From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Wed Feb 02 2005 - 16:16:42 GMT-3
Jay,
"show proc cpu" to see if it's actually the NAT process causing
the overload on the CPU. If so you can try lowering the NAT timeouts to
more aggressive values:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
ipras_r/ip1_i2g.htm#wp1080144
You could also look for inside hosts that have an inordinate
amount of translations and remove them from the NAT pool until they are
checked for worms. This may or may not be feasible depending on your
specific case.
Also what switching method are you using? If cef is not enabled
and you see a high utilization due to "IP Input" try enabling cef.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Etchings, Jay
> Sent: Tuesday, February 01, 2005 7:39 PM
> To: Cisco certification
> Subject: Does anyone know why this is an issue?
>
> Group if I am doing something stupid feel free to flame away I would
> just like to figure out what the deal is, even if a few lumps are in
> order.
>
>
>
> I have had an issue since last Friday where my 2651 DMVPN router is
> running at 100% of the CPU. It seems to have 150K NAT translations
> during the day which should calculate to 30Mbs of memory based on the
> 160 Bytes per trans.
>
>
>
> I am working to figure out what I can do to resolve this issue. Has
> anyone heard of such a thing?
>
>
>
>
>
> I made the following changes. This is a simple error -- the interface
> ran out of ports to translate (~65599..)
>
> access-list 11 permit 10.1.4.0 0.0.3.255
>
> access-list 11 permit 10.1.16.0 0.0.3.255 access-list 11 permit
> 10.1.200.0 0.0.1.255 access-list 11 permit 10.2.200.0 0.0.0.255 ip nat
> pool OUTSIDE_PAT 200.200.200.200 200.200.200.203 netmask ip nat inside
> source list 11 pool OUTSIDE_PAT overload no ip nat inside source
static
> 10.1.4.37 200.200.200.201 extendabe ip nat inside source static
> 10.1.4.37 200.200.200.202 extendable no access-list 10 no ip nat
inside
> source list 10 interface FastEthernet0/1 overload
>
>
>
> (I subbed my public IP's with the 200.200.200.20X)
>
>
>
>
>
> This seemed to be the temporary fix to infected computers using too
many
> NAT translations.
>
>
>
> ________________________________
>
>
>
>
>
>
>
> I issued a clear IP nat tr * to clear 70,000+ translations on my 2651
> DMVPN router again and it seems to have supplied a temporary fix.
>
>
>
> The issue of running the CPU at 100% still persists.
>
>
>
> Any ideas?
>
>
>
>
>
>
>
>
>
>
>
>
>
> Regards,
>
> Jay Etchings
>
>
This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:16 GMT-3