Is IP space that hard to get in Pakistan? I'd never sign up with an ISP
using NAT. ARIN's /19 blocks work out to about US$832/year for a Class C,
but then that's 255 addresses you can be charging, say, US$10/month for
(which you'll sell more accounts then you have modems/addresses for anyway),
which turns into US$30600 even if you didn't oversubscribe those IPs.
I had to search for the Bug ID as *05523 in order to find it as CSCdp05523:
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdp05523
Headline NAT causes HIGH CPU
Product all Model
Component nat Duplicate of
Severity 2 Status A
Version Found 12.0(5) Fixed-in Version
Release Notes
If the address range defined in a Network Address Translation (NAT) pool is
large, CPU utilization may rise to 100 percent. If a large number of
translations are still in the NAT table showing large expiration timeout
values, then the entries were not exited properly.
Workaround: Specifically putting a reduced TCP translation timeout (20 to 30
minutes) has shown improvement. Apparently there are a lot of TCP
translations that were not exited properly and the default timeout of 24
hours would leave these translations hanging. Reducing the translation
timeout clears the entries earlier. Split the address range into smaller
ranges, and define more NAT pools.
You've configured something like 'ip nat translation tcp-timeout 1200'
(which is 20 minutes), and no help? What about configuring it even lower?
Also, instead of configuring one single pool, spread it into 8 /32 pools as
the BugID suggests.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
"Muhammed Khalilullah" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi groupies,
>
> I am doing job in an ISP in Pakistan, and we are
> applying NAT with Overloading on 4500 router. we apply
> NAT on 254 Remote Clients with 8 Public IP pool like
> (w.x.y.z/248) with the Using of Overloading NAT. After
> 5 to 6 hours Our Memory and CPU usage is increasing
> abnormally and reaches upto 90% to 95%. and Holding
> memory of IP Input Process is also increases
> constantly. The DRAM size is 16 MB.
>
> Cisco has recommended me for decreasing the time-outs
> for these translations. I've configured this also but
> still the same effect. Cisco has also mentioned that
> we might be experiencing a bug CSCds05523.
>
> I'm not sure what it is!
>
> Waiting for your earliest replies.
> Thanks in advance.
> Khalil
> CCNP, MCSE
>
>
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
