OIT filters AppleTalk traffic on the wireless networks operated by OIT. We began doing so in November-December 2010.
We do so because the multicast traffic from devices which still have AppleTalk enabled degrades wireless network services provided by OIT, while at the same time being unnecessary for the network functionality OIT supports.
AppleTalk is a legacy network protocol that was used in the past by Apple Macintosh computers, Apple printers, and other networked devices intended to interoperate with Apple's devices. It was primarily used to provide file sharing and printing services.
The protocol is no longer used widely; the Internet Protocol (IP) has supplanted it. In fact, Apple no longer includes support for AppleTalk in their operating systems and devices.
During 2004-2005, the University migrated remaining AppleTalk services to IP. During Summer 2005, OIT discontinued routing AppleTalk across the campus network. At that time, OIT ended support of any printing, file sharing, or third-party applications still depending on native AppleTalk protocols.
Although OIT does not route Appletalk traffic on the campus network, some devices still have the AppleTalk protocol enabled.
In most cases, we suspect that the owners of these devices do not realize that their devices still have AppleTalk enabled.
When such a device transmits AppleTalk traffic, the traffic still reaches that portion ("subnet") of the campus network to which the device is presently attached. It does not reach the entire campus network.
Although this AppleTalk traffic serves very little purpose on the campus network today, it can degrade network service in some circumstances.
This is because some of this AppleTalk traffic is multicast traffic. Much of this traffic floods the campus IP subnet to which the sender is attached. (It does not cross the router to other subnets.) The traffic consumes bandwidth on the subnet.
We have noted that on our largest wireless network, although the average rate of AppleTalk packets amounts to only 1% of the broadcast and multicast traffic packet rate, at time it spikes. We have seen such spikes nearly double the total broadcast and multicast traffic packet rate for short periods. This degrades service.
Given that AppleTalk is not longer supported on the campus network, and the AppleTalk traffic on the wireless networks degrades network performance, OIT filters AppleTalk traffic on the wireless networks provided by OIT.
Our AppleTalk filter discards traffic which specifies EtherTypes 0x80F3 and 0x809B.
OIT filters AppleTalk as the traffic enters each Wireless Access Point operated by OIT. The filter applies as the traffic arrives from each wireless client. As our newer wireless access points cannot perform EtherType-based filter in an effective manner, this filter is not entirely effective.
OIT also filters Appletalk at the campus network's core Ethernet switches; all buildings (or groups of buildings) are attached to these core switches. This filter is presently installed in such a way as to apply only to those networks supporting wireless services provided by OIT. This causes the filter to apply to traffic (for our wireless networks) as that traffic passes through the campus core on its way from one leg of the network to another. (In some cases, multiple buildings share a single connection to the campus core, so this filter doesn't affect traffic which remains within that group of buildings.)
It is possible that in the future, the filter installed at the network's core Ethernet switches might be expanded to also include the wired (non-wireless) networks.