[nsp] NAT spiking CPU
streiner at stargate.net
Mon Sep 8 14:04:11 EDT 2003
On Mon, 8 Sep 2003, Christopher J. Wolff wrote:
> Just ran into an interesting situation where, when the public side of a
> NAT connection goes down, the router CPU spikes to 100%, effectively
> restricting all traffic flow inside the network. This is a 2611XM
> router. Has anyone seen this happen? Thank you in advance.
I've seen things like this happen in the past on a variety of platforms,
all had CEF or dCEF fully enabled.
To me, it appears that the router can handle NAT without major issues
until some threshold is crossed. That could be total number of active NAT
translations, translations per second, bits/packets per second, I don't
know. Below this limit, the router would operate normally, but once it
was crossed, the CPU would almost immediately spike to near 100%, but I
recall the amount of time spent handling interrupt requests to be fairly
As the opportunity permits, I'm trying to chip away at the NAT issue, but
it's pretty slow going...
More information about the cisco-nsp