Community discussions

MikroTik App
 
petterg
Member Candidate
Member Candidate
Topic Author
Posts: 230
Joined: Wed Sep 16, 2009 2:55 pm

Apple devices flooding DHCP server

Wed Jan 09, 2019 5:33 pm

At a customers site, a week ago, log started to show lots of
dhcp-lan client xx:xx:xx:xx:xx:xx declines IP adress 172.18.11.xx
there were several of these entries every second during business hours. The problem was reported as windows users got a message telling their ip was already in use. Well, no wonder they were used, considering the number of dhcp requests. The DHCP scoop was simply filled, even though there was 240 addresses in the dhcp scoop, and only 50ish devices on site. There were several entries in dhcp lease table telling that mac-address 00:00:00:00:00:00, client ID [empty] is assigned to a bunch of ips, with the status "busy". Normally dhcp lease status is "bound".

Tracking down the mac-addresses revealed one macbook pro and a bunch of iphones.
The owner of the macbook and a iphone had a look at his home router log (an ubiquiti router) and found that his devices did the same thing at home.

So we requested all iphone owners to forget the lan-wlan, restart their devices, and connect to guest-wlan. So they did, and the problem went away.

Now we wanted to figure out what this was all about. We put 3 iphones on lan-wlan, and all looked good - for about 3 hours. Now the same problem occurred again. DHCP is flooded with requests, filling all available addresses.
The macbook is creating problems as soon as it is connected to lan. It doesn't matter if it uses wlan or cable - same problem. As soon as it connects to lan, it sends a lot of dhcp requests. It doesn't do this when connected to guest network - neither wlan or cable.

Lan-wlan and guest-wlan are two vlan. They uses the same switches, the same APs (6x wAP ac managed by capsman). Router is a rb3011. The two vlans are identically configured, except for the obvious (different vlan id, different ip range, and different switch ports for untagged traffic). In capsman the lan-wlan is primary configuration, while guest-wlan is secondary.

Any ideas how to debug this?
Has apple released some updates lately that could cause issues?

Edit: Arp is set to 'enable' on all interfaces. (I've read that proxy-arp may cause issues with apple devices and dhcp)
 
User avatar
bramwittendorp
Member Candidate
Member Candidate
Posts: 101
Joined: Thu Jun 16, 2016 3:48 pm
Location: The Netherlands
Contact:

Re: Apple devices flooding DHCP server

Wed Jan 09, 2019 8:07 pm

I have a lot of Apple Gear, and haven't seen the problem so far. I think it is caused by the devices in question, but not due to some widespread issue, but rather to the individual device.

I found the following topic in the Apple Forum: https://discussions.apple.com/thread/8193574

Maybe the suggestion there help you? Or try updating the cliënt to latest version of macOS and iOS. I know certain that the latest version don't cause similar issues.
 
eddieb
Member
Member
Posts: 322
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: Apple devices flooding DHCP server

Wed Jan 09, 2019 8:45 pm

same here, running ROS 6.43.8.
lots of Apple devices, all on dhcp.
Works as expected, no flooding seen here.
 
petterg
Member Candidate
Member Candidate
Topic Author
Posts: 230
Joined: Wed Sep 16, 2009 2:55 pm

Re: Apple devices flooding DHCP server

Wed Jan 09, 2019 8:54 pm

Well. Disable DHCP server and force everyone to set static ip will be a way to get around DHCP issues. Though, it will case quite a bit of other problems when dealing with users without technical knowledge.
The strange thing is that this turned up as an issue with so many devices at once. Network equipment has not been altered for months. They don't get automatic updates. So why should this happen to a bunch of units at the same day? I suspect an automatic update within the world of apple.
 
Van9018
Long time Member
Long time Member
Posts: 558
Joined: Mon Jun 16, 2014 6:26 pm
Location: Canada - Abbotsford

Re: Apple devices flooding DHCP server

Thu Jan 10, 2019 2:48 am

Have you tried using a different Mikrotik to rule out the Mikrotik as the problem? Disable the DHCP Service, try obtaining an IP. Is there another DHCP service on the network?

In Winbox, capture packets with Tools > Packet Sniffer. Save packets to a file. Let the problem happen for a minute. Stop the capture, copy the file to your PC. Open it with Wireshark. A single DHCP transaction should have 4 packets.
1. The Discovery is your client looking for DHCP Servers on the network. There should only be 1.
2. The Offer is your mikrotik offering an IP. If a lease for that MAC already exists, I think the Mikrotik will offer that same IP.
3. The client will then deny or request the IP. If denying, maybe the client detects an IP conflict however RouterOS detects conflicts too and skips bad IPs.
4. The Mikrotik will then acknowledge that the client accepted the IP.

Run a packet capture on a problem client. Still getting all 4 packets there?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Apple devices flooding DHCP server

Thu Jan 10, 2019 8:13 am

@petterg

This is how Apple devices work. I do guess that you have an open wifi network with a portal login?
If so, all Apple devices that passing trough and see the open wifi network will try to connect to call home.

I am in charge of a governmental guest network with around 4000-5000 wifi points. At any given times there are around 1500 users.
Problem is that for example a buss stopp is close to our building, so all iPhone in the buss connects to our network.
Due to this I have a DHCP lease time on only 5min. If not I will quickly run out of DHCP IP.

