I turned iCloud Photo Library on this week. We have close to 250 GB of photos, videos in several different computers and mobile devices. You might have guessed it: it flooded our network since our outbound internet peaks around 6 Mbs (realistically). I needed to do something.
I have at home a Meraki MX65 and a MR42 (Thanks Dağhan 😉 ) They give great visibility and control over our home network. I can easily pinpoint where the problem is and take actions. Here is a great chart that shows how the nature of our traffic changed on Sep 24 after turning iCloud Photo Library on. (See the light blue? That’s increased upload!)
One of the easiest way to slow this traffic down is to shape it with Meraki Traffic Shaping rules. This document talks about in detail how to do this. However the iCloud settings in the canned traffic shaping rules is only related to backup and doesn’t work with iCloud Photo Library traffic.
Meraki allows you to do application layer or layer 3 traffic shaping. Since the traffic is encrypted, the application layer traffic shaping was not an option. For layer 3, I needed the IPs that the Photos app was talking to. Since Apple owns the entire 18.104.22.168/8, it’s always an option to craft your rule using the entire class A subnet. However that wouldn’t be “elegant” 🙂 So let’s do some tcpdump exercise.
iMac:~ user$ sudo tcpdump -i en1 -n -c 1000 ip and net 22.214.171.124/8 | grep '>'| cut -d '>' -f 2 | cut -d "." -f 1-4 | grep 17\. | sort | uniq -c
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 262144 bytes
1000 packets captured
2120 packets received by filter
0 packets dropped by kernel
What this tells us is that we captured 1000 packets and looked for all the ones that has “17.” in it, and counted them. In total 647 packets were transmitted to 126.96.36.199. Also it’s on port 443 only.
I did a similar packet dump for 10K packets. Which revealed that the sync between Photos app and iCloud is always happening on subnets: 188.8.131.52/16 and 184.108.40.206/16 on port 443. (There might be a more specific subnet, but this was enough for me to start with)
Let’s apply this to Meraki MX65 traffic shaping rules. In this rule below my upload limit per client is 1.5 Mbps. Depending on how many clients you have and your upload speed, you can come up with something more suitable for your network.
In order to figure out how to define these in Meraki, please follow the instructions in the previous doc that I linked.
Et Voilà! You got your home network back 😉