When the number of active connections for any single user exceeds about 10 to 15 simultaneous connections, you generally have one of two things occurring. Either the subscriber has been infected by some sort of virus/spyware or the customer is running some sort of peer-to-peer networking software (i.e. Kaaza, winMX, Limewire, Bittorrent, etc, etc, etc).
Either of these situations will result in increased latency and decreased overall available network throughput on the Canopy systems. On the Tranzeo system, the effect is far worse. Since Tranzeo is 802.11b based, there is no polling mechanism to ensure timely delivery of packets. the effect of a continuous streams of outbound traffic is dropped packets. Dropped packets means timed-out web pages and dropped email sessions. It gets far worse when you start dealing with games and VoIP. Even 1% packet loss can result in unusable games. Likewise, the very slightest IP interruption can make VoIP sessions experience jitter, echoing, and garbled signal.
It is important that you determine the specific customers that are causing the excessive streams. Look at the ports in use and the destination addresses. Determine if the traffic is likely P-t-P or an infection. If it's P-t-P, you should be able to control the volume of the traffic by using the P-t-P throttling mechanisms available through the Mikrotik software. If it's an infection, you should disassociate the user from your AP's until the infection can be resolved. If you simply firewall the outbound traffic, you probably won't solve anything. Many infections cause the PC to continuously send out packets regardless of whether those packets ever arrive at a valid destination. Therefore, the infection will keep sending/flooding your AP even if you block the subscriber from successfully reaching the internet via a Mikrotik firewall.
-- WISPA Wireless List: email@example.com Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless