Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Thanks To iPhone, Cisco Bugs Are Brought To Light

Cisco posted today a security advisory that addresses ARP broadcast storm
issues that just over a week ago were made spotlight'by Duke University but
received significant media attention because it involved Apple's new iPhone.
The security advisory rounds up three ARP-related bugs (only one of which
was accessible from a regular customer's CCO account, immediately following
the posting, but they now all point to the advisory) and provides rather
short description of the circumstances in which these ARP Storms could
occur. The bugs relate to either inter-controller roaming events or ARP
packet processing by the WLC (Wireless LAN Controllers), one of which
already had a workaround.

The question some may ask is: if this was an issue, why only now, and this
time with the iPhone? Well, one of the issues was related to a fix that was
made in Wireless LAN Controller software version 4.1. But more
interestingly, what's unique about the iPhone is that it is the first truly
mobile mass-consumer Wi-Fi device. Most wireless use is nomadic: the laptop
or table PC is powered on at a specific location, used for a time, and then
hibernated or shut down again. Even those who do use Wi-Fi in a truly
mobile fashion, such as in healthcare, likely restrict their movement within
the context of one wireless controller. An always-on Wi-Fi device, such as
the iPhone, could associate to many APs and through different controllers in
a single day. One of the major benefits of controller-based solutions is
that clients can enjoy session persistence across the entire network, no
matter which access point, controller, or subnet the access point or
controller may be on. That functionality, though, is rather involved, and
for anyone who is familiar with Mobile IP, there is considerable complexity
associated with extending the original network from the home device on to
the foreign device. Because few organizations can build their entire
wireless service on one AP or one controller, vendors must build their
control layer (of which client state maintenance and Layer 3 roaming support
are just two factors) to work between APs (as is the case with Aerohive) or
controllers (as is the case with most of the vendors).

So the iPhone played a part only by bring to light existing bugs in Cisco's
product. And this incident points out that usage of wireless networks
hasn't been as mobile as organizations would think, or that vendors might
suggest. As students, employees, visitors, and consumers begin to use Wi-Fi
in a truly mobile fashion and on a greater scale, more mobility-related bugs
will come to light.

The good news for Cisco customers is that a software fix for the 4.1 train
is available now and for 4.0 and 3.2 by Friday, July 27.

  • 1