RE: [nsp] High CPU with NAT - some output

• Next message: Routing Junkie: "Re: show ip ospf database ... outputs"
• Previous message: Cisco Systems Product Security Incident Response Team: "[nsp] Cisco Security Advisory: Vulnerabilities in Cisco SN 5420 Storage Routers"
• Next in thread: George Robbins: "RE: [nsp] High CPU with NAT - some output"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Hi Gert,
Very good link that you sent me but, in the field, things do not work like
on the paper. What I see is that 99% of all output packets are process
switching on 3600 with NAT configured, even if we (re)start to use CEF on
it.

I don´t know if it´s a bug or not, I hope that Cisco can tell me.

21% of CPU utilization are not so high. But if you have less that 1 Mbps of
IP traffic and see that 21% of your CPU are busy during the last 5 minutes I
think that you have to take a look on it.

The fact is that when there are almost 4 Mbps of IP traffic passing through
the router, the CPU hits 99%!! There is no dynamic routing protocols on it,
only static route and NAT.

Regards,

Marcio Pilotto
CCIE No. 7477
Intelig Telecomunicações
Engenheiro de Projeto de Redes IP
Tel.: +55 21 2536 0880
Mobile: +55 21 9765 6523
FAX: +55 21 2536 0903

-----Original Message-----
From: Gert Doering [mailto:gert@greenie.muc.de]
Sent: terça-feira, 10 de julho de 2001 09:32
To: Marcio Pilotto; cisco-nsp@puck.nether.net
Subject: Re: [nsp] High CPU with NAT - some output

Hi,

On Tue, Jul 10, 2001 at 09:12:37AM -0300, Marcio Pilotto wrote:
> - show process cpu
> --------- output being ---------------
> CPU utilization for five seconds: 21%/13%; one minute: 21%; five minutes:
> 21%
> -------- output end ------------------

That doesn't look overly high to me.

> CEF is enable at all interfaces but CEF does not work with NAT!

At least per the docs, it should - quoting from
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/iofwft/prodlit/iosnt_qp.htm

"Q. What kind of routing performance can I expect when I use Cisco IOS NAT?

A. Cisco IOS NAT supports Cisco Express Forwarding (CEF) switching,
Fast-switching and of course Process switching. "

> With show interfaces switching command we can see that all output packets
> are process switching. It does not care if you use netflow switching, fast
> switching or even CEF.

Maybe you should use an IOS version with less letters in it :-) -
IOS-Versions with two or more letters tend to be "interesting".

gert

-- 
USENET is *not* the non-clickable part of WWW!
 
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert@greenie.muc.de
fax: +49-89-35655025
gert.doering@physik.tu-muenchen.de

• Next message: Routing Junkie: "Re: show ip ospf database ... outputs"
• Previous message: Cisco Systems Product Security Incident Response Team: "[nsp] Cisco Security Advisory: Vulnerabilities in Cisco SN 5420 Storage Routers"
• Next in thread: George Robbins: "RE: [nsp] High CPU with NAT - some output"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:44 EDT