[c-nsp] NAT on ASR1000

Yan Filyurin yanf787 at yahoo.com
Tue Apr 7 13:02:55 EDT 2009


At certain point of time, I was testing NAT with just test tools, sending various forms of raw TCP, UDP and just IP traffic. I was able to get about 150k simultaneous translations at 2Gbps doing very low packet sizes.  I definitely remember doing it with IMIX.  I do remember seeing issues with BFD when NAT was enabled and a number of IPSec issues. But I think most of these issues have been fixed.  There were also some issues with show commands, but that goes back to 2.2.1. This device is perfect for NAT.  7200 G2 is the next best thing and definitely better than 7600. G2 could easily do 100k translations at about 500% Mbps, but with 60% CPU.  Maybe easily isn't the right word, but still. I can give more details offline. 

Yan




________________________________
From: Tassos Chatzithomaoglou <achatz at forthnet.gr>
To: Rodney Dunn <rodunn at cisco.com>
Cc: cisco-nsp at puck.nether.net
Sent: Tuesday, April 7, 2009 12:02:52 PM
Subject: Re: [c-nsp] NAT on ASR1000

Rodney, can you do a "sh plat soft stat contr br"?

--
Tassos

Rodney Dunn wrote on 07/04/2009 18:46:
> Few bugs still being worked through but the 72xx and 76xx croaked
> under the load:
> 
> ASR1002ESP10#sh proc cpu sort | excl 0.00
> CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0%
>  PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process ASR1002ESP10#sh ip nat stat
> Total active translations: 92367 (80 static, 92287 dynamic; 92287 extended)
> Outside interfaces:
>   GigabitEthernet0/0/0, Tunnel1
> Inside interfaces:   GigabitEthernet0/0/1, GigabitEthernet0/0/2
> Hits: 0  Misses: 0
> CEF Translated packets: 0, CEF Punted packets: 0
> Expired translations: 87400847
> 
> 
> that's on 12.2(33)XNC and I just filed one bug.
> 
> CSCsy93931 ASRNAT does not do FIN/RST/SYN timeout when no-payload keyword used
> 
> 
> My first work on the box with NAT but this thing seems pretty impressive.
> 
> Anyone else using it for high scale nat yet?
> 
> Rodney
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



      


More information about the cisco-nsp mailing list