RE: iPhone and Network Disruptions ...

["Frank Bulk" <frnkblk () iname com>]

If you look at Kevin's example traces on the EDUCAUSE WIRELESS-LAN listserv
you'll see that the ARP packets are in fact unicast.

Iljitsch's point about the fact that iPhones remain on while crossing
wireless switch boundaries is exactly dead on.  If you read the security
advisory you'll see that it involves either L3 roaming or two or more WLCs
that share a common L2 network.  Most wireless clients don't roam in such a
big way.

Frank

-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Iljitsch van Beijnum
Sent: Tuesday, July 24, 2007 4:35 PM
To: Prof. Robert Mathews (OSIA)
Cc: North American Network Operators Group
Subject: Re: iPhone and Network Disruptions ...


On 24-jul-2007, at 15:27, Prof. Robert Mathews (OSIA) wrote:

> Looking at this issue with an 'interoperability lens,' I remain
> puzzled by a personal observation that at least in the publicized
> case of Duke University's Wi-Fi net being effected, the "ARP
> storms" did not negatively impact network operations UNTIL the
> presence of iPhones on campus.  The nagging point in my mind
> therefore, is: why have other Wi-Fi devices (laptops, HPCs/PDAs,
> Smartphones etc.,) NOT caused the 'type' of ARP flooding, which was
> made visible in Duke's Wi-Fi environment?

Reading the Cisco document the conclusion seems obvious: the iPhone
implements RFC 4436 unicast ARP packets which cause the problem.

I don't have an iPhone on hand to test this and make sure, though.

The difference between an iPhone and other devices (running Mac OS
X?) that do the same thing would be that an iPhone is online while
the user moves around, while laptops are generally put to sleep prior
to moving around.