From: Church, Chuck (cchurch@wamnetgov.com)
Date: Wed Apr 14 2004 - 11:41:31 GMT-3
All,
Recently worked on a problem involving a NATing 1720 with
connection to ISP running out of processor memory, making it unable to
telnet into, etc. Turns out that a couple PCs on the inside were
infected with a worm/virus that tried to infect other PCs via port UDP
137. Hard to troubleshoot when you can't telnet to it, but got in today
before it totally ran out. The following shows the memory available and
number of NAT/PAT translations in use at the same time. An ACL was
applied on the inside interface blocking that port, and as the
translations timed out, memory was returned. Found it interesting
enough to share with you all. Looks like 12,000 translations will tie
up 3 available MB of ram pretty easily. Makes a pretty good case for
blocking all outbound services that you'll never need by default...
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Wam!Net Government Services - Design & Implementation Team
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnetgov.com
PGP key:
http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.
com
************************************************************************
****************
1720_UUNET_Frame>sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 3850228 1139768 593208
586536
I/O D99C00 2515976 1712180 803796 803796
803740
1720_UUNET_Frame>sh ip nat st
Total active translations: 7254 (3 static, 7251 dynamic; 7251 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 620735 Misses: 353408
Expired translations: 346164
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 7251
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 3452912 1537084 593208
586696
I/O D99C00 2515976 1716660 799316 799316
799260
1720_UUNET_Frame#sh ip nat st
Total active translations: 9559 (3 static, 9556 dynamic; 9556 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 659433 Misses: 380219
Expired translations: 370670
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 9556
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 3866960 1123036 593208
586696
I/O D99C00 2515976 1729140 786836 786836
786780
*******Added access list to deny Outbound UDP 137, UDP timeout set to 60
seconds**********
1720_UUNET_Frame#sh ip nat st
Total active translations: 5666 (3 static, 5663 dynamic; 5663 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 664349 Misses: 380653
Expired translations: 374997
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 5663
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 3732344 1257652 593208
586696
I/O D99C00 2515976 1729140 786836 786836
786780
1720_UUNET_Frame#sh ip nat st
Total active translations: 2041 (3 static, 2038 dynamic; 2038 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 668773 Misses: 380977
Expired translations: 378946
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 2038
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 3617576 1372420 593208
586696
I/O D99C00 2515976 1729140 786836 786836
786780
1720_UUNET_Frame#sh ip nat st
Total active translations: 566 (3 static, 563 dynamic; 563 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 670740 Misses: 381140
Expired translations: 380584
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 563
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 3277040 1712956 593208
619508
I/O D99C00 2515976 1729140 786836 786836
786780
1720_UUNET_Frame#sh ip nat st
Total active translations: 533 (3 static, 530 dynamic; 530 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 672763 Misses: 381288
Expired translations: 380765
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 530
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 3210268 1779728 593208
619508
I/O D99C00 2515976 1729140 786836 786836
786780
1720_UUNET_Frame#sh ip nat st
Total active translations: 563 (3 static, 560 dynamic; 560 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 673991 Misses: 381388
Expired translations: 380835
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 560
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 3138108 1851888 593208
619508
I/O D99C00 2515976 1729140 786836 786836
786780
1720_UUNET_Frame#sh ip nat st
Total active translations: 563 (3 static, 560 dynamic; 560 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 675694 Misses: 381514
Expired translations: 380961
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 560
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 2921368 2068628 593208
619848
I/O D99C00 2515976 1729140 786836 786836
786780
1720_UUNET_Frame#sh ip nat st
Total active translations: 535 (3 static, 532 dynamic; 532 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 676316 Misses: 381570
Expired translations: 381045
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 532
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 2791236 2198760 593208
619848
I/O D99C00 2515976 1729140 786836 786836
786780
1720_UUNET_Frame#sh ip nat st
Total active translations: 498 (3 static, 495 dynamic; 495 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 678089 Misses: 381705
Expired translations: 381217
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 495
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 2626612 2363384 593208
619848
I/O D99C00 2515976 1729140 786836 786836
786780
1720_UUNET_Frame#sh mem
Head Total(b) Used(b) Free(b) Lowest(b)
Largest(b)
Processor 808D77D4 4989996 2373008 2616988 593208
619848
I/O D99C00 2515976 1729140 786836 786836
786780
1720_UUNET_Frame#sh ip nat sta
Total active translations: 321 (3 static, 318 dynamic; 318 extended)
Outside interfaces:
Serial0.276
Inside interfaces:
FastEthernet0
Hits: 683877 Misses: 382169
Expired translations: 381858
Dynamic mappings:
-- Inside Source
access-list 1 pool serial0 refcount 318
pool serial0: netmask 255.255.255.224
start W.X.Y.Z end W.X.Y.Z
type generic, total addresses 1, allocated 1 (100%), misses 0
1720_UUNET_Frame#
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:47 GMT-3