[c-nsp] SUP720-3B and NAT performance
Elmar K. Bins
elmi at 4ever.de
Thu Mar 1 16:46:16 EST 2007
Hi Tim,
tstevens at cisco.com (Tim Stevenson) wrote:
> At 08:23 PM 3/1/2007 +0100, Peter Salanki opined:
> >If NAT is done in hardware, no CPU increase would be noticeable.
>
[CPU impact of a lot of sessions starting up]
True. In this case that was _one_ session (test-wise FTP through
a very stable IPSEC tunnel, the latter being the "session",
obviously).
> The latter is done for *every* session, not just ones needing an
> xlation entry (ie, we *always* have to push down a new NF entry for a
> new flow even if the xlation in IOS exists). Note that for a TCP
> session, the entire 3-way handshake is punted before you'll get full
> h/w fwding of that NAT. Once you have full bidir h/w NF entries set
> up, then the fwding rate is very high (20Mpps), for packets in that flow.
Well, it isn't, it's one flow and it only goes up to 8kpps.
What now - what can I have done wrong there? Or should I go with the idea
of upgrading first and worrying later? ;-)
Yours,
Elmar.
More information about the cisco-nsp
mailing list