From: Imo Etuk (ietuk@comcast.net)
Date: Sat Sep 21 2002 - 11:17:40 GMT-3
Jay,
Thanks for responding to this but i already tweaked the timers
> ip nat translation timeout 180
> ip nat translation tcp-timeout 300
> ip nat translation udp-timeout 30
> ip nat translation finrst-timeout 15
> ip nat translation dns-timeout 15
Warning : The information contained in this message may be privileged and
confidential and protected from disclosure. If the reader of this message is
not the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify the sender
immediately by replying to this message and then delete it from your
computer.
-----Original Message-----
From: Jay Hennigan [mailto:jay@west.net]
Sent: Friday, September 20, 2002 6:43 PM
To: Imo Etuk
Cc: Chuck Church; ccielab@groupstudy.com
Subject: RE: NAt oh NAT
On Fri, 20 Sep 2002, Imo Etuk wrote:
> Chuck,
>
> MSFC II
> CEF is enabled - don't know why the CPU utilization is so high. CPU
>
> PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
> 53 36467656 24301656 1500 4.48% 3.95% 3.06% 0 IP Input
> 13 2666024 1789255 1490 1.04% 1.76% 1.52% 0 ARP Input
> 63 726712 228837 3175 0.57% 0.34% 0.36% 0 CEF process
> 41 188244 5137910 36 0.24% 0.10% 0.11% 0 IP NAT Ager
>
> Funny enough, IP Nat is running only at 0.36%, the IP input seems like a
> winner at 3.06%
If you "clear ip nat translations *" does the load drop and then ramp
back up over time?
If this is a production box, and it started Friday the 13th, suspect
a Code Red infected host behind the NAT causing lots of translations
to random IPs on port 80. See the following bug (CCO required).
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdu63623
> Warning : The information contained in this message may be privileged and
> confidential and protected from disclosure. If the reader of this message
is
> not the intended recipient, you are hereby notified that any
dissemination,
> distribution or copying of this communication is strictly prohibited. If
you
> have received this communication in error, please notify the sender
> immediately by replying to this message and then delete it from your
> computer.
NOTICE: This communication may contain confidential and/or privileged
information. If you are not the intended recipient, or believe that you
have received this communication in error, you are obligated to kill
yourself and anyone else who may have read it. So there. My disclaimer
is scarier than yours. Nyaah. You started this silly nonsense. Knock
it off and I will too, ok? It's worthless from a legal standpoint, makes
you look really clueless, and is a waste of CPU cycles. Nobody reads it
anyway. You're not actually reading this, are you? I didn't think so.
-- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:59 GMT-3