[c-nsp] large scale NAT/PAT solution
Arturo Servin
aservin at remoteconfig.net
Wed Jun 8 14:51:46 EDT 2005
Goran Gajic wrote:
>Hi,
>
>I currently have something like 7000 users that are NAT-ed/PAT-ed (depending on
>their service) through 7206vxr (NPE-G1) box running IOS 12.4.It has something
>like 40k NAT enteries and CPU usage of 75%. However I'm looking for long term
>solution that would be able to NAT/PAT something like 40-50k users (20-30
>ubr7246 aggregated into one point where NAT box (or nat boxes) would be). What
>would be recommended solution for this scenario? I was thinking about 7609
>box. Note however that I can't run only NAT or PAT because of service policy.
>Thanks in advanced.
>
>Regards,
>Goran Gajic
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
Routers, whatever they are, are really a pain with NAT/PAT. I used
NAT with 7200, 7400 and 7300 in big networks, also in small deployments
we use NAT/PAT with 2600, 3600. All of them with high CPU usage. We
changed the routers to PIX (depending the site the model of the pix) and
we are really happy.
The 7400 could use 40-60% of CPU just for NAT, the PIX (525 FO)with
the filtering and NAT is just 15%. The same for other sites with
3600/2600 with 60-80% of CPU now with a 515 (restricted version even)
the pix is just as 10-15% of CPU use. Also everytime that we have an
internal DOS the routers were like crazy, now we the pixes we barely
feel it.
I am sure that could also be better boxes than the pix, but for us at
least, they worked.
-as
--
Remote Config, The Remote Configuration Company
http://www.remoteconfig.net
Global Service Offices
contact at remoteconfig.net
More information about the cisco-nsp
mailing list