PXF problem

jeffrey.zhou · ‎05-13-2003

I have a Cisco 7206VXR with NSE-1 which is doing large number of NAT translation( about 20000), At the peak time, the high CPU of the RP can be seen. When I check the PXF switching statistics, I found About 20% packets were punted due to "NAT OUTSIDE", "NAT INSIDE" and "NAT TCP FLAGS".

I want to ask which type of traffic caused to these punts and how can I reduce these punted packets and let them pass the PXF processors?

EDU-7206-A#sh pxf account summ

Pkts Dropped RP Processed Ignored

Total 0 10625677 0

PXF complex busy: 16% PXF read pipeline full: 0%

PXF Statistic:

Packets RP -> PXF:

switch ip: 0

switch raw: 51066262

qos fastsend: 0

qos enqueue: 0

Total: 51066262

Packets PXF -> RP:

qos pkts: 0

fast pkts: 40440585

drops: total 0

punts: total 10625677

" not IP : 8565

" NAT TCP flags : 1001868

" NAT version : 3662

" NAT inside : 2243047

" NAT outside : 7323872

" CEF no adjacency : 44221

" IP TTL : 442

Total: 51066262

Packets ignored: 0 | ring space:

shadow ring full: 0 | shadow ring: 16382

in ring full: 0 | inring: 991

PXF inactive: 0

tx credits: 0 | delayed credits: 0

holdq enqueues: 119359 | requeue drops: 0

interrupts: 40122912 | pending read bytes: 0

Interface Pkts In Chars In Pkts Out Chars Out Punted Dropped

Fa0/0 0 0 0 0 0 0

Fa0/1 0 0 0 0 0 0

Gi1/0 0 0 0 0 0 0

Fa2/0 22862379 1372404270 18136316 3555446479 2732483 0

Thanks

kmarrero · ‎05-15-2003

The PXF will punt the NAT traffic to the CPU in the following cases:

1. more than 65K entries

2. traffic contains embedded addresses (such as ftp) all the packet will be punted on that flow

3. FIN/RST/SYN packets

4. new tranlation entry

By reducing the NAT timeout, it is possible to reduce the number of packets punted to the CPU.