I am havingcisco 7505 on which some lease line users are coming and it is connected to gateway. At the gateway BGP is running and users are connected by static routes. I find a big gap between traffic generated and the traffic crossing gateway. This I concluded by doing total of input and output traffic of all users and expecting it to be equal to in/out traffic at gateway plus some overhead. This gap is more than 100%. I wish to know why there is gap between traffic expected and traffic observed. Additionaly one lease line user is constantly complaining slow access. He doesn't have load on its interface either.
If there is some DoS attack, or some other attcak, can I detect it and take corrective action.