IP SLB on IOS -> High CPU problem

gnijs · ‎04-07-2010

I have configured a simple WWW load balancing between two servers on IOS 12.2(33)SXI1 running on VSS:

It is doing server NAT translation. I though this was done in hardware:

ip slb serverfarm WW
nat server
real 1.1.1.10
inservice
!
real 1.1.1.11
inservice
!
ip slb vserver PROXY_VIP
virtual 1.1.1.12 tcp www
serverfarm WW
inservice

From the moment i enable this -> CPU shoots to 100%, IP INPUT process is highest.

even with less than 10 sessions to the VIP

Hardware: SUP720

Is this because of the NAT ?

PS. The VLAN 1.1.1.x is used for other servers also. So it has some heavy background traffic also. I hope not all traffic is punted to the CPU for the NAT ?

regards,

Geert

Jon Marshall · ‎04-07-2010

Geert

Do you know whether you are running in dispatched or directed mode ? - see this link to describe which one is which -

6500 - IOS SLB

If you are running in directed mode all traffic is handled by the MSFC and not the PFC ie. it is software switched and this can put a large load on the switch. This is where a dedicated load-balancer such as the ACE module can be used because all the load-balancing is then handled in hardware by the module itself.

Jon

gnijs · ‎04-07-2010

Hello Jon,

I am running in directed mode (i know the "worst" mode, i am doing server natting)

BTW . I found the reason for the high CPU:

One of the real servers is already taking 30Mbps of traffic today (from other systems). Once i put my virtual server in "inservice" the switch punts all this traffic to CPU..auch ! Even if no traffic is seen to the vserver ip

Proof: the second real server is taking 0% of load currently. When i removed the busy one from the config -> my CPU doesn't hit 100% anymore and it works. During a heavy download, CPU increased to 40% (single session).

Conclusion: 30Mbps is too high for SLB with NAT on SUP720 :-)

regards,

Geert