RE: NAT speeds

Thu, 21 Jun 2001 17:19:57 -0700 

Actually, NAT on a cisco router DOES have a significant impact. Let me
give you my scenario:

Cisco 4500 with dual tokenring interfaces, each tokenring interface
sustaining a constant rate of 6-7mbps. That's a decent amount of traffic,
but nothing that I would consider extraordinary or unusual. CPU
utilization sat around 5-15%.

When I enabled NAT on two ethernet interfaces I installed, which had
very little traffic, around 5kbps per second average, it took the CPU
utilization to around 85-90% constant. What's more, the NAT was occurring
between the ethernet interfaces only, which had little traffic. The
tokenring interfaces had absolutely nothing to do with the NAT.

Once I turned NAT off, CPU utilization went back to normal again. Even
with no traffic going across those ethernets, just enabling it really
ramped the CPU.

The bottom line is that for me, NAT incured a heavy penalty. Whether
enabling NAT on a router causes everything to be process switched vs. fast
switched, I don't know, you'd have to consult the documentation. It's also
possible that a different IOS or router would react differently, your
mileage will of course vary.

On Mon, 18 Jun 2001, Sameer R. Manek wrote:

> > From: mouss [mailto:[EMAIL PROTECTED]]
> > At 14:25 17/06/01 -0700, Sameer R. Manek wrote:
> > >Does any one have any recommendations on what we should use to
> > implement nat
> > >at close to 100mb speeds?
> >
> > why 100mb? is it because you have 100mb ethernet cards? If so, you'll be
> > surprised to
> > hear that with these, you can get about 6mb....
>
> Our outbound link hovers around 3-4megabyte/sec which is more then what
> ethernet can sustain, that's why we needed to engineer a NAT implimentation
> that can sustain close to FE speeds.
>
> >
> > Anyway, NAT doesn't reduce perfs dramatically, so it shouldn't be
> > a concern
> > unless you're
> > trying to keep with Gigabit nets...
> >
> >
> > >Cisco router is preferred.
> >
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

Reply via email to