[c-nsp] SUP720-3B and NAT performance
Tim Stevenson
tstevens at cisco.com
Thu Mar 1 15:14:00 EST 2007
At 08:23 PM 3/1/2007 +0100, Peter Salanki opined:
>If NAT is done in hardware, no CPU increase would be noticeable.
That's not entirely true. The bottleneck for h/w NAT on Sup720/Sup32
is in the *session setup* - the first packet(s) in every new
*session* is punted to the CPU to do one or both of the following:
* Create the NAT xlation
* Push down the appropriate netflow entry to the hardware to NAT that flow
The latter is done for *every* session, not just ones needing an
xlation entry (ie, we *always* have to push down a new NF entry for a
new flow even if the xlation in IOS exists). Note that for a TCP
session, the entire 3-way handshake is punted before you'll get full
h/w fwding of that NAT. Once you have full bidir h/w NF entries set
up, then the fwding rate is very high (20Mpps), for packets in that flow.
So bottom line - control plane scalability may be inadequate if you
have massive numbers of flows. Additionally, NF table scalability can
come into the picture as well (many factors apply, e.g. life of
flows, PFC version). If the NF entries can't be installed (no room),
we punt for everything that didn't fit.
HTH,
Tim
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.
More information about the cisco-nsp
mailing list