Tag Archives: apple

iCloud Photos, Meraki and Traffic Shaping

I turned iCloud Photo Library on this week. We have close to 250 GB of photos, videos in several different computers and mobile devices. You might have guessed it: it flooded our network since our outbound internet peaks around 6 Mbs (realistically). I needed to do something.

I have at home a Meraki MX65 and a MR42 (Thanks Dağhan 😉 ) They give great visibility and control over our home network. I can easily pinpoint where the problem is and take actions. Here is a great chart that shows how the nature of our traffic changed on Sep 24 after turning iCloud Photo Library on. (See the light blue? That’s increased upload!)

One of the easiest way to slow this traffic down is to shape it with Meraki Traffic Shaping rules. This document talks about in detail how to do this. However the iCloud settings in the canned traffic shaping rules is only related to backup and doesn’t work with iCloud Photo Library traffic.

Meraki allows you to do application layer or layer 3 traffic shaping. Since the traffic is encrypted, the application layer traffic shaping was not an option. For layer 3, I needed the IPs that the Photos app was talking to. Since Apple owns the entire 17.0.0.0/8, it’s always an option to craft your rule using the entire class A subnet. However that wouldn’t be “elegant” 🙂 So let’s do some tcpdump exercise.

iMac:~ user$ sudo tcpdump -i en1 -n -c 1000 ip and net 17.0.0.0/8 | grep '>'| cut -d '>' -f 2 | cut -d "." -f 1-4 | grep 17\. | sort | uniq -c 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 262144 bytes
1000 packets captured
2120 packets received by filter
0 packets dropped by kernel
 647  17.248.128.44

What this tells us is that we captured 1000 packets and looked for all the ones that has “17.” in it, and counted them. In total 647 packets were transmitted to 17.248.128.44. Also it’s on port 443 only.

I did a similar packet dump for 10K packets. Which revealed that the sync between Photos app and iCloud is always happening on subnets: 17.248.0.0/16 and 17.188.0.0/16 on port 443. (There might be a more specific subnet, but this was enough for me to start with)

Let’s apply this to Meraki MX65 traffic shaping rules. In this rule below my upload limit per client is 1.5 Mbps. Depending on how many clients you have and your upload speed, you can come up with something more suitable for your network.

In order to figure out how to define these in Meraki, please follow the instructions in the previous doc that I linked.

Et Voilà! You got your home network back 😉

Mac OS X pkg files

PKG FilesSometimes you need to see what’s inside of that pkg file. But you also don’t want to install it. You just want to take a look at the files in it before installing it. Well, here is how to do it:

PKG files usually come in a DMG image. First mount that file by double clicking on it. Then open a Terminal window and go to the folder where it’s mounted. (Look under /Volumes)

Once you are in that folder you will see a file with a .pkg extension. Let’s say it is called Foo.pkg. Copy that file in a folder, I’ll copy it to /tmp.
cp Foo.pkg /tmp
cd /tmp

Mac OS X has a utility called pkgutil. You can do a ton of stuff with it, so check the manual page. (man pkgutil) But for our exercise we will just use it to expand the pkg file.
pkgutil --expand Foo.pkg /tmp/foo_package
cd /tmp/foo_package

This will open the pkg file to a flat structure. You will see some files and folders like Distribution, Resources, Foo.pkg. Go ahead and cd in the directory Foo.pkg:
cd Foo.pkg

In there you will several files. The important ones are Bom, Payload and PackageInfo:

Bom:

This file is called Bill of Materials. It describes what is in this pkg file and where they will be written to. If you will not do file/binary analysis of the contents of the pkg file and you want only to see which files will be written where, this is your file. You can also use this file’s contents to remove the package completely. (I leave this exercise up to you)

Bom is a binary file and there is a tool to list its contents: lsbom. (man lsbom for usage) Basic usage would be:
lsbom Bom

This will print file/directory structure of the contents on the screen.

Payload:

This is the file that contains all the files and directories in this pkg file. It’s a gzipped archive file.
$ file Payload
Payload: gzip compressed data, from Unix
$ mv Payload foo.gz
$ gunzip foo.gz
$ ls
foo

This will give you a file called foo. Now you need to use cpio to extract that archive.
$ cpio -iv < foo
.
./System
./System/Library
./usr
./System/Library/LaunchAgents
./usr/bin
......files files files.......
50002 blocks
$ ls
System foo usr

In my case it unarchived two folders called System and usr.

No you can go and browse these directory to find files you are looking for. Have fun 😉