[c-nsp] NAT/PAT appliance recommendations

Alexey Polyakov berghauz at gmail.com
Thu Nov 5 13:52:32 EST 2009 

I'm surprised no less than you, but it is so
But I must clarify, translation timeout is 1200 sec for both tcp and udp.

For comparsion, 7513 almost dead on 7-10K translations, with less than 4
time timeouts.

cis3845-MB_okt#sh ip nat stat
Total active translations: 167741 (0 static, 167741 dynamic; 167747
extended)

cis3845-MB_okt#sh ver
Cisco IOS Software, 3800 Software (C3845-IPBASE-M), Version 12.4(3g),
RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 06-Nov-06 05:34 by alnguyen

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

cis3845-MB_okt uptime is 8 weeks, 6 days, 13 hours, 40 minutes
System returned to ROM by power-on
System image file is "flash:c3845-ipbase-mz.124-3g.bin"

Cisco 3845 (revision 1.0) with 225280K/36864K bytes of memory.
Processor board ID FCZ1111711G
2 Gigabit Ethernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
62720K bytes of ATA System CompactFlash (Read/Write)


WBR Aleksey Polyakoff ICQ:9001016
Mike Ditka <http://www.brainyquote.com/quotes/authors/m/mike_ditka.html>  -
"If God had wanted man to play soccer, he wouldn't have given us arms."

2009/11/5 Paul Stewart <paul at paulstewart.org>

> Is that graph (NAT) the number of "active" NAT translations?  Just curious
> as that is a LOT of translations being measured on that platform..;)
>
> Cheers,
>
> Paul
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Alexey Polyakov
> Sent: November-05-09 1:07 PM
> To: Johnson, Neil M
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] NAT/PAT appliance recommendations
>
> Hi.
>
> 3854 can handle a lot of nat translations. But... can't handle a lot of
> Mbps..
> There is some mrtg's graphs.
> NAT translations:
> http://i039.radikal.ru/0911/9f/845c6ec3d143.png
> CPU load:
> http://s58.radikal.ru/i162/0911/c7/7052632a4b6c.png
>
>
> WBR Aleksey Polyakoff ICQ:9001016
> Marie von
> Ebner-Eschenbach<
> http://www.brainyquote.com/quotes/authors/m/marie_von_ebner
> eschenbac.html<http://www.brainyquote.com/quotes/authors/m/marie_von_ebner%0Aeschenbac.html>
> >
> - "Even a stopped clock is right twice a day."
>
> 2009/11/5 Johnson, Neil M <neil-johnson at uiowa.edu>
>
> >
> > I'm looking for recommendations for a device to NAT/PAT so that we can
> move
> > our wireless network to private IP address space.
> >
> > We have approximately 1500 wireless clients on one wireless network and
> > about 500 clients on the other (our campus is separated by a river).
> >
> > One wireless network has six wireless controllers each four 1 Gb/s
> > connections, the other has five wireless controllers. Those interfaces
> are
> > nowhere near saturated, but we will be adding  another 900 AP's to the
> > network and moving to 802.11N.
> >
> > All traffic from the wireless clients will be NAT'ed.
> >
> > Thanks.
> > -Neil
> >
> > --
> > Neil Johnson
> > Network Engineer
> > Information Technology Services
> > The University of Iowa
> > Work: 319 384-0938
> > Mobile: 319 540-2081
> > Fax: 319 355-2618
> > E-mail: neil-johnson at uiowa.edu
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list