[157874] in North American Network Operators' Group
Re: High CPU utilization w/VRF NAT - Cat6500
daemon@ATHENA.MIT.EDU (harbor235)
Tue Nov 13 15:43:58 2012
In-Reply-To: <CALBytua6wyY6nH2PLiULTzP6sd+hqe0P25KW9D+RD+M4NU-H8g@mail.gmail.com>
Date: Tue, 13 Nov 2012 15:43:40 -0500
From: harbor235 <harbor235@gmail.com>
To: Kenneth McRae <kenneth.mcrae@dreamhost.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
What Supervisior do you have? If its an older SUP NAT may be done in
software, which sounds
like you are currently experiencing. Its not hard to max out a 6500 CPU.
-Mike
On Tue, Nov 13, 2012 at 1:44 PM, Kenneth McRae
<kenneth.mcrae@dreamhost.com>wrote:
> I would recommend you do this on a firewall (fwsm or something external)..
>
> On Tue, Nov 13, 2012 at 10:39 AM, Rodrick Brown <rodrick.brown@gmail.com
> >wrote:
>
> > ~80 or so static NAT's configured, multiple versions of IOS tested.
> > Most of the traffic is being punted to the CPU through the NAT interfaces
> > causing high CPU utilization.
> >
> > Increasing fast aging timers had 0 benefit, TCAM utilization is less than
> > 5%
> > Does anyone have any thoughts on other configuration tweaks I should
> try? I
> > think we're at the point where new hardware maybe FWSM or another
> platform
> > for NAT should be explored.
> >
> > --RB
> >
>
>
>
> --
> Best Regards,
>
>
>
> Kenneth McRae
> *Sr. Network Engineer*
> kenneth.mcrae@dreamhost.com
> Ph: 323-375-3814
> www.dreamhost.com
>
