I have a Linux firewall box, sometimes found many "dst cache overflow". There are some ways to overcome this, e.g. increase /proc/sys/net/ipv4/route/max_size or set secret_interval to a lower value. However, these do not solve the root cause of the problem. I found the root cause is some users connect to many many destinations in a short period (may be BT, virus, etc.). I can list the routes by "route -Cn".
I want to know is there any means to limit number of routes per IP? Solutions, comments, ideas, directions are welcome.