[nsp] High CPU & NAT

Voralt peder at voralt.net
Thu May 8 12:56:34 EDT 2003 

Does anybody know if NAT is process-switched, or fast-switched on a 3640
running 12.2(12)?  I have a customer with a 3640 with 2FE and 1 T1.  The
total traffic through it is about 3Mbps, so it can easily handle it.
However, they have a bunch of NAT's setup on it.

cisco-gw#sh ip nat stat
Total active translations: 8271 (184 static, 8087 dynamic; 8039 extended)



The CPU gradually increases over time and eventually hits 100% and causes
tons of dropped traffic.  Right now, it's about 70% over 5 minutes and the
only thing of significance in the proc table is ip input.

CPU utilization for five seconds: 68%/26%; one minute: 74%; five minutes:
73%
  30   451407504 131621758       3429 35.45% 38.84% 37.84%   0 IP Input



It's a little hard to see from the formatting mess below, but virtually
everything in F2/0 and out 3/0 (from nat inside to nat outside) is process
switched.  So this leads me to believe NAT is process switched.  I thought
it would have been fast switched by now, but I could be wrong.  Any ideas?


show int switching:

FastEthernet2/0 to DMZ
          Throttle count          0
        Drops         RP   10003415         SP          0
  SPD Flushes       Fast          0        SSE          0
  SPD Aggress       Fast          0
 SPD Priority     Inputs          0      Drops          0

     Protocol       Path    Pkts In   Chars In   Pkts Out  Chars Out
        Other    Process          4       3212      72369    4342140
            Cache misses          0
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0
           IP    Process  353413678 2270865909   26180460 2804527244
            Cache misses       3913
                    Fast      15170    3647946  326348309 2892067068
               Auton/SSE          0          0          0          0
          ARP    Process      69034    4151912      63199    3791940
            Cache misses          0


FastEthernet3/0
          Throttle count          0
        Drops         RP      23591         SP          0
  SPD Flushes       Fast          0        SSE          0
  SPD Aggress       Fast          0
 SPD Priority     Inputs     116528      Drops          0

     Protocol       Path    Pkts In   Chars In   Pkts Out  Chars Out
        Other    Process          0          0      72371    4342260
            Cache misses          0
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0
           IP    Process   20621237 2133783481  341505610  687586530
            Cache misses     263078
                    Fast  321349725  495104553       7748    2771807
               Auton/SSE          0          0          0          0
          ARP    Process     237557   14253420         56       3360
            Cache misses          0
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0
          CDP    Process      12127    4680986      12072    3766464
            Cache misses          0
                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

                    Fast          0          0          0          0
               Auton/SSE          0          0          0          0

More information about the cisco-nsp mailing list