Duke, but it *is* interesting W On Jul 24, 2007, at 12:28 PM, Frank Bulk wrote: Duke runs both Cisco's distributed and autonomous APs, I believe. Kevin's report on EDUCAUSE mentioned autonomous APs, but with details as hazy as they are right now, I don't dare say whether one system or another caused or received the problem. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dale W. Carder Sent: Sunday, July 22, 2007 2:51 PM To: Bill Woodcock Cc: Sean Donelan; North American Network Operators Group Subject: Re: iPhone and Network Disruptions ... On Jul 21, 2007, at 8:52 PM, Bill Woodcock wrote: Cisco, Duke has now come to see the elimination of the problem, see: "*Duke Resolves iPhone, Wi-Fi Outage Problems"* at http://www.eweek.com/article2/0,1895,2161065,00.asp it's an ARP storm, or something similar, when the iPhone roams onto a new 802.11 hotspot. Apple hasn't issued a fix yet, so Cisco had to do an emergency patch for some of their larger customers. As I understand, Duke is using cisco wireless controllers to run their wireless network. Apparently there is some sort of interop issue where one system was aggravating the other to cause arp floods in rfc1918 space. We've seen 116 distinct iphones so far on our campus and have had sniffers watching arps all week to look for any similar nonsense. However, we are running the AP's in autonomous (regular ios) mode without any magic central controller box. Dale -- Dale W. Carder - Network Engineer University of Wisconsin at Madison / WiscNet http://net.doit.wisc.edu/~dwcarder -- Never criticize a man till you've walked a mile in his shoes. Then if he didn't like what you've said, he's a mile away and barefoot.
RE: iPhone and Network Disruptions ...
On Tue, 24 Jul 2007, Frank Bulk wrote: See: http://www.cisco.com/warp/public/707/cisco-sa-20070724-arp.shtml -Hank Duke runs both Cisco's distributed and autonomous APs, I believe. Kevin's report on EDUCAUSE mentioned autonomous APs, but with details as hazy as they are right now, I don't dare say whether one system or another caused or received the problem. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dale W. Carder Sent: Sunday, July 22, 2007 2:51 PM To: Bill Woodcock Cc: Sean Donelan; North American Network Operators Group Subject: Re: iPhone and Network Disruptions ... On Jul 21, 2007, at 8:52 PM, Bill Woodcock wrote: Cisco, Duke has now come to see the elimination of the problem, see: "*Duke Resolves iPhone, Wi-Fi Outage Problems"* at http://www.eweek.com/article2/0,1895,2161065,00.asp it's an ARP storm, or something similar, when the iPhone roams onto a new 802.11 hotspot. Apple hasn't issued a fix yet, so Cisco had to do an emergency patch for some of their larger customers. As I understand, Duke is using cisco wireless controllers to run their wireless network. Apparently there is some sort of interop issue where one system was aggravating the other to cause arp floods in rfc1918 space. We've seen 116 distinct iphones so far on our campus and have had sniffers watching arps all week to look for any similar nonsense. However, we are running the AP's in autonomous (regular ios) mode without any magic central controller box. Dale -- Dale W. Carder - Network Engineer University of Wisconsin at Madison / WiscNet http://net.doit.wisc.edu/~dwcarder
RE: iPhone and Network Disruptions ...
