Was curious if someone with a bit more packet capture / debugging knowledge might be able to more solidly identify the actual issue occurring here. I've got a user connected to Cisco 3650 switch from an iMac running High Sierra (10.13.2). Due to garbage Brother printer drivers that can't do scanning if the printer is on a different ipv4 subnet from the computer, this particular Mac is using the built in gigE port with networking set to off. Then, via Network -> Manage Virtual Interfaces, two VLAN tagged virtual interfaces have been added, one on the printer vlan with ipv4 but no gateway, and one on the normal computer vlan with traditional dhcp and default gateway being assigned. Computer is able to talk to both networks without issue.
Computer was upgraded to high sierra around whenever it came out, no obvious consequence, everything seemed to work as it had before. It was recently noticed that no matter what was attempted, the Apple photos.app could no longer sync with iCloud. It is able to determine how many photos need to be synchronized, but no synchronization occurs.
The issue made it to the networking side after no one from apple or desktop support could figure out what was going on. I found an odd post about someone having this issue and flipping to wifi resolved it. Okay let's try it, wifi on, hey, photos start coming down instantly. Well that's weird.
I put Wireshark on the system and noticed that traffic to/from the 17.0.0.0/8 apple network will seem to be successful, tcp sessions get established to 443, some data flows (I assume just the part which determines what needs synchronization), then the connection goes mostly idle for a while followed by a bunch of tcp resets, then it all repeats again. There will be some out of order packets sprinkled about.
I change the switch port back to access mode, dump the virtual interfaces, issue goes away. I got out a MacBook Pro running same OS, set up a thunderbolt gigE NIC dongle to tagging, connected it to a tagged switch port, same exact issue occurs, so at least it's reproducible.
I haven't begun looking at the packets on the firewall side yet but that's my next step. Firewall is Fortigate doing plain NAT, nothing exciting. I did consider perhaps MTU issue and lowered it, but same issue occurred. Large file copies to/from iCloud drive are not impacted or running slower than they should, it's strictly the photos app syncing. Only thought so far is that photos is somehow having control of the network stack at a level it shouldn't, for reasons unknown, and not behaving itself if the interface is tagged / virtual. Wireshark on the en0 interface seems to reflect some tcp traffic that is not being tagged, which should also not be occurring, so perhaps photos is somehow causing the Mac to send untagged packets to a tagged port while every other app doesn't, and only for the image data sync.
No comments:
Post a Comment