[c-nsp] Apple Mac + iPhone = strange network loop?
I wonder if anybody else have seen this problem. In the past two weeks we've had two cases where a tethering between a MacBook and an iPhone have resulted in some strange loop on the network. It seems that the users have setup some kind of network connection sharing between the iPhone and the Mac. I don't know Macs well enough to know exactly how it works, but it looks like some NAT thing. It also looks like the Mac uses a wired connection and the iPhone uses a wireless connection to the same L2 network. On the gateways (running HSRP) we then see this: 002660: May 21 09:16:50.426 CEST: %HSRP-4-BADAUTH: Bad authentication from 10.100.0.134, group 22, remote state Standby It turns out this (10.100.0.134) is the IP address of the MacBook. Capturing the traffic, we can see that it is exactly the HSRP hellos, but just with the IP address replaced, a la NAT. Without HSRP authentication (we tried that too!) it actually steals the primary role, i.e. when it reflects the primary router's hello the two real routers assume a Standby role. It doesn't cause broadcast loops or anything, so it seems to only forward/bridge unicast packets. Apart from telling people not to connect their wonderful Apple devices in this way, what can we do? :-) -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Apple Mac + iPhone = strange network loop?
On 5/25/10 8:28 AM, Peter Rathlev wrote: 002660: May 21 09:16:50.426 CEST: %HSRP-4-BADAUTH: Bad authentication from 10.100.0.134, group 22, remote state Standby It turns out this (10.100.0.134) is the IP address of the MacBook. Capturing the traffic, we can see that it is exactly the HSRP hellos, but just with the IP address replaced, a la NAT. Without HSRP authentication (we tried that too!) it actually steals the primary role, i.e. when it reflects the primary router's hello the two real routers assume a Standby role. It doesn't cause broadcast loops or anything, so it seems to only forward/bridge unicast packets. Apart from telling people not to connect their wonderful Apple devices in this way, what can we do? :-) Make sure that you use HSRP authentication everywhere. Have the Apple customers open bug reports with Apple, and suggest that they mention Cisco HSRP protocol conflict in their reports. Be prepared to wait a while for Apple to realize the issue, do regression testing, and roll it out in their next updates. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Apple Mac + iPhone = strange network loop?
On Tue, 2010-05-25 at 12:15 -0400, Alex Moya wrote: Peter I do not believe that the mac is causing this issue unless there is some software running on the MAC that is telling it to create a HSRP session. I would look at that first. When we first saw it, we thought the Mac was deliberately trying something nasty, but when we talked to the user (and his IT guy) no-one could find anything wrong with the Mac. The only thing that stood out was the tethering. It doesn't seem to be HSRP-specific, since it simply replaces the IP address in the IPv4 header and nothing else. This might be a general multicast thing, I will try to test that. (Of course we don't have any Macs to test with, so we'll have to test on the live network. :-)) -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
