IP SLB on IOS -> High CPU problem

Unanswered Question
Apr 7th, 2010
User Badges:
  • Bronze, 100 points or more

I have configured a simple WWW load balancing between two servers on IOS 12.2(33)SXI1 running on VSS:

It is doing server NAT translation. I though this was done in hardware:

ip slb serverfarm WW
nat server
ip slb vserver PROXY_VIP
virtual tcp www
serverfarm WW

From the moment i enable this -> CPU shoots to 100%, IP INPUT process is highest.

even with less than 10 sessions to the VIP

Hardware: SUP720

Is this because of the NAT ?

PS. The VLAN 1.1.1.x is used for other servers also. So it has some heavy background traffic also. I hope not all traffic is punted to the CPU for the NAT ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Jon Marshall Wed, 04/07/2010 - 03:04
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Do you know whether you are running in dispatched or directed mode ? - see this link to describe which one is which -

6500 - IOS SLB

If you are running in directed mode all traffic is handled by the MSFC and not the PFC ie. it is software switched and this can put a large load on the switch. This is where a dedicated load-balancer such as the ACE module can be used because all the load-balancing is then handled in hardware by the module itself.


gnijs Wed, 04/07/2010 - 06:16
User Badges:
  • Bronze, 100 points or more

Hello Jon,

I am running in directed mode (i know the "worst" mode, i am doing server natting)

BTW . I found the reason for the high CPU:

One of the real servers is already taking 30Mbps of traffic today (from other systems). Once i put my virtual server in "inservice" the switch punts all this traffic to CPU..auch ! Even if no traffic is seen to the vserver ip

Proof: the second real server is taking 0% of load currently. When i removed the busy one from the config -> my CPU doesn't hit 100% anymore and it works. During a heavy download, CPU increased to 40% (single session).

Conclusion: 30Mbps is too high for SLB with NAT on SUP720 :-)




This Discussion