[nsp] NAT spiking CPU
Frank Maisano
FrankM at netarch.com
Wed Sep 10 08:41:52 EDT 2003
I have recently been working on a problem where a router doing PAT was
showing 17000+ dynamic translations. It would eventually run out of memory
and required a reboot. I found that by changing the dynamic NAT TCP timeout
from the default of 24 hours to 2 hours, the router stays in operation and I
am not seeing memory problems. I am still testing this but seems to be
working well.
If you are using PAT, the command is:
ip nat translation tcp-timeout 7200 <--this is seconds (2 hours shown here)
If you are NOT using PAT, the command is:
ip nat translation timeout <seconds>
More info here:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00
80091cb9.shtml
Regards,
Frank Maisano, CCIE #12114 | |
Consulting Engineer | |
Network Architechs ||| |||
u: http://www.netarch.com .|||||. .|||||.
e: frankm at netarch.com .:|||||||||:.:|||||||||:.
p: (505) 256.9047 Cisco Systems Partner
f: (505) 256.9091 Silver Certified
--------------------------------------------------------------------
"The mind has exactly the same power as the hands: not merely to
grasp the world, but to change it" --Colin Wilson
-----Original Message-----
From: Christopher J. Wolff [mailto:chris at bblabs.com]
Sent: Monday, September 08, 2003 10:05 AM
To: cisco-nsp at puck.nether.net
Subject: [nsp] NAT spiking CPU
Hello,
Just ran into an interesting situation where, when the public side of a
NAT connection goes down, the router CPU spikes to 100%, effectively
restricting all traffic flow inside the network. This is a 2611XM
router. Has anyone seen this happen? Thank you in advance.
Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list