[157867] in North American Network Operators' Group
Re: High CPU utilization w/VRF NAT - Cat6500
daemon@ATHENA.MIT.EDU (Kenneth McRae)
Tue Nov 13 13:45:10 2012
In-Reply-To: <CABRP1o94eUT5kJPTLvTLOC1dTZVCEFYF0YS=p5jZzLpu1j1VPA@mail.gmail.com>
Date: Tue, 13 Nov 2012 10:44:55 -0800
From: Kenneth McRae <kenneth.mcrae@dreamhost.com>
To: Rodrick Brown <rodrick.brown@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I would recommend you do this on a firewall (fwsm or something external)..
On Tue, Nov 13, 2012 at 10:39 AM, Rodrick Brown <rodrick.brown@gmail.com>wrote:
> ~80 or so static NAT's configured, multiple versions of IOS tested.
> Most of the traffic is being punted to the CPU through the NAT interfaces
> causing high CPU utilization.
>
> Increasing fast aging timers had 0 benefit, TCAM utilization is less than
> 5%
> Does anyone have any thoughts on other configuration tweaks I should try? I
> think we're at the point where new hardware maybe FWSM or another platform
> for NAT should be explored.
>
> --RB
>
--
Best Regards,
Kenneth McRae
*Sr. Network Engineer*
kenneth.mcrae@dreamhost.com
Ph: 323-375-3814
www.dreamhost.com