Duke runs both Cisco's distributed and autonomous APs, I believe. Kevin's report on EDUCAUSE mentioned autonomous APs, but with details as hazy as they are right now, I don't dare say whether one system or another caused or received the problem. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dale W. Carder Sent: Sunday, July 22, 2007 2:51 PM To: Bill Woodcock Cc: Sean Donelan; North American Network Operators Group Subject: Re: iPhone and Network Disruptions ... On Jul 21, 2007, at 8:52 PM, Bill Woodcock wrote: >>> Cisco, Duke has now come to see the elimination of the problem, >>> see: >>> "*Duke Resolves iPhone, Wi-Fi Outage Problems"* at >>> http://www.eweek.com/article2/0,1895,2161065,00.asp >> it's an ARP storm, or something similar, > when the iPhone roams onto a new 802.11 hotspot. Apple hasn't > issued a > fix yet, so Cisco had to do an emergency patch for some of their > larger > customers. As I understand, Duke is using cisco wireless controllers to run their wireless network. Apparently there is some sort of interop issue where one system was aggravating the other to cause arp floods in rfc1918 space. We've seen 116 distinct iphones so far on our campus and have had sniffers watching arps all week to look for any similar nonsense. However, we are running the AP's in autonomous (regular ios) mode without any magic central controller box. Dale -- Dale W. Carder - Network Engineer University of Wisconsin at Madison / WiscNet http://net.doit.wisc.edu/~dwcarder
Re: iPhone and Network Disruptions ...
Sean Donelan wrote: Since neither Apple, Cisco nor Duke seems willing to say exactly what the problem was or what they fixed; not very surprising; it was probably a "Duh" problem unique to Duke's network. Sean, Nanogers: Thank you, for your responses. Given the world of NDAs and other legal instruments, it was attempting to understand if there were certain folks here in NANOG - that were aware of any particular technical shortcomings, which could have caused, or contributed to the problem. Naturally, I say this based on a personal conjecture that NANOG members may be LESS inclined to spend nearly $600 on a product they knew little about, in order to simply satisfy a "coolness factor." :-) Seriously, while I wish to not speculate, in the absence of technical details on the situation, at least on the surface, it is troubling to me that a mass marketed, personal, consumer device could have a potential such as this - to disrupt an otherwise (seemingly?) stable networked institutional environment.In a document titled: " How to Plan for User Interest in the Apple iPhone," on 27 June 2007, Gartner had issued a negative recommendation to organizations WRT to accommodating iPhone use within enterprises based on their analysis of the product lacking hooks for Outlook/Notes, and necessary security applications. Gartner also cited Apple's commitment to focus iPhone support for individual consumers rather than organizational users as a basis for issuing its negative recommendation. Gartner also went on to issue another document on 10 July 2007, titled: "iPhone First-Generation Security Is Too Weak for Enterprises," which might be of interest (at least in an informational sense) to some here as well. Otherwise it would be a shame for Apple, Cisco and Duke to not let other network operators that might have the same problem to know how to prevent it from recurring elsewhere. Duke CIO - Tracy Futhey's statement that "...a particular set of conditions made the Duke wireless network experience some minor and temporary disruptions in service," where the/ "deployment of a very large Cisco-based wireless network that supports multiple network protocols"/ (*) seems to have been a key issue -- is frankly MORE confusing that illuminating. Is Duke, the only U.S. university campus, which has deployed a "very large Cisco-based campus wireless network" that support "multiple network protocols" ? Besides, is the 'multiple protocol' issue a 'red herring' ? By what novel/errand protocol could the iPhones flood the Duke University Wi-Fi network?NOT owning an iPhone, and lacking a technical familiarity with all of its inner workings, leaves me at a disadvantage, I am afraid. I do happen to own a nicely featured smart-phone among other Wi-Fi devices however, and remain well acquainted on just how 'that device' is likely to interfaces with Wi-Fi nets. In this respect, is the *Apple iPhone an extra-ordinary device?