[nsp] # of NAT translations via SNMP in IOS
Dan Armstrong
dan at beanfield.com
Mon Jan 12 20:56:31 EST 2004
I have got my a$$ roasted on many lists for being an ISP that runs NAT on a
large scale for stupid customers....
We have several edge routers that run a _lot_ of NAT, and without this:
ip nat translation timeout 300
ip nat translation tcp-timeout 600
ip nat translation finrst-timeout 120
ip nat translation syn-timeout 300
ip nat translation icmp-timeout 120
Their CPUs go haywire.
Not an SNMP solution, but if you choke NAT down to reasonable values, it
seems to be fine for us for thousands of simultaneous customers.
Dan.
daryl at introspect.net wrote:
> I've spent a bit of time on this one, and seem to be coming up dry.
>
> I'm looking for the OID (if it exists) that will tem me how many NAT
> translations are currently in a router.
>
> I've got several 10's of 1721's scatter about the world, which have a
> nasty habit of grinding to a halt when configured to NAT and the number
> of translations goes through the roof (eMule running on a couple of
> machines inside the site seem to do just fine to kill them).
>
> I'd like to monitor this and figure out a good threshold for a bit of an
> early warning.
>
> Anyone have any ideas?
>
> Thanks,
>
> Daryl G. Jurbala
> BMPC Network Operations
> Tel: +1 215 825 8401 x235
> Fax: +1 508 526 8500
> INOC-DBA: 26412*DGJ
>
> PGP Key: http://www.introspect.net/pgp
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list