02-03-2003 01:20 AM - edited 03-02-2019 04:44 AM
Hi all,
We are some kind of little ISP. Our network structure can be simply
described as following.
==========================================================
Clients(10.*.*.*/16)--->Cisco6509(10.0.0.1/16 and 100.0.0.1/252)
--->Cisco7206(100.0.0.2/252 and 200.0.0.1/252)--->
Huge ISP(200.0.0.2/252)
==========================================================
10.*.*.*/16 is our Client-Network.
100.0.0.*/252 and 200.0.0.*/252 both represent our Formal Internet IP
addresses.
As you know, I need to select a place to make the NAT settings for our
clients' 10.*.*.*/16 IP addresses,6509 or 7206?.
FYI: We will make more than 90,000 simultaneous NAT translations.
Please give me some guide.
Thank you in advance.
zuohong
02-03-2003 08:43 AM
I would chose the 7206. Its the touchpoint between the outside and the inside
network. I did a quick look at the IOS for 6500 and did not find any NAT support.
Thats not to say its not there.
I would strongly suggest that you look at a high end PIX for your address translation needs. Its purpose built for that function.
good luck and happy new year
02-03-2003 04:52 PM
Here are some info that might help:
On the Catalyst 6500, the Content Switching Module (CSM) provides
up to 4Gbps of wire-rate NAT functionality.
I have read a Cisco docu that says NAT is available on the MSFC.
(if you are using Hybrid OS)
It would be better if you could check the performance of your
6500 and 7200 (e.g., memory and cpu resources) prior to
implementing the NAT functionality or any other feature.
So if you're going to use the 7206 for NAT, you have to check for
enough available DRAM as NAT uses router DRAM resources.
You might also be using BGP in your 7206 that might be eating up
half of the DRAM.
02-03-2003 05:45 PM
Hi,
I took a look at the performance of 6509 and 7206 (only static route running).
---------------------------------------------------------------------------------
*6509*--switch
Memory Used: 7488080
Free: 51039344
Total: 58527424
CPU utilization for five seconds: 1.56%
one minute: 1.08%
five minutes: 1.02%
*6509*--routing
MEM: Total: 89144448, Used: 12944208, Free: 76200240
CPU utilization for five seconds: 0%/0%; one minute: 0%; five minutes: 0%
====================
*7206*
MEM: Total: 80923328, Used: 15966964, Free: 64956364
CPU utilization for five seconds: 30%/29%; one minute: 32%; five minutes: 32%
----------------------------------------------------------------------------------------------
It seems that 6509 is working at a much more idle status than 7206 is.
So, should I put our NAT on the 6509?
zuohong
02-03-2003 06:27 PM
Based on experience, I typically see and use NAT on the router facing the
Internet (or ISP) as this router typically has the inside and outside interfaces.
But I have seen some that have used NAT on a router separate from the
gateway (or Core) router. This router is typically connected between the
network to be translated and the gateway.
For your setup, I might implement NAT on the 6509 but I will
have to check some info from CCO with this kind of setup.
(There might be bugs/caveats that might affect the switch
performance with this kind of implementation)
So for your question:
"So, should I put our NAT on the 6509?"
The switch usually has a low CPU process because it handles
switching via Hardware unlike the router which uses Software
that eats up CPU resources. So I cannot firmly say that you
try using the 6509. I don't have much info about NAT usage
on the 6509 so I suggest you try reading some Release notes
specifically for the version you are using.
I can help you a little bit if you could post some info about your devices:
- Cat6509 IOS version (if you're using Native IOS)
- CatOS version and MSFC IOS version (if you're using Hybrid OS)
- 7206 IOS version (you can include the feature set)
then I'll try to read some info (e.g., Release notes) from CCO and probably
I can give you points that might help.
Goodluck!
02-03-2003 06:35 PM
What type of NPE in the 7206 and is it a VXR model?
In http://www.cisco.com/warp/public/63/ts_codred_worm.shtml they say that on the NPE-300 it can handle 20,000 - 40,000 NAT translations before it has a meltdown. NPE-300 is a 262 Mhz processor.
02-03-2003 09:16 PM
Hi,
Thank you for your suggestions. Here's some information about 6509 and 7206.
------------------------------------------------------------------------------------------
6509:
IOS (tm) MSFC2 Software (C6MSFC2-PSV-M), Version 12.1(13)E, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
cisco Cat6k-MSFC2 (R7000) processor with 114688K/16384K bytes of memory.
Processor board ID SAL06334LF7
R7000 CPU at 300Mhz, Implementation 39, Rev 3.3, 256KB L2, 1024KB L3 Cache
7206:
IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(2)T, RELEASE SOFTWARE (fc1)
cisco 7206VXR (NSE-1) processor (revision A) with 114688K/16384K bytes of memory.
Processor board ID 25751872
R7000 CPU at 262Mhz, Implementation 39, Rev 2.1, 256KB L2, 2000KB L3 Cache
6 slot VXR midplane, Version 2.3
-----------------------------------------------------------------------------------------------------
Any help will be appreciated.
zuohong
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: