I have been getting HUGE mystery bandwidth spikes here and there (about 5 in total over a 2 month period). I've just verified it happened yesterday on two micro LAMP instances (extremely low traffic, development only).
It is a 4 GB in, 4 GB out spike (or slightly lower, 3.7-4.0). It occurs on the graph in the hub interface as happening in exactly the 5 minute interval on the graph (zero just before and zero just after).
This morning I saw it on the graphs for yesterday, so I started poking through some logs and found that it occurred exactly when I rebooted both servers.
Any thoughts on what might be causing this? There is only a slight blip on the CPU and I/O for the reboots (about 60% CPU and about 89 MB Read, 8 MB Write for I/O), which to me simply represents the activity of the reboots)
Since every single time the whole 8 GB (4 in and 4 out) happen all within the one 5 minute timeslice, I'm assuming it is all happening within much less than the 5 minutes.
PLEASE HELP. other than the cost implications ($1 to reboot a server? haha), this is a security mystery, a setup mystery, a certain amount of doubt about the accuracy of the reporting, and a blip this size makes the last 2 weeks of bandwidth completely unreadable (other than the blip, everything else shows up as zero because it's so relatively low)
I've just rebooted both servers in question to try to reproduce the behavior, but everyting looks totally normal on stats.