Cisco access point at fault for Duke's wireless issues (Was Re:
[LINK] iPhones & Cisco)
kim at holburn.net
Wed Jul 25 17:29:08 EST 2007
It looks like the difference is that phones are more likely to be
moving between cells while on and connected than laptops.
> Cisco owns up to Duke/iPhone troubles—sort of
> By Iljitsch van Beijnum | Published: July 24, 2007 - 04:28PM CT
> Last week's news that iPhones caused trouble in Duke University's
> wireless network caused both wide-scale snickering and wide-scale
> disbelief: how could a fairly small number of these devices bring
> down an entire university network? With help from Cisco, it turns
> out. Yesterday, Duke's IT department laid the blame at the doorstep
> of the maker of the other iPhone.
> Today, purely by coincidence—none of the parties involved is saying
> anything about last week's Duke situation—Cisco published a
> vulnerability concerning ARP storms in wireless networks.
> What happens is actually pretty interesting if you're a student of
> networking. In order to get wireless coverage over a wide area,
> such as a university campus, it's necessary to set up a large
> number of access points. It then helps if WiFi devices can "roam"
> from one access point to another without having to change network
> settings, like the IP address, all the time. You can actually build
> a roaming network using Apple's Airport Extreme base stations, but
> if you want to build a large WiFi network then you need something
> like Cisco's Wireless LAN Controllers (WLC). WLCs control the
> access points and optimize the coverage and speed of the wireless
> Cisco However, devices like the iPhone don't know what's going on
> behind the scenes, so they may want to test whether they're still
> on the same IP network after moving to a new access point. They do
> that by sending an ARP message to the router that they were talking
> to through the previous base station. Ethernet systems use ARP to
> find out where on the Ethernet a system with a given IP address
> lives. ARPs are normally sent as broadcasts, because if you knew
> where to send them, you wouldn't have to do so in the first place.
> But the quick check to see if the router is still reachable can go
> to that router directly, so these test packets aren't broadcasts.
> And this is the buggy part in Cisco's WLC software: in certain
> setups, two or more WLCs can start sending the test packets back
> and forth, filling up the network and leading to access point
> nervous breakdowns.
> It doesn't say anywhere that the iPhone is the source of these test
> ARPs, but the timing and the fact that an Apple employee is one of
> the authors of the RFC that specifies the use of these test packets
> doesn't leave much room for doubt.
On 2007/Jul/22, at 9:21 AM, Adam Todd wrote:
> At 09:31 AM 22/07/2007, Rick Welykochy wrote:
>> Kim Davies wrote:
>>> If those involved in diagnosing and fixing the problem say the
>>> was not the trigger of their network problems, and you are
>>> claiming that
>>> they are wrong and it is -- I think the burden of proof is on you to
>>> explain why they are wrong.
>>> It strikes me this is probably just a case of network issues arising
>>> around the same time iPhone was released and someone figured it
>>> could be
>>> related - but after investigating the issue it was deemed it had
>>> to do with it.
>> IIRC, the problem arose when thousands of iPhones joined the network
>> within a small time interval. Perhaps this was an untested case
>> for Cisco.
> What so CISCO has to write special code to deal with iPhones?
> Protocol is protocol, it is defined and a standard. Who is at
> fault? Well it depends more clearly on what the fault actually was.
> "Because 80 iPhones connected to the network" means nothing. 200
> laptops probably connect too - why do they not exhibit the same
> Has the iPhone problem happened on other networks not using CISCO?
> All these questions and more in the next exciting episode.
> Link mailing list
> Link at mailman.anu.edu.au
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
Democracy imposed from without is the severest form of tyranny.
-- Lloyd Biggle, Jr. Analog, Apr 1961
More information about the Link