10-13-2008 03:25 AM - edited 03-03-2019 11:54 PM
folks
i have a 3845 cluster (HSRP)with a PAT overload running off an access-list
i can see the IP NAT Ager process running at 73 - 99%
there are no errors on term mon and no dropped packets in cef
i didn't think that the NAT process would be so intensive
while the cpu load is 99% i can only see 12Mb of throughput over a 100Mb internet pipe
anyone any ideaas how i can resolve the high cpu issue
thanks to anyone taking the time to reply
10-13-2008 04:41 AM
Can you paste the "show version" & "show process cpu" outout ??
10-13-2008 05:27 AM
satish
the relevant line is
190 3176396 109344 29049 96.70% 96.80% 96.66% 0 IP NAT Ager
the version is
isco IOS Software, 3800 Software (C3845-ADVSECURITYK9-M), Version 12.4(21), RELEASE SOFTWARE (fc1)
10-13-2008 09:06 AM
Hello Michael,
are you using a route-map with NAT ?
I've found this bug about very high CPU usage caused by NAT with route-map.
CSCef58137 Bug Details
in theory this should not apply to your release but can be a starting point to investigate.
Are you using or not using stateful NAT between the two C3845 ?
If you like you can post a filtered version of your config to get better help
Edit:
I've only seen now you are using an access-list. However the question about stateful NAT should be of interest in your scenario.
Hope to help
Giuseppe
10-13-2008 01:23 PM
giuseppe
many thanks for your post
i think my only option is to move the nat off the 3845s and onto an ASA i have sitting behind it
i'm migrating over 10,000 users onto this new link and i can only see the problem getting worse
thanks again
10-14-2008 11:09 AM
Hello Michael,
with 10,000 users the NAT table is becoming very large and with PAT the router is always checking all the NAT sessions to quickly find out if any TCP port can be released and this causes the high cpu usage.
This is the practical limit for PAT on routers.
Trying to use ASA can be a better solution if ASA NAT implementation is better or it has higher performance in this aspect.
We can expect both.
Best Regards
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide