nanog mailing list archives

Re: Apple devices spoofing default gateway?

From: "Curtis, Bruce" <bruce.curtis () ndsu edu>
Date: Fri, 15 Mar 2019 03:05:12 +0000


We are running 8.5 and 1815s and I don’t think we are seeing this problem.

We do have a very small number of 1810s and did see some strange behavior but it doesn’t seem to match this problem 
description.

Is proxy arp disabled on the default gateway device?  That could potentially interact strangely with the features 
mentioned in earlier posts and mentioned below.

On Mar 14, 2019, at 4:40 PM, Simon Lockhart <simon () slimey org> wrote:

On Thu Mar 14, 2019 at 04:19:04PM -0500, Jimmy Hess wrote:

Apple's Bonjour protocols include something called Apple Bonjour Sleep Proxy
for Wake on Demand ---  When a device goes to sleep,  the Proxy that runs on
various Apple devices is supposed to seize all the IP and MAC addresses that
device had registered, so it can wait for an incoming TCP SYN, (and if one's
received,  then signal the sleeping device to wake up and process the
connection.)


That's a very interesting observation - when we talk to the users of the
Apple devices, they quite often say that the device was 'asleep' when it
was sending these 'spoofed' ARP responses.


The "Information About Passive Clients” section of this document

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/wlan_interfaces.html

says:

"Wireless LAN controllers currently act as a proxy for ARP requests. Upon receiving an ARP request, the controller 
responds with an ARP response instead of passing the request directly to the client. This scenario has two advantages:

        • The upstream device that sends out the ARP request to the client will not know where the client is located.

        • Power for battery-operated devices such as mobile phones and printers is preserved because they do not have 
to respond to every ARP requests."


  Perhaps that function on version 8.5 is interacting incorrectly with the Apple Sleep Proxy feature on the Apple 
devices.

"When a sleep proxy sees an IPv4 ARP or IPv6 ND Request for one of the sleeping device's addresses, it answers on 
behalf of the sleeping device, without waking it up, giving its own MAC address as the current (temporary) owner of 
that address.”

https://en.wikipedia.org/wiki/Bonjour_Sleep_Proxy

https://discussions.apple.com/thread/2160614

(Or perhaps they wanted to have a feature to let someone  AirPlay from a
different VLAN than another device?)


Cisco Wireless does claim to have some features to 'help' Bonjour / mDNS
to work better. I wonder if one of those features is misbehaving.

Simon



---
Bruce Curtis                         bruce.curtis () ndsu edu
Certified NetAnalyst II                701-231-8527
North Dakota State University

Current thread:

Apple devices spoofing default gateway? Simon Lockhart (Mar 14)
- Re: Apple devices spoofing default gateway? Mel Beckman (Mar 14)
  - Re: Apple devices spoofing default gateway? Simon Lockhart (Mar 14)
    - Re: Apple devices spoofing default gateway? Mel Beckman (Mar 14)
    - Re: Apple devices spoofing default gateway? J. Hellenthal via NANOG (Mar 14)
- Re: Apple devices spoofing default gateway? Jimmy Hess (Mar 14)
  - Re: Apple devices spoofing default gateway? Simon Lockhart (Mar 14)
    - Re: Apple devices spoofing default gateway? Curtis, Bruce (Mar 14)