How the iOS 10 Update Engulfed Our Corporate WiFi
by Alec Pinkham Alec Pinkham on

The latest in mobile operating systems from Apple—iOS 10—hit virtual update shelves today. What it means for consumers is clear: new features as well as updated core apps like Maps and Messaging. What it means for wireless networks in your office is a different story.

The Lowdown on the Update

Weighing in at over 1GB, the update will send ripples around the globe as coffee shops everywhere are full of people looking up all of a sudden wondering if they should try this eye-contact thing they’ve heard so much about. If you’ve missed the hype or don’t want to click that link, then here is a high-level overview of the newest things for iOS.

  • Messaging gets a SnapChat-like overhaul with emotes, full-screen animations and a touch-to-script option where you can practice your credit card signature.
  • Richer notifications will provide more information and more customization for app developers.
  • Maps catches up slightly to Google Maps—but we all know who you’ll stay with.
  • Smart Home features finally come to the iPhone. While laggards in app technology, Apple certainly has some weight to throw around in the partner market.
  • Siri now opens apps.
  • Updates updates updates! From photos and music to news and Apple Pay, iOS 10 gets a number of new features (some limited by your phone version...looking at you, 3D touch).

The Dangers of Day One Downloads

Early reports indicate that the update has caused problems for some phones. In an informal survey of our office it seemed to happen to about 20% of people (including our CEO...sorry Matt! Please don’t fire me). They are stuck in a “Connect to iTunes” screen, and by all reports they are not alone.

Here’s hoping Apple fixes this soon!

How the Networks Are Responding

At 1pm Eastern, congestion may have set in. If you needed help troubleshooting why Salesforce is suddenly slow, or fantasy football waiver wires prevent you from picking up a replacement for Keenan Allen (injury) or Dez Bryant (poor performance. I’m not bitter), it’s probably due to the update. At AppNeta’s Boston headquarters, all personal devices are on the guest network, but we have a device running our FlowView product to identify and categorize the top apps utilizing capacity. To see how update-hungry our colleagues are, we took a look at our internal traffic before and after 1pm to see the effect of the newest iOS.

Boston HQ - Morning Traffic by Location Boston HQ - Morning Traffic by Location

This morning, all was quiet. With relatively small wedges for early Snapchat snaps and Instagram stories, the most active recreational apps are music streaming apps. Considering we’ve got internal Sonos systems and many with headphones, this is not atypical traffic for a Tuesday morning.

Normal Activity

To get a sense of our normal activity, I’ve pulled some from this morning where our traffic was actually a little high, 1.2 GB, with over 1.5 million packets transmitted within the hour window. Through FlowView’s sunburst chart, we can see that almost one-third is streaming media (via RTP).

Boston HQ - Morning Traffic by Category Boston HQ - Morning Traffic by Category

The Update Time Arrives: 1PM

With no delay, Apple delivered the update right on the hour, and it was immediately clear that I wasn’t the only one tempted by the shiny new version of iOS. Within a few minutes the total traffic of the guest network throughput spiked from 20 Mbps to over 150 Mbps as the downloads commenced. Within an hour of the update, we had just under 26GB of downloaded data.

Top Applications and Protocols Top Applications and Protocols

From 1pm to 2pm, the total packet download almost exceeded 25 million packets.

Boston HQ - Afternoon Traffic by Location Boston HQ - Afternoon Traffic by Location

At first glance, it appears that our Apple traffic matches the normal TCP traffic. While impressive on its own, the Top Application view presented earlier exhibits a spike in both Apple update traffic and TCP traffic. It’s a striking coincidence...or perhaps not. Troubleshooting this issue is pretty easy with FlowView. Looking at the Top Hosts instead of the Top Applications, we can see the following:

Top Hosts Top Hosts by Number of Packets Downloaded

Ignoring the 192.168.150.X/XX addresses for internal traffic, let’s look at the top four there. A little bit of crafty Googling tells us the addresses are actually Apple infrastructure for downloads. So Apple updates are streaming through as unrecognized TCP traffic and Apple update traffic. Based on the Top Hosts table, it appears that the packets originating from Apple-controlled sources represent about 68% of all TCP traffic.

Boston HQ - Afternoon Traffic by Category Boston HQ - Afternoon Traffic by Category

Reviewing the FlowView sunburst chart by categorization, we can see 35% of the 27.5GB (updated just before posting) is dedicated to Apple-related file transfer. TCP traffic contributes another 38%. Combining what we know from the Top Hosts at the same time indicates that almost 70% of that TCP traffic is also dedicated to Apple-related data. The end result is that over the 1pm to 2pm hour at AppNeta, Apple downloads contributed 16.5GB of data transfer to our guest network. That raises a number of questions.

Key Questions Answered

  1. What if we didn’t know this was coming?

This could have taken us completely by surprise. Most IT departments are in tune with this kind of update and many take proactive approaches to mitigate this type of download frenzy during the day. But if we didn’t know this was imminent, we may have spent a while troubleshooting the problem to isolate the spike instead of easily categorizing or limiting the traffic.

  1. What if we didn’t have a dedicated network meant for mobile devices?

The effects of this could be widespread. It would have congested our network with non-business related traffic and potentially eaten up valuable resources from business-critical apps like Salesforce. This was an isolated test for us because the worst thing it can slow down is Snapchat, but the effect is clear.

  1. And finally, how else would we have been able to so quickly identify what streams were responsible for this spike outside of FlowView’s application identification?

The answer is that we wouldn’t be able to classify these without the help of FlowView. The reason is simple: iOS updates aren’t that common. In fact, major ones happen only a few times a year. So if the applications you’re tracking don’t include Apple’s update, then you might miss some of this traffic, or worse yet have it relegated to the “other data” pile. We’ve also seen that the TCP category hid a significant amount of update-related traffic.

That’s all for now. Good luck to Apple on 10.0.1!

Filed Under: Company News, Industry Insights, Networking Technology

Tags: Apple iOS update , FlowView , network monitoring , network traffic , WIFI