We have several iPads, locked down using an MDM where users use a web clip to open Safari, which opens our site, and a real time two way video runs.
Unfortunately, in many office environments, the video stream seems to fail intermittently. In review with the network team addressing the usual suspects, like bandwidth, latency, etc, we found something unusual.
We found network traffic which may be iCloud Private Relay - However the iPads are locked down not allowing iCloud login, and we do not have iCloud plus subscriptions, whish is a prereq for this feature. Interestingly, most traffic from the iPad, including our app do not appear to be using the relay. Client security policy is to block QUIC and private relay. See Allow for network traffic audits.
The iPad reaching out using QUIC (UCP/443) to 5 addresses.
- 17.248.254.101
- 17.248.354.103
- 172.224.75.4
- 172.224.75.6
- 172.224.75.9
Of course we know Apple controls the 17.0.0.0/8 network, and some quick research shows 172.224.75 is a part of Akami's network, commonly used by Apple.
There are nearby egress ranges on Akami associated with Apple Private Relay.
The documents here do shed some light, but not definitive that this is iCloud Private relay. We reviewed several Apple articles, and these were the closest match: https://support.apple.com/en-us/HT210060 https://support.apple.com/en-us/HT202944
Since we do not have iCloud let alone iCloud Plus, we cannot follow this article's steps to disable iCloud Private relay. we're on iOS 15.5 in iPads gen 6 through 9.
Can we confirm what this traffic really is? If it is iCloud Private relay, Why is it being invoked without a subscription? is there any additional means of controlling it?