Cisco access point at fault for Duke's wireless issues (Was Re: [LINK] iPhones & Cisco)

Kim Holburn kim at holburn.net
Wed Jul 25 17:29:08 AEST 2007


It looks like the difference is that phones are more likely to be  
moving between cells while on and connected than laptops.

http://arstechnica.com/news.ars/post/20070724-cisco-owns-up-to- 
dukeiphone-troublessort-of.html
> Cisco owns up to Duke/iPhone troubles—sort of
>
> By Iljitsch van Beijnum | Published: July 24, 2007 - 04:28PM CT
>
> Last week's news that iPhones caused trouble in Duke University's  
> wireless network caused both wide-scale snickering and wide-scale  
> disbelief: how could a fairly small number of these devices bring  
> down an entire university network? With help from Cisco, it turns  
> out. Yesterday, Duke's IT department laid the blame at the doorstep  
> of the maker of the other iPhone.

!!!!

> Today, purely by coincidence—none of the parties involved is saying  
> anything about last week's Duke situation—Cisco published a  
> vulnerability concerning ARP storms in wireless networks.
>
> What happens is actually pretty interesting if you're a student of  
> networking. In order to get wireless coverage over a wide area,  
> such as a university campus, it's necessary to set up a large  
> number of access points. It then helps if WiFi devices can "roam"  
> from one access point to another without having to change network  
> settings, like the IP address, all the time. You can actually build  
> a roaming network using Apple's Airport Extreme base stations, but  
> if you want to build a large WiFi network then you need something  
> like Cisco's Wireless LAN Controllers (WLC). WLCs control the  
> access points and optimize the coverage and speed of the wireless  
> network.
>
> Cisco However, devices like the iPhone don't know what's going on  
> behind the scenes, so they may want to test whether they're still  
> on the same IP network after moving to a new access point. They do  
> that by sending an ARP message to the router that they were talking  
> to through the previous base station. Ethernet systems use ARP to  
> find out where on the Ethernet a system with a given IP address  
> lives. ARPs are normally sent as broadcasts, because if you knew  
> where to send them, you wouldn't have to do so in the first place.  
> But the quick check to see if the router is still reachable can go  
> to that router directly, so these test packets aren't broadcasts.  
> And this is the buggy part in Cisco's WLC software: in certain  
> setups, two or more WLCs can start sending the test packets back  
> and forth, filling up the network and leading to access point  
> nervous breakdowns.
>
> It doesn't say anywhere that the iPhone is the source of these test  
> ARPs, but the timing and the fact that an Apple employee is one of  
> the authors of the RFC that specifies the use of these test packets  
> doesn't leave much room for doubt.



On 2007/Jul/22, at 9:21 AM, Adam Todd wrote:

> At 09:31 AM 22/07/2007, Rick Welykochy wrote:
>> Kim Davies wrote:
>>
>>> If those involved in diagnosing and fixing the problem say the  
>>> iPhone
>>> was not the trigger of their network problems, and you are  
>>> claiming that
>>> they are wrong and it is -- I think the burden of proof is on you to
>>> explain why they are wrong.
>>> It strikes me this is probably just a case of network issues arising
>>> around the same time iPhone was released and someone figured it  
>>> could be
>>> related - but after investigating the issue it was deemed it had  
>>> nothing
>>> to do with it.
>>
>> IIRC, the problem arose when thousands of iPhones joined the network
>> within a small time interval. Perhaps this was an untested case
>> for Cisco.
>
> What so CISCO has to write special code to deal with iPhones?
>
> Protocol is protocol, it is defined and a standard.  Who is at  
> fault?  Well it depends more clearly on what the fault actually was.
>
> "Because 80 iPhones connected to the network" means nothing.  200  
> laptops probably connect too - why do they not exhibit the same  
> problem?
>
> Has the iPhone problem happened on other networks not using CISCO?
>
> All these questions and more in the next exciting episode.
>
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961







More information about the Link mailing list