1) First Network topology
Internet<--G0/0--> TR<-->CoreSW<--Firewall<--> Server and LAN network
<--Gateway<--> Customers
2) Problem is at the G0/0 port on TR specially the Egress " Surges to 200 Mbps"
3) We are using NPM so we can see the DL/UL utilization on each port and all are below 10 Mbps.
4) When Checking the TR webui,port G0/0,egress.. I find the top usage from "unknown" and "Domain name system"
5) What is that " Unknown " or how to know it? + How to stop such surges or at least to know Why it happens so i can deal with it... taking into consideration that this surge happens in 1 hour intervals any time in the day " peak hours or off hours" like 3 am.
6) It's only the upload and it's from the TR only which is weird for me.
I will attach a snap shot from the Webui
-We are using simple QoS but nothing was happening for the last few months..that just happened 2 days ago and its back to normal right now.