incapsula has an interesting article on a Layer 7 DDoS attack which attempted to exhaust their server resources.
even at extremely high RPS rates—and we have seen attacks as high as 268,000 RPS—the bandwidth footprint of application layer attacks is usually low, as the packet size for each request tends to be no larger than a few hundred bytes
So when they started receiving a new type of flood, it was an attention getter
...which peaked at a substantially high rate of 163,000 RPS...the real surprise came when we realized that the assault was also consuming bandwidth at 8.7 gigabits per second (!)
It turns out a script was randomly creating large files and attempting to POST to the server. Nasty.
By doing so, the perpetrators were able to create a ginormous HTTP flood, consisting of extremely large content-length requests.
Within the article they get into the routing of the attack and what they did to mitigate.
this assault is a reminder to consider scalability when strategizing defense plans against application layer attacks.