Hey guys, thought I'd post my story and ask for everybody's input. I have a 7206 at a site that has two full DS3s coming into it. At that site is a free DNS provider called granite canyon. Somebody on the web pointed "intrenet.com" at GranCan's DNS servers without entering any zone information, resulting in non-cacheable NoSuchDomains being flung around the net.
Non-cacheable DNS == tons more queries == tons of bandwidth
The 7206 started dropping packets when it hit ~40mbps of throughput, simply because of the sheer number of itty-bitty DNS queries coming through. At ~80bytes/packet, that's 62,500pps. Tag on CEF, OSPF, BGP4, tons of ACLs and more, and the router started dropping packets. Bad times.
The short term answer was to rate-limit the client for an immediate performance improvement, then to put in bogus, cacheable DNS info for the intrenet.com domain so that requests would begin to peter off.
I know you guys must have some fantastic stories about your networks, so let's hear 'em!
Non-cacheable DNS == tons more queries == tons of bandwidth
The 7206 started dropping packets when it hit ~40mbps of throughput, simply because of the sheer number of itty-bitty DNS queries coming through. At ~80bytes/packet, that's 62,500pps. Tag on CEF, OSPF, BGP4, tons of ACLs and more, and the router started dropping packets. Bad times.
The short term answer was to rate-limit the client for an immediate performance improvement, then to put in bogus, cacheable DNS info for the intrenet.com domain so that requests would begin to peter off.
I know you guys must have some fantastic stories about your networks, so let's hear 'em!