Cat6500: High CPU due to IOS SLB with NAT Server - Resolve with Dispatched Mode



This document disucsses on high CPU condition seen in Catalyst 6500 platforms due to IOS Server Load Balancing (SLB) feature.

Problem Description:

Catalyst 6500 reporting high CPU due to interrupts and "IP Input" process.

C6K-A#show process cpu sorted | exclude 0.00
CPU utilization for five seconds: 98%/57%; one minute: 99%; five minutes: 97%
PID Runtime(ms)  Invoked      uSecs   5Sec   1Min   5Min TTY Process
227   816331652 12632718       4266 32.10% 31.69% 31.07%   0 IP Input

Troubleshooting and Symptoms:


The IOS SLB is configured with "nat server""

ip slb serverfarm TEST-FARM1

   nat server

   nat client POOL1



Switch do NOT have any sw-installed Netflow entries:

C6K-A#show mls netflow ip sw-installed 
Displaying Netflow entries in Active Supervisor EARL in module 5
No Entries

C6K-A#show mls netflow ip sw-installed module 1 <<=== Ingress DFC module
Displaying Netflow entries in Active Supervisor EARL in module 1 No Entries


SLB has active connections:

C6K-A#show ip slb connections 
vserver         prot client                real               state        nat 
VSERVER-NAME    TCP  <client-ip>:<port>    <real-ip>:<port>   <TCP-State>  S,C

Root-Cause and Resolution:

When the client sends the traffic to virtual IP address, the load-balancer (in this case, IOS SLB) will NAT the traffic, as the real/physical severs are NOT aware of the virtual IP address.

Cat6500 with "nat server" configuration, the switch is NOT capable of creating hardware shortcuts. As a result, the traffic will be process/software switched. This is done by punting the traffic to the CPU and it can be verified by: (Here, is IP address of a virtual server)

C6K-A#show tcam int vlan <client-vlan> acl in ip | inc
    punt         udp any host
    redirect     tcp any host fragments
    policy-route tcp any host eq <port#>

To resolve this issue, it is recommended to configure IOS SLB in "Dispatched" mode.

Further Information:

To know more on IOS SLB feature, please refer the 12.2SX Feature Configuration Guide:

Please be aware that starting from 12.2(33)SXJ IOS SLB is NOT supported:

