Thanks To iPhone, Cisco Bugs Are Brought To Light

Cisco posted today a security advisory that addresses ARP broadcast stormissues that just over a week ago were made spotlight'by Duke University butreceived significant media attention because it involved Apple's new iPhone.The security advisory rounds up three ARP-related bugs (only one of whichwas accessible from a regular customer's CCO account, immediately followingthe posting, but they now all point to the advisory) and provides rathershort description of the circumstances in which these ARP Storms couldoccur. The bugs relate to either inter-controller roaming events or ARPpacket processing by the WLC (Wireless LAN Controllers), one of whichalready had a workaround.

The question some may ask is: if this was an issue, why only now, and thistime with the iPhone? Well, one of the issues was related to a fix that wasmade in Wireless LAN Controller software version 4.1. But moreinterestingly, what's unique about the iPhone is that it is the first trulymobile mass-consumer Wi-Fi device. Most wireless use is nomadic: the laptopor table PC is powered on at a specific location, used for a time, and thenhibernated or shut down again. Even those who do use Wi-Fi in a trulymobile fashion, such as in healthcare, likely restrict their movement withinthe context of one wireless controller. An always-on Wi-Fi device, such asthe iPhone, could associate to many APs and through different controllers ina single day. One of the major benefits of controller-based solutions isthat clients can enjoy session persistence across the entire network, nomatter which access point, controller, or subnet the access point orcontroller may be on. That functionality, though, is rather involved, andfor anyone who is familiar with Mobile IP, there is considerable complexityassociated with extending the original network from the home device on tothe foreign device. Because few organizations can build their entirewireless service on one AP or one controller, vendors must build theircontrol layer (of which client state maintenance and Layer 3 roaming supportare just two factors) to work between APs (as is the case with Aerohive) orcontrollers (as is the case with most of the vendors).

So the iPhone played a part only by bring to light existing bugs in Cisco'sproduct. And this incident points out that usage of wireless networkshasn't been as mobile as organizations would think, or that vendors mightsuggest. As students, employees, visitors, and consumers begin to use Wi-Fiin a truly mobile fashion and on a greater scale, more mobility-related bugswill come to light.

The good news for Cisco customers is that a software fix for the 4.1 trainis available now and for 4.0 and 3.2 by Friday, July 27.