Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
0
Helpful
3
Replies

High CPU Due to NAT

witani
Level 1
Level 1

‎11-25-2010 02:09 AM - edited ‎03-04-2019 10:34 AM

Dears,

I have a 7206 VXR NPE-G2 running in an ISP at 40% CPU in peak time.

I applied NAT with overload based on the ACL below. After that, CPU started to reached 90 % in peak time. 

Is that expected or I am missing something ?

Extended IP access list MATCH_VOIP

    30 permit udp any any eq 5070

    35 permit tcp any any eq 5070

    40 permit udp any any eq 5060

    45 permit tcp any any eq 5060

    50 permit udp any any eq 1720

    55 permit tcp any any eq 1720

    60 permit udp any any eq 1731

    65 permit tcp any any eq 1731

ip nat inside source route-map NAT_VOIP_GLOBAL pool VOIP_GLOBAL overload

Regards,

Labels:
0 Helpful
3 Replies 3

Marc Faggion
Cisco Employee
Cisco Employee

‎11-28-2010 02:25 PM

The 7200 NPE-G2 is a software switched router so any additional features enabled on the packet path increases the amount of CPU used. As to if this is reasonable or not, I suspect there are documents on the cisco site indicating the expected CPU utilization for a given featureset.offered load combination.

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to Marc Faggion

‎11-28-2010 02:48 PM 

I suspect there are documents on the cisco site indicating the expected CPU utilization for a given featureset.offered load combinati

That is not the case, there are no such documents available, and everything is pretty much based on individual expereince and common sense.

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame

‎11-28-2010 02:46 PM 

witani wrote:
Dears,
I have a 7206 VXR NPE-G2 running in an ISP at 40% CPU in peak time.
I applied NAT with overload based on the ACL below. After that, CPU started to reached 90 % in peak time.  
Is that expected or I am missing something ?
Extended IP access list MATCH_VOIP 
    30 permit udp any any eq 5070 
    35 permit tcp any any eq 5070 
    40 permit udp any any eq 5060 
    45 permit tcp any any eq 5060
    50 permit udp any any eq 1720
    55 permit tcp any any eq 1720 
    60 permit udp any any eq 1731
    65 permit tcp any any eq 1731
ip nat inside source route-map NAT_VOIP_GLOBAL pool VOIP_GLOBAL overload

Try compiled (turbo) ACL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00800881a7.html

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card