Wednesday, July 18, 2007

Watch your WiFi: iPhones flooding ARP requests?

NetworkWorld picked up a story on Apple's new iPhone taking out Cisco LWAPs at Duke University:
The built-in 802.11b/g adapters on several iPhones periodically flood sections of the Durham, N.C., school’s pervasive wireless LAN with MAC address requests, temporarily knocking out anywhere from a dozen to 30 wireless access points at a time. The campus network staff is talking with Cisco, the main WLAN provider, and have opened a help desk ticket with Apple. But so far, the precise cause of the problem remains unknown.

I tend to agree with one of the commenter's speculation that the iPhone's wireless stack is trying to find its "home" network and in the process is sending out a flood of Unicast ARP requests. That's probably circumventing whatever flood controls might be in place which causes the Controller to fall over. Since they're using Light-Weight Controllers (my guess is that it's the 4400-series) multiple WAPs will become unreachable simultaneously as they all depend on the controller to function properly.

Cisco will probably get a fix out there to prevent this behavior, but I also think the onus is on Apple to fix their WiFi stack. The fact that Apple has been completely silent on the matter doesn't help things. If they're aware of an issue they need to be open about it and work to resolve the problem as quickly as possible. Instead, it looks like they've taken the traditional Apple line of clamming up about everything. That works well when you're trying to build buzz for your Latest Coolest Thing Ever™ but it creates horrible feelings in the marketplace when there's an issue that requires resolution.

Hat Tip Instapundit

Update: Cisco Security Advisory: Wireless ARP Storm Vulnerabilities

They don't mention the Duke issue at all, but it's pretty clear the problem was due to their handling of unicast ARPs when doing Layer-3 roaming.

No comments: