Honestly if you are looking that scale of NAT you should look at the
ASR1002. It does all NAT in the hardware path and it scales way above
what IOS can do in software.
If you were talking 5-10k translations that's one thing.
Rodney
Hitesh Vinzoda wrote:
I m facing a strange issue regarding the NAT. The problem statement is as
below
NAT configured on 3845 with 12.4.24 T ADV ENT SERVICES
- Have got 64 /25 inside subnets to do the nat with 64 Live IP's. one
each for /25 inside subnet.
- I checked the processes and memory on freshly loaded router which comes
out to be 49 MB of free memory.
- started the NAT on router with 8 of /25 inside ip pool with policy NAT
to 8 live IP's. The router withing 3 hours hanged due to no availability of
free memory. Rebooted it and removed the NAT.
- Checked Cisco website for NAT it says 312 bytes per translation that
gives us around 3 MB for 10000 translations. Checked the logs and found peak
translation only to be 15000.
- Found that problem was NAT ACL with any statement in destination
portion ( extended one). Changed it with standard ACL with no any statement.
- Reviewed and resumed the NAT on router. it works now but it uses around
20 MB of memory for just 10000 translation entries.
- Checked the UDP, TCP and ICMP timeout .... Limited UDP to 4 Mins. TCP
to 25 Mins and ICMP- 5 Mins. was able to free only 2 MB of so from 20 MB.
- Changed the IOS from ADV ent services to IP base to get rid of unwanted
processess and services as main AIM of this router is to run NAT.
- Freshly loaded router gave me 120 MB of free space and was happy now to
test out the things.
- Againg started the NAT for 8 pools of /25 inside subnet with 8 live
IP's ( Policy nat ).
- At 25000 translations it eats up memory of around 24 MB.
- Turned of Virtual Reassembly as it was reaching to thresold very often.
- Migrated another 8 pools of /25 which comes to total of 16 /25 Inside
subnets and free memory left to 64 MB. with the peak translation upto 42000
and active translation to 15000 on an average.
- It often gives the I/O memory errors too ( with only 16 /25 Pools
configured on it).
- All this stuff works fine with Netscreen firewall overloaded with only
4 IP's for all 64 /25 pools. ..... ( Is netscreen had an edge over cisco
when it comes to NAT ...._?? ) I wonder..!
If Cisco says that only 312 bytes are required for storing a single
translation Why i m not able to free my DRAM memory. Tried my luck with
everything. Need some expert advice on this to figure out the High Memory
usage of NAT....
NOTE : Only default router and no other services are used on router apart
from Netflow
Thanks in Advance
Regards
Ronnie
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
