RE: NAT speeds

Thu, 21 Jun 2001 18:25:44 -0700 

There is something in your argument that I don't catch.

For me, it is sane, logical, ... that a process (or task) uses some
amount of free CPU:) well, taking the CPU to high values is a
sign, but you need to go further in the tests in order to have an
precise idea of the perf overhead.

The impact I was considering is on network performance. If you can
retry your setup and check whether network perf is decreased significantly,
then I'd follow.

I've did tests on a LAN (100mb ethernet cards, with a Cisco router) and 
noticed
no serious perf problems  when the traffic was NATted. Well, it was not a
rigourous bench and it was done on an ethernet network,  but it was good news
anyway.

cheers,
mouss

At 15:16 18/06/01 -0400, [EMAIL PROTECTED] wrote:
>Actually, NAT on a cisco router DOES have a significant impact. Let me
>give you my scenario:
>
>Cisco 4500 with dual tokenring interfaces, each tokenring interface
>sustaining a constant rate of 6-7mbps. That's a decent amount of traffic,
>but nothing that I would consider extraordinary or unusual. CPU
>utilization sat around 5-15%.
>
>When I enabled NAT on two ethernet interfaces I installed, which had
>very little traffic, around 5kbps per second average, it took the CPU
>utilization to around 85-90% constant. What's more, the NAT was occurring
>between the ethernet interfaces only, which had little traffic. The
>tokenring interfaces had absolutely nothing to do with the NAT.
>
>Once I turned NAT off, CPU utilization went back to normal again. Even
>with no traffic going across those ethernets, just enabling it really
>ramped the CPU.
>
>The bottom line is that for me, NAT incured a heavy penalty. Whether
>enabling NAT on a router causes everything to be process switched vs. fast
>switched, I don't know, you'd have to consult the documentation. It's also
>possible that a different IOS or router would react differently, your
>mileage will of course vary.

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

Reply via email to