* I ask that question to seek clarity into the statement made by the Duke CIO, if anyone cares to comment. Quite frankly, my interest is to understand the range of *"failures in interoperability"* -- either at the device level, or at the enterprise level. Separately, I fail to see why no one is talking; particularly due to the fact that this event is effecting a first of a kind product release by Apple, and also on account of the fact that there is wide publicity now of an existing flaw in a Cisco product. I would have thought that transparently resolving this cryptogram would have built greater public confidence in those companies and respective products involved. All the best, Robert. -- * "Update on Duke's wireless network and Apple's iPhones" [see: http://www.dukenews.duke.edu/2007/07/cisco_apple.html Friday, July 20] 2007] begin:vcard fn:Prof. Robert Mathews n:Mathews;Robert org:University of Hawai'i adr:Wentworth Hall, Room# 2, 200 W. Kawili St. (ITO);;415 Nahua St., Ste 814 & 815 (HNL) / ;Honolulu & Hilo;HI;96815/96720;U.S.A email;internet:[EMAIL PROTECTED] title:Distinguished Senior Research Scholar on National Security Affairs & U.S. Industrial Preparedness tel;work:+ 315.853.7853 (NY) / + 703.655.7124 (VA/WDC) tel;fax:+ 315.859.1998 note;quoted-printable:This visiting card contains two distinct addresses, = =0D=0A= one for Honolulu Hi., and the other for Hilo, Hi. = =0D=0A= =0D=0A= If writing to Prof. Mathews is your preference,=0D=0A= then it must be noted that he can presently = =0D=0A= be reached through the following address, = =0D=0A= and it is:=0D=0A= =0D=0A= 119 St. Mary's Avenue,=0D=0A= Clinton, NY 13323.=0D=0A= U.S.A x-mozilla-html:FALSE url:http://www2.hawaii.edu/~mathews version:2.1 end:vcard
Re: iPhone and Network Disruptions ...
On Jul 21, 2007, at 8:52 PM, Bill Woodcock wrote: Cisco, Duke has now come to see the elimination of the problem, see: "*Duke Resolves iPhone, Wi-Fi Outage Problems"* at http://www.eweek.com/article2/0,1895,2161065,00.asp it's an ARP storm, or something similar, when the iPhone roams onto a new 802.11 hotspot. Apple hasn't issued a fix yet, so Cisco had to do an emergency patch for some of their larger customers. As I understand, Duke is using cisco wireless controllers to run their wireless network. Apparently there is some sort of interop issue where one system was aggravating the other to cause arp floods in rfc1918 space. We've seen 116 distinct iphones so far on our campus and have had sniffers watching arps all week to look for any similar nonsense. However, we are running the AP's in autonomous (regular ios) mode without any magic central controller box. Dale -- Dale W. Carder - Network Engineer University of Wisconsin at Madison / WiscNet http://net.doit.wisc.edu/~dwcarder
Re: iPhone and Network Disruptions ...
If that hypothesis is true, I'm surprised I haven't seen it in all the analysis I've done with it. But I don't have any Cisco AP's to play with either. On Jul 21, 2007, at 9:52 PM, Bill Woodcock wrote: Cisco, Duke has now come to see the elimination of the problem, see: "*Duke Resolves iPhone, Wi-Fi Outage Problems"* at http://www.eweek.com/article2/0,1895,2161065,00.asp Since neither Apple, Cisco nor Duke seems willing to say exactly what the problem was or what they fixed; not very surprising; it was probably a "Duh" problem unique to Duke's network. Nope. My understanding is that it's an ARP storm, or something similar, when the iPhone roams onto a new 802.11 hotspot. Apple hasn't issued a fix yet, so Cisco had to do an emergency patch for some of their larger customers. This is just my understanding based on one conversation about it. I'd feel like an idiot saying "don't quote me" on NANOG, but... I don't have any special knowledge about it, nor personal experience of it, so... -Bill
Re: iPhone and Network Disruptions ...
On Sat, 2007-07-21 at 18:52 -0700, Bill Woodcock wrote: > so Cisco had to do an emergency patch for some of their larger > customers. or Cisco had to spend time and money getting one of their larger customers to actually apply pre-existing patches. I've see that happen all too often over the years. Never underestimate the ability of new technology to expose the weakness in older technology. -Jim P.
Re: iPhone and Network Disruptions ...
