[j-nsp] NAT without AS PIC
Andrey Zarechansky
zorick at fr.kiev.ua
Thu Aug 7 19:40:01 EDT 2008
On Thu, Aug 07, 2008 at 02:36:32PM -0300, Rubens Kuhl Jr. wrote:
> >> On the 7600 and the ASR1000, is that hardware accelerated NAT a
> >> default option, or are those add-on features?
> >
> > On both the 7600 and the ASR it is in the base images and ready to
> > just configure. Crazy for Cisco, I know. You'd think they'd milk
> > another license out of you somewhere. :)
>
> That doesn't mean it's healthy to do NAT, because every first packet
> of a flow will hit a slow CPU (unless you have brand new RSP720).
Slow CPU will just limit connection setup rate:
- first packet will hit NAT rule on the MSFC and will create session hash
- MSFC will upload Netflow TCAM action to the PFC3
- first reply packet will hit NAT session hash on the MSFC
- MSFC will consume another one Netflow TCAM entry within PFC3
- the whole ongoing packet sequence will hit Netflow TCAM entries and
packet processing will handled by PFC3.`
--
ZA-RIPE||ZA1-UANIC
More information about the juniper-nsp
mailing list