Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
908
Views
0
Helpful
3
Replies

NAT and memory issues ...how to tackle it ???

mirehteshamali
Level 1
Level 1

ā€Ž12-17-2011 12:51 PM - edited ā€Ž03-04-2019 02:40 PM

we have some unusual  issue when our core 3825 series router dealing  with NAT !

first off to offload traffic we have two router one 3825 and other 2821 configured to support GLBP .

interface GigabitEthernet0/0

ip address a.b.c.d 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45 !

interface GigabitEthernet0/1

ip address 10.11.a.b 255.255.0.0

ip nat inside ip virtual-reassembly

duplex auto

speed auto

media-type rj45

glbp 1 ip 10.11.0.v

glbp 1 load-balancing host-dependent

glbp 1 authentication text --------

ip nat inside source list 11 interface GigabitEthernet0/0 overload

!

access-list 11 permit 10.11.0.0 0.0.255.255

NOW look at the console error describing memory issues with NAT AND lack of memory

*Dec 17 08:50:19.618: %SYS-2-CHUNKEXPANDFAIL: Could not expand chunk pool for ipnat globaltr. No memory available -Process= "Chunk Manager", ipl= 4, pid= 1,  -Traceback= 0x60046F6Cz 0x62C31434z 0x62C31418z

*Dec 17 08:50:29.282: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed from 0x6004B8F8, alignment 8 Pool: Processor  Free: 345524  Cause: Memory fragmentation Alternate Pool: None  Free: 0  Cause: No Alternate pool -Process= "Chunk Manager", ipl= 4, pid= 1,  -Traceback= 0x600145D0z 0x6002E7B4z 0x600482C0z 0x60046D9Cz 0x60046F28z 0x62C31434z 0x62C31418z

*Dec 17 08:50:29.622: %SYS-2-CHUNKEXPANDFAIL: Could not expand chunk pool for ipnat entry. No memory available -Process= "Chunk Manager", ipl= 4, pid= 1,  -Traceback= 0x60046F6Cz 0x62C31434z 0x62C31418z

The problem is router hangs out , intenet users suffer slowness , criticle service like telnet doesnt work . the only solution i found is a reload ,

not to mention this is core router sitting on campus network edge . and servicing around 1000 users !! approx assuming all users have using internet at same time .

how to check , if memory is not sufficient ? 

further if any users using utorrent or any thing like that , does it make enormous no of connections form same pc ?

is their any  licence requird for IOS IPS ?

i prefer to turn this feature on to kill torrents connections ?  but i fear crashing  of router as no of users are huge !

any know bug with glbp , nat with ip voice image  C3825-IPVOICE-M  VERSION 12.4(24) T4  ???

Labels:
0 Helpful
3 Replies 3

lgijssel
Level 9
Level 9

ā€Ž12-17-2011 03:29 PM

This kind oif issue is typically related to a memory leak.

Up- or downgrading the IOS is the most obvious solution.

regards,

Leo

0 Helpful

David Santos
Level 1
Level 1

ā€Ž12-18-2011 04:06 AM

mirehteshamali

Have you tried to disable virtual-reassembly?

./DS

0 Helpful

mirehteshamali
Level 1
Level 1
In response to David Santos

ā€Ž12-18-2011 10:23 AM

never tried disabling it with the fear that , NAT might not work properly . 

NAT is evil !  Fragments are deadly ! but this is a core router shoud be able to handle the load .

is their a way to increase memory ???

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card