Look at Captive Portal for Apple
https://discussions.apple.com/thread/7491051
 
petterg
Member Candidate
Member Candidate
Topic Author
Posts: 230
Joined: Wed Sep 16, 2009 2:55 pm

Re: Apple devices flooding DHCP server

Thu Jan 10, 2019 9:43 am

This is an office network in a building where walls and windows are so thick that there are no wifi coverage on the balcony, Even with the AP just inside the window. Wifi is WPA2-PSK.

Apple devices has not behaved this way before.

I have not tested another mikrotik, but the customers network admin has tested with ubiquiti at home, seen the same thing using his iphone and macbook.

There was no other DHCP server on the network yesterday. I've setup an alert on the mikrotik dhcp server to see if another dhcp server shows up occasionally.

I'm leaning towards this being a bonjor sleep proxy running on some apple device.
https://en.wikipedia.org/wiki/Bonjour_Sleep_Proxy
How can I detect where that service is being run?

This is interesting reading aswell http://10base-t.com/bonjour-sleep-proxy-service/
 
petterg
Member Candidate
Member Candidate
Topic Author
Posts: 230
Joined: Wed Sep 16, 2009 2:55 pm

Re: Apple devices flooding DHCP server

Fri Jan 11, 2019 7:59 am

We've identified one macbook that seemed to be the cause of this issue. Disconnected it from wlan - problem went away. Reconnected it - problem came back. Rebooted that mac - problem is gone. At least for now.

This device got identified because the user complained that wlan only worked in her office - nowhere else in the building. This site has 6 APs. As mentioned this building has extremely thick walls. Wifi signals can go through one interior wall, but not two walls. It can't get through the outside walls at all. So this mac had some issue where it could connect only to one of those 6 APs. Reboot solved this issue as well as it seems to been the cause of why all iphones and macbooks was declining all DHCP offers.
 
Dalo
just joined
Posts: 5
Joined: Thu Jan 11, 2018 11:14 pm

Re: Apple devices flooding DHCP server

Thu Apr 30, 2020 7:44 pm

We faced similar issue with running out of available IPs from the pool by mac-address 00:00:00:00:00:00 and also "IP declines" "conflict" by many iphones, but not Laptops from different brands (weird).
In the local router we have a bridge that is set to proxy-arp because we have many VPN tunnels to remote locations.
To reduce the history, after many hours of investigation we realized that we have one EOIP tunnel in the bridge of the local router connected to a remote router, at the remote router we had the other side of the EOIP into another bridge too that has the setting of proxy-arp. That caused the problem, we changed the remote router EOIP bridge to ARP enable only, and that solve the issue for all the devices. In the local router all the devices including Iphones took their IP almost immediately after the change at the remote router.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19102
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Apple devices flooding DHCP server

Thu Apr 30, 2020 8:18 pm

@petterg

This is how Apple devices work. I do guess that you have an open wifi network with a portal login?
If so, all Apple devices that passing trough and see the open wifi network will try to connect to call home.

I am in charge of a governmental guest network with around 4000-5000 wifi points. At any given times there are around 1500 users.
Problem is that for example a buss stopp is close to our building, so all iPhone in the buss connects to our network.
Due to this I have a DHCP lease time on only 5min. If not I will quickly run out of DHCP IP.

Look at Captive Portal for Apple
https://discussions.apple.com/thread/7491051
Runs for the hills....................... Hint: Put a password on that guest wifi and busstop users wont be able to login. ;-P
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Apple devices flooding DHCP server

Thu Apr 30, 2020 8:23 pm

Runs for the hills....................... Hint: Put a password on that guest wifi and busstop users wont be able to login. ;-P
Not as easy as it sounds. User now help them self and authenticate using SMS. If there is a password, users need to have a way to know the password.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19102
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Apple devices flooding DHCP server

Thu Apr 30, 2020 11:01 pm

Runs for the hills....................... Hint: Put a password on that guest wifi and busstop users wont be able to login. ;-P
Not as easy as it sounds. User now help them self and authenticate using SMS. If there is a password, users need to have a way to know the password.
Guests are inside the building, there can be a sign or signs............ It can be changed weekly or daily.
Not that hard if one is organized! ;-P

Or you could go all out - Alternative Approach
See Jotne for WIFI Password, sexual favours accepted!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Apple devices flooding DHCP server

Fri May 01, 2020 8:46 am

I do agree that it can be done.
But around 100 buildings, 2-30 doors to enter in every building, it would be some mess to update :)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: Apple devices flooding DHCP server

Fri May 01, 2020 11:53 am

Look into a digital signage solution... :-)
But seriously, when you run out of DHCP address space you will have to do something, and setting a very short lease time usually will not work because some (Apple!!) devices will not accept a lease with a short duration. I would not dare to go below 1h for a lease time on such a large network.
Using a large subnet (so you can have many addresses in the pool) is not so good either, because you will invariably encounter those apps and other programs that "just scan the entire IP space to find their friends (peers, devices, whatever)" and it will cause a lot of broadcast traffic due to the ARP requests...
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Apple devices flooding DHCP server

Fri May 01, 2020 12:46 pm

I was thinking of blocking Apple devices ;)
 
xbliss
newbie
Posts: 26
Joined: Fri Apr 07, 2017 2:42 pm

Re: Apple devices flooding DHCP server

Sun May 10, 2020 2:19 pm

So I turned the IP assigned to my iPhone to Static DHCP on Router.
Disabled WiFi & Enabled. It wont connect.
Even removed the WiFi by using Forget Network on iPhone. Still no go.

Whats with this attachment to previous IP?

Who is online

Users browsing this forum: jamesperks, Michiganbroadband, patrikg and 85 guests