Please read this and see if you can help with my problem

A question for some of you hardcore moto guys…

I have been running the Canopy system for the last 2 years just in the last couple weeks i have had a few problems.

1. I was getting huge network spikes every 15 seconds for about 5 seconds (ping 169.254.1.** would return on normal of 1-5ms but during spikes 400-complete packet loss). I spent 2 days dicking around with it…even had the tech support guys help me for hours at a time. The solution then was we had 1 customer who was I guess attacking the canopy network. After we took him offline everything went right.

2. in the last couple days I was seeing simular signs of a network attack, I have it narrowed down to about 70 customers off of one access point. I have taken some people off line that seemed to make the latency a lot less. However i would still see spikes all the way up to 13%loss of packets.

Does anyone know a fix for this or have seen simular activity?

Could it be worm? and if so is there any software i can buy to sniff and correct it over the Canopy network?

Any help on this would be awesome…Thanks

Also im using the 5.2ghz and on the site that i am having issues with there are 2 AP’s with a cmm and gps timing. checked the gps status and everything looks good.

Potential causes:

1. Virus on a machine of a customer
2. Worm on a machine of a customer
3. Spamming (aware or unaware)
4. FILE SHARING (sucking up all your bandwidth)

You say you have it narrowed down to 70 customers on one potential access point. I would suggest taking down that access point during a maintenance hour one night (assuming the customers won’t jump on another adjacent AP if the color codes are the same) and see if the packet loss disappears. Perhaps you already did this and that is how you determined it was possibly X number of customers on a certain access point.

If you have a Layer-2 or Layer-3 managed switch somewhere in your network that all incoming and outgoing traffic must pass through, most all of them have a feature called “port mirroring”. It allows you to pick a port on the switch that traffic passes through to get to the net, and make a copy of all the link-layer frames and send them to another port. For example, if you have Port #10 connected to a Fast Ethernet interface on a Cisco or similar edge router, and your laptop plugged into port #11, you could have all the traffic coming in/out of #10 copied to #11 for evaluation. You would need to download a packet sniffer (Ethereal - and run that on your computer to see what is going on. Ethereal is a great tool, very easy to use, and is FREE.

Once you have determined who is causing your problems, you can either filter outgoing packets via Transport-Layer protocol and Port number at the SM, or at the customer router if you own the equipment and if the device supports it.

We have had problems like this in the past, but it never caused actual packet loss, only high latency. It usually boiled down to file sharing. The hard thing about file sharing is trying to filter it. Most file sharing apps are configured to use a default port number to download and upload, but they can also adjust if a certain port is blocked or not open. The only way to get around that is to have a packet shaping device that can examine a file sharing packet at the Application Layer, and either drop it or limit bandwidth.

What version of firmware are you using? The new features of 6.1 allow for bandwidth throttling at an individual SM instead of using BAM. This is a huge milestone in Canopy firmware. I feel bad for those who spent the $1000 or so for BAM and now half of the features of BAM are available for free in a firmware upgrade.