Hi,
One of our clients is using MT as his core router. He has several interfaces each one connected to a different 42U server rack consuming around 200-300MBit each. Normal cpu load is around 70%. Recently he started noticing packet loss on servers located in one of the racks and also traffic fell down to 500-600KBit on that interface. Cpu load is down to about 30-40%. I suspect some network flood from one of the servers because from our experience if cpu load is down and there’s little to no traffic on some interface it usually means there’s some kind of massive bw consumption going on somewhere and MT is just too stupid? or lacks processing power to identify and record this huge data flow (ddos?). Is there any way we can locate the server which causes this? The only thing we tried so far is torch which is useless. Our admins and our upstreams’ admins are also clueless. Please assist this forum is our last hope!
BR,
Paul