[c-nsp] Lan ETS - 6506 -

Phil Mayers p.mayers at imperial.ac.uk
Tue Feb 14 05:32:13 EST 2017


On 14/02/17 02:47, Laurent Dumont wrote:

> We run 6506 as our core network device with SUP-720 (need to check if
> they are XL). We assign public IPs to 95% percent of the devices in the
> network so most of the load is purely routing packets to our upstream
> and back. This year, we made the decision to NAT slightly under 300
> devices on a /24 using the 6506. During the event, the CPU load on the

You are presumably aware that NAT on the 6500/sup720 is done in software 
for the initial packet, and only then accelarated with the netflow h/w 
cache?

I would advise against doing NAT on this platform.

> random drops of NATed sessions. Can anyone recommend a way to debug such
> an issue? For our next events, we are definitely looking into
> network/SPAN in order to get actual data on the type of data hitting our
> equipment.

There are all sorts of ways to debug this on that platform - ELAM or CPU 
SPAN (former gives you punt reasons but is harder to drive).

In general I've found CPU SPAN a decent first start, it's normally quite 
obvious.

TBH I would look to a more modern platform in the future.


More information about the cisco-nsp mailing list