You are here

Apple network issues

Printer-friendly versionPrinter-friendly version

This page concerns the implementation in some versions of Apple's network stack of some misfeatures related to their sleep proxy. This can sometimes be turned off on Macs; it's not clear if it can be on their other products. It also cautions against inadvertent enabling of DHCP service behaviour.

The sleep proxy code impersonates other machines on the network. It does this as a way to allow them to be put to sleep while giving the appearance that they are still live on the network. The impersonating machine fields the traffic for the sleeping machine, wakes it up, then forwards the traffic until the other machine identifies itself on the network again, at which point traffic goes directly to it until it is again impersonated.

This might be fine in a domestic or other small-scale setup. On a network such as ours, where machines are required to use only addresses explicitly assigned to them, for security and reliability reasons, it sets off alarms.

Users should also be careful not to enable any kind of DHCP service on their machines. This can interfere with our central DHCP provision, and may result in a loss of service for other users.

These are not just issues for us. Other sites have noted the same problem (for example Princeton). Turning off Apple "internet sharing" is supposed to disable the sleep-proxy behaviour on MacOS, though reboots may be necessary as well. It is not clear how (or indeed whether) the behaviour can be disabled on other Apple products.

The Informatics network will attempt to defend against such behaviour, which may result in a reduced service for misbehaving machines. In addition, users are reminded that self-managed machines which cause problems for others may be disconnected from the network following School policy until their managers manage to fix their behaviour.

Last reviewed: 
12/04/2016

System Status

Home dirs (AFS)
Network
Mail
Other services
Scheduled downtime

Choose a topic