> > Cisco, Duke has now come to see the elimination of the problem, see: > > "*Duke Resolves iPhone, Wi-Fi Outage Problems"* at > > http://www.eweek.com/article2/0,1895,2161065,00.asp > > Since neither Apple, Cisco nor Duke seems willing to say exactly what the > problem was or what they fixed; not very surprising; it was probably a > "Duh" problem unique to Duke's network. Nope. My understanding is that it's an ARP storm, or something similar, when the iPhone roams onto a new 802.11 hotspot. Apple hasn't issued a fix yet, so Cisco had to do an emergency patch for some of their larger customers. This is just my understanding based on one conversation about it. I'd feel like an idiot saying "don't quote me" on NANOG, but... I don't have any special knowledge about it, nor personal experience of it, so... -Bill
Re: iPhone and Network Disruptions ...
On Sat, 21 Jul 2007, Prof. Robert Mathews (OSIA) wrote: Cisco, Duke has now come to see the elimination of the problem, see: "*Duke Resolves iPhone, Wi-Fi Outage Problems"* at http://www.eweek.com/article2/0,1895,2161065,00.asp Since neither Apple, Cisco nor Duke seems willing to say exactly what the problem was or what they fixed; not very surprising; it was probably a "Duh" problem unique to Duke's network. Otherwise it would be a shame for Apple, Cisco and Duke to not let other network operators that might have the same problem to know how to prevent it from recurring elsewhere.
iPhone and Network Disruptions ...
Fellow Nanogers: Reports have floated across my desk in the past week, which have suggested that iPhones owned by faculty, staff and students have been flooding university campus Wi-Fi networks in parts of the country. For example, see: *"Duke Wi-Fi Crippled by Apple iPhones" *at http://www.sci-tech-today.com/story.xhtml?story_id=10200AG9NMHU Since that story first aired, and by applying a patch that was subsequently provided by Cisco, Duke has now come to see the elimination of the problem, see: "*Duke Resolves iPhone, Wi-Fi Outage Problems"* at http://www.eweek.com/article2/0,1895,2161065,00.asp There are certain aspects of this story in which I have the most interest, and the following questions (if I may be permitted to list them) detail my concern - adequately. I wish to ask you: 1) is the iPhone an extra-ordinary device when comparing it with devices of a comparable nature, which also request ties to a Wi-Fi network, (there are many that use Wi-Fi enabled Smart-phones and PDAs on campuses -- so, why do 'they' not pose a similar problem) 2) is this problem a result of poor planning and services implementation at certain campuses, 3) is this story - a product of great exaggerations? 4) if there are technical issues indeed that permit iPhones in particular to DoS Wi-Fi nets, what can these storms be attributed to, and what can/should be done about it? If you are in a position to respond, I would like to hear from you, either publicly or privately. If there is enough group interest in the matter, I would be most happy to summarize. All the best, Robert. -- begin:vcard fn:Prof. Robert Mathews n:Mathews;Robert org:University of Hawai'i adr:Wentworth Hall, Room# 2, 200 W. Kawili St. (ITO);;415 Nahua St., Ste 814 & 815 (HNL) / ;Honolulu & Hilo;HI;96815/96720;U.S.A email;internet:[EMAIL PROTECTED] title:Distinguished Senior Research Scholar on National Security Affairs & U.S. Industrial Preparedness tel;work:+ 315.853.7853 (NY) / + 703.655.7124 (VA/WDC) tel;fax:+ 315.859.1998 note;quoted-printable:This visiting card contains two distinct addresses, = =0D=0A= one for Honolulu Hi., and the other for Hilo, Hi. = =0D=0A= =0D=0A= If writing to Prof. Mathews is your preference,=0D=0A= then it must be noted that he can presently = =0D=0A= be reached through the following address, = =0D=0A= and it is:=0D=0A= =0D=0A= 119 St. Mary's Avenue,=0D=0A= Clinton, NY 13323.=0D=0A= U.S.A x-mozilla-html:FALSE url:http://www2.hawaii.edu/~mathews version:2.1 end:vcard
