Following my own post; should have added this to the 1st post. The
customers behind my 4500 are almost all basic web and pop3/smtp email. You
might need to lengthen the TCP translation timeout a bit of you have ssh
or telnet users that get their idle sessions chopped if they do not have
some kind of keepalive enabled.
Here's an IOS NAT link:
http://www.cisco.com/warp/public/cc/pd/iosw/ioft/ionetn/prodlit/1195_pp.htm
On Fri, 19 Apr 2002, C. Jon Larsen wrote:
>
> Rich,
>
> I had identical problems on a 4500 router that is loaded up with many
> ethernets - all of which have customer traffic that is natted.
>
> Thousands of open translations were dragging the system down.
>
> I added some pretty tight timers:
>
> ip nat translation tcp-timeout 120
> ip nat translation udp-timeout 30
> ip nat translation syn-timeout 10
> ip nat translation dns-timeout 25
> ip nat translation icmp-timeout 10
>
> Since I did that the system has been extremely stable under high loads:
>
> cisco 4500 (R4K) processor (revision D) with 32768K/8192K bytes of memory.
> uptime is 21 weeks, 4 days, 13 hours, 13 minutes
> System returned to ROM by power-on
> System restarted at 20:08:25 est Sun Nov 18 2001
> System image file is "flash:c4500-i-mz.120-7.T.bin"
>
> 12.2 is pretty heavy IOS, though. 12.0 series are considerably smaller
> footprints in my experience.
>
> 45xx/47xx take 72pin parity SIMMs, the kind of memory that plenty of old
> PC servers used. I would try to get the memory in that box up to 32MB - 16
> is awful small indeed.
>
> sh memory
> Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
> Processor 60C13180 20893312 5255576 15637736 15094072 14990532
> I/O 40000000 8388608 5264488 3124120 1710208 2572208
>
> My router has plenty of headroom. With 16MB of main memory and 12.2 IOS
> its hard to see that 4700 having much room to breath.
>
> HTH,
>
> -jon
>
>
> On Fri, 19 Apr 2002, Rich Sena wrote:
>
> > I have a client that has 4700M that he is using for a DSL connection with
> > a NAT block behind it...
> >
> > The router is running c4500-jk9s-mz.122-7b.bin it was previously running
> > c4500-ik9s-mz.122-6c.bin with the same symptom though.
> >
> > Now all is fine *unless* someone in his NOC runs a gnuttella client -
> > after a while the (a few hours) it seems that the router starts running
> > low on resources. It looks to me like a memory issue - the router only
> > has 16M. Since it is behind a NAT block none of the return gnuttella
> > connections to I believe port 6346 are making it through.
> >
> > This is what I am seeing in the logs:
> >
> > Apr 19 05:46:18 gw 66: Apr 19 09:46:21.187: %SYS-2-MALLOCFAIL: Memory
> > allocation of 32768 bytes failed from 0x603A9F44, alignment 0
> > Apr 19 05:46:18 gw 67: Pool: Processor Free: 70312 Cause: Memory
> > fragmentation
> > Apr 19 05:46:18 gw 68: Alternate Pool: None Free: 0 Cause: No Alternate
> > pool
> > Apr 19 05:46:18 gw 69:
> > Apr 19 05:46:18 gw 70: -Process= "IP Input", ipl= 0, pid= 25
> > Apr 19 05:46:18 gw 71: -Traceback= 603AE3C0 603B0B80 603A9F4C 60BC8E84
> > 60BCCC70 60BC295C 60454620 60453408 60453624 604537B8 603A3054 603A3040
> >
> >
> > I'm also seeing alot of '%AAAA-3-DROPACCTLOWMEM' type stuff right from the
> > et go - though it may or may not be related.
> >
> > What concerned me was the fact that I was getting a 'Traceback' message.
> >
> > Any help is appreciated...
> >
> >
>
>
--C. Jon Larsen Chief Technology Officer, Richweb.com (804.307.6939) SMTP: jlarsen@richweb.com (http://richweb.com/cjl_pgp_pub_key.txt)
Richweb.com: Designing Open Source Internet Business Solutions since 1995 Building Safe, Secure, Reliable Cisco-Powered Networks since 1995
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:12 EDT