IP SLB on IOS -> High CPU problem

Unanswered Question
Apr 7th, 2010
User Badges:
  • Bronze, 100 points or more

I have configured a simple WWW load balancing between two servers on IOS 12.2(33)SXI1 running on VSS:


It is doing server NAT translation. I though this was done in hardware:


ip slb serverfarm WW
nat server
real 1.1.1.10
  inservice
!
real 1.1.1.11
  inservice
!
ip slb vserver PROXY_VIP
virtual 1.1.1.12 tcp www
serverfarm WW
inservice



From the moment i enable this -> CPU shoots to 100%, IP INPUT process is highest.

even with less than 10 sessions to the VIP

Hardware: SUP720


Is this because of the NAT ?


PS. The VLAN 1.1.1.x is used for other servers also. So it has some heavy background traffic also. I hope not all traffic is punted to the CPU for the NAT ?


regards,

Geert

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Jon Marshall Wed, 04/07/2010 - 03:04
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Geert


Do you know whether you are running in dispatched or directed mode ? - see this link to describe which one is which -


6500 - IOS SLB


If you are running in directed mode all traffic is handled by the MSFC and not the PFC ie. it is software switched and this can put a large load on the switch. This is where a dedicated load-balancer such as the ACE module can be used because all the load-balancing is then handled in hardware by the module itself.


Jon

gnijs Wed, 04/07/2010 - 06:16
User Badges:
  • Bronze, 100 points or more

Hello Jon,


I am running in directed mode (i know the "worst" mode, i am doing server natting)


BTW . I found the reason for the high CPU:


One of the real servers is already taking 30Mbps of traffic today (from other systems). Once i put my virtual server in "inservice" the switch punts all this traffic to CPU..auch ! Even if no traffic is seen to the vserver ip


Proof: the second real server is taking 0% of load currently. When i removed the busy one from the config -> my CPU doesn't hit 100% anymore and it works. During a heavy download, CPU increased to 40% (single session).


Conclusion: 30Mbps is too high for SLB with NAT on SUP720 :-)



regards,

Geert

Actions

This Discussion