Thursday, 4 May 2017

Apple and Unifi

Quick update...

I have seen this on the MacBook as well as the iPhone.

Still bugs me at home reading twitter in the bath. Switch changes not helped.

Symptoms are device thinks connected to (strong) wifi but unifi APs say not. Happens even with no DHCP involved. Happens between devices on same IP so not switch related!

I did the dump on all channels of the APs and showed the Apple device not trying to send anything.

Seems to be triggered by IPv6, and that means commonly FireBrick but not always by any means and a few people saying they have seen the same even not using Unifi!

So may be totally Apple borked.

9 comments:

  1. What wireless kit does definitely work ok with Apple, according to Apple? Any idea what they claim? Or what they have tested with? A question for them of course, not really for yourself, but I just wondered if you had discovered anything. I have never had any problems at all with Apple iOS kit and ZyXel NWA3560 WAPs (on 5GHz) with IPv6+IPv4, Firebrick, DHCPv4 (effectively static though, fixed DHCPv4 mappings) and no NAT at all. However I'm not a good test because things tend not to roam, because they don't need to, as the different WAPs are located too close together. WAPs share the same SSID so devices should be expected to roam as I understand it.

    ReplyDelete
  2. Might be an interesting idea to publish the pcaps showing the roaming failure. Make sure they are sent to UBNT as well, etc.

    ReplyDelete
    Replies
    1. We have not captured a roaming failure, having failed the papa show nothing from the phone at all, so nothing to send them. I have told them this. Have devices on each AP running monitor mode all day would be only other option.

      Delete
  3. Just dodgy Apple firmware/driver then? That wouldn't be a total shock; for months I had huge latency spikes, but things have improved dramatically since one of the recent macOS updates. (It seemed things were much worse when the link was idle, so maybe overzealous interrupt mitigation? No packet loss now, at least, and only 2% of local pings over 300ms.)

    A bug somewhere in the IPv6 offload code would explain a lot, I think: some corner case where it can end up: full buffer, but no interrupt to drain it?

    ReplyDelete
  4. I think its Apple as this happens on Sky's Q system - and Sky is ipv6 enabled. It does also happen on ipv4 mesh/roaming systems from a quick google.

    Apple does a lot of stuff "their way" - I suspect the MAC address randomisation may be a large part of it for many reports as it roams between APs.

    Not entirely clear whether Adrian ran a dump on the "iDevice" from post. Is the apple device sending anything at all?

    ReplyDelete
    Replies
    1. I have caught an iMac doing it, but did not get a dump from its point of view and have not seen again, sadly. I am not sure I have a means to from the iPhone. I was dumping monitor mode on each channel whilst trying to get iPhone to talk.

      Delete
    2. I think if you look at earlier threads on this subject (weeks ago) someone posted a way to capture dumps on the iPhone without rooting it. No idea if its valid or not but assuming it is...

      Not sure about whether you could filter the dump appropriately to limit it to access point MAC address changes (roaming) though as the raw dump 24/7 will be somewhat excessive on a phone with no SD expansion and dumping over wifi to local storage may change the failure mode on IP.

      Delete
  5. I'd recommend you just shell out a bit of money and get some Ruckus R500s second hand and put unleashed on them instead. I think ruckus has a lot more proprietary RF magic that pretty much all other vendors lack. They excel with lots of users (but are still amazing with just a few) and where there is lots of interference. Cost a lot more money, but will work pretty flawlessly. Since I've started dealing with Ruckus stuff, I feel that UniFi is shoddy and unreliable, it feels like their stuff is never quite finished, and will do funny things in comparison but I guess as with anything, you get what you pay for! If you're happy with N wireless, get bunch of 7372s and a cheap zonedirector 1100 off ebay, you'll have to get lucky to get one at a decent price tho. If you only want 2 or 3, having them standalone with the same settings will work ok. The Ruckus stuff has forced handover and I've also noticed at long range that other stuff will get a signal but be useless whereas the ruckus will give you something. Get some in your life and I think you'll be suitably impressed. (FYI I don't work for Ruckus, or a reseller!)

    ReplyDelete
  6. I updated my controller to latest beta (5.6.7) and noticed the connected / not connected issue straight away. Downgraded back latest stable and all working fine. Running iOS 11.

    ReplyDelete