Re: NAt oh NAT

From: elping (elpingu@acedsl.com)
Date: Fri Sep 20 2002 - 15:14:45 GMT-3

• Next message: D. Lee: "Re: Don't have 'standby' command on BVI?"
• Previous message: Chuck Church: "RE: Jake's PS note... TFTPing to a switch over console"
• Maybe in reply to: IMO ETUK: "NAt oh NAT"
• Next in thread: Jay Hennigan: "RE: NAt oh NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

from experiece on another platform...

I had the same issue on an 8540 this router was staying constant at 98% cpu
utilization steady
all day ....appletalk was the hihgest offending protocol....but when a sho proc
cpu was done
appletalk showed 25% cpu usage..where the heck was the other percentage if i added
the rest of the stuff it did not add up to 98%

i think the sho proc cpu does not show everything accurately..

but after tunneling aplletalk through ip ....the router went to 5% utilization ...

hey check this excerp from CCO..it mention high cpu when running NAT..relating to
code red
http://www.cisco.com/warp/public/63/ts_codred_worm.shtml

Symptoms
The following is a list of symptoms that might be seen on Cisco routers affected
by the "Code Red" worm.

Large number of flows in NAT/PAT tables (if running NAT/PAT).

Large number of ARPs/ARP storms in the network (caused by the IP address scan).

Excessive memory use by IP Input, ARP Input, IP Cache Ager and CEF processes.

High CPU utilization in ARP, IP Input, CEF and IPC.

If running NAT, high CPU utilization at interrupt level at low traffic rates, or
high CPU utilization at process level in IP Input.

elping wrote:

> is that the highest hog of cpu when you do a "sh proc cpu" ?
>
> Imo Etuk wrote:
>
> > Chuck,
> >
> > MSFC II
> > CEF is enabled - don't know why the CPU utilization is so high. CPU
> >
> > PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
> > 53 36467656 24301656 1500 4.48% 3.95% 3.06% 0 IP Input
> > 13 2666024 1789255 1490 1.04% 1.76% 1.52% 0 ARP Input
> > 63 726712 228837 3175 0.57% 0.34% 0.36% 0 CEF process
> > 41 188244 5137910 36 0.24% 0.10% 0.11% 0 IP NAT Ager
> >
> > Funny enough, IP Nat is running only at 0.36%, the IP input seems like a
> > winner at 3.06%
> >
> > Thanks,
> >
> > Imo
> >
> > Warning : The information contained in this message may be privileged and
> > confidential and protected from disclosure. If the reader of this message is
> > not the intended recipient, you are hereby notified that any dissemination,
> > distribution or copying of this communication is strictly prohibited. If you
> > have received this communication in error, please notify the sender
> > immediately by replying to this message and then delete it from your
> > computer.
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Chuck Church
> > Sent: Friday, September 20, 2002 3:56 PM
> > To: 'IMO ETUK'; 'ccielab@groupstudy.com'
> > Subject: RE: NAt oh NAT
> >
> > Imo,
> >
> > What version are you running on the MSFC? Is it an MSFC 1 or 2? Is
> > CEF enabled and running correctly? I though NAT could be fast switched.
> > What does your 'sh proc cpu' show as the offending process? Or is it
> > interrupts?
> >
> > Chuck Church
> > CCIE #8776, MCNE, MCSE
> > Sr. Network Engineer
> > Magnacom Technologies
> > 140 N. Rt. 303
> > Valley Cottage, NY 10989
> > 845-267-4000
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > IMO ETUK
> > Sent: Friday, September 20, 2002 4:40 PM
> > To: ccielab@groupstudy.com
> > Subject: NAt oh NAT
> >
> > Hi all,
> >
> > I seem to be having problems with a NAT config. Currently NAT is
> > configured on a 6506 which is running native IOS. I have 4,000 users
> > natted to 13 IPs and my processor utilization is not too happy about
> > this, its sitting at 80& util now.
> >
> > I have tried tweaking timers and such on NAT but no dice. Is there any
> > thing else that i can do to aleviate the cpu utilization?
> >
> > Here are my timers
> >
> > ip nat translation timeout 180
> > ip nat translation tcp-timeout 300
> > ip nat translation udp-timeout 30
> > ip nat translation finrst-timeout 15
> > ip nat translation dns-timeout 15
> >
> > ------------
> >
> > Here is my NAT config - some of it
> >
> > ip nat pool nat_router xx.xx.xx.11 xx.xx.xx.23 prefix-length 26
> > ip nat inside source list 99 pool nat_router overload
> > access-list 99 permit a.b.0.0 0.0.255.255
> >
> > where a and b are private IPs :)
> > the xx.xx are publics :)
> >
> > So i have 13 VLANs going to the pool nat_router.
> >
> > Any thoughts?
> >
> > Thanks
> >
> > Imo

• Next message: D. Lee: "Re: Don't have 'standby' command on BVI?"
• Previous message: Chuck Church: "RE: Jake's PS note... TFTPing to a switch over console"
• Maybe in reply to: IMO ETUK: "NAt oh NAT"
• Next in thread: Jay Hennigan: "RE: NAt oh NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:59 GMT-3