cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5003
Views
0
Helpful
7
Replies

2801 High CPU - NAT Process Switching or CEF Switching ?

Wellington L
Level 1
Level 1

Hello,

I have in my router 2801, one link with 20 MB WAN Connection, and it is presenting high cpu utilization with 97% Interrupt Errors when start one download.

I exchanged it to another router the 2811 and it presented the same results.

I read the cisco doccument about Router Perfomance.

And it speaks about the 2801 supports 46 Mbps using CEF/Fast Switching and 1.5Mbps using only Process Switching, and 2811 supports 61.44 CEF and 1.5Mbps Process Switching.

I need to know if the NAT Process is process switching or CEF Switching.

Because if it was process switching the router is working in the max capacity and i will need to exchange the hardware to a better hardware.

Thank You.

1 Accepted Solution

Accepted Solutions

What you are seeing is going to be normal. The numbers you quote are from the following document:

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

The only thing this document is good for is to compare platform performance to eachother. For example a 2851 should be roughly twice as fast as a 2801 under the same conditions. The first paragraph tries to illustrate this:

"Numbers are given with 64 byte packet size, IP only, and are only an indication of raw switching performance. These are testing numbers, usually with FE to FE, GigE to GigE or POS to POS, no services enabled. As you add ACL's, encryption, compression, etc - performance will decline significantly from the given numbers, unless it is a hardware-assisted platform, such as the ASR 1000, 7600 or 12000, which process QoS, ACL's, and other features in hardware (or when a hardware assist is installed, for instance an AIM-VPN in a 3745 will offload the encryption from the CPU). Every situation is different - please simulate the true environment to get applicable performance values.
Knowing the performance for a specific router platform is not a good indication of how well a specific feature will perform. If a feature is supported in the CEF path, for instance, and we know the feature-free CEF throughput in a specific configuration, then we only know the platform's "never-to-exceed" performance but we do not know the actual performance of any given feature, which will always be less."

For these software forwarding platforms everything is a factor. If the packet size used in the tests of that document were larger the throughput would be higher, but we might not see as many packets per second. The router has to do roughly the same amount of work per packet when forwarding for most features regardless of its size. So for the same packet rate the throughput of 1000 byte packets will be significantly more than 100 byte packets yet the cpu usage will be similar.

In your example we are not process switching. High cpu under interrupt is the router forwarding packets in the fast path. When a router is process switching the packets are not forwarded under interrupt, but are instead given to a process called IP Input. If the cpu due to the IP Input process is not high then the cause is not process switching of traffic.

For every feature enabled in the forwarding path there will be a reduction in the forwarding performance of the router. QOS, ACLs, Netflow, NAT, FW, etc will all cause some sort of impact due to the extra work the cpu has to do to provide that feature. Some features are also more cpu intensive than others. There is no possible way to give a performance scenario for all conditions. A better document would be to look at a Miercom report. Typically these are tests with a lot of common features turned on with a mix of traffic. If you do not use some of the same features then it would be reasonable to expect some improvement to performance.

Overall though it sounds like this rotuer is undersized for the amount of traffic and features you are using. When you try with another platform I would still expect to see the CPU usage due to interrupts. Either the cpu will still be high because even more traffic is being forwarded by the router or the cpu usage will be lower.

View solution in original post

7 Replies 7

vmiller
Level 7
Level 7

Depending on the code rev, and how big your translation tables are, I'd give you a qualified yes to the question.

From my own experience, NAT can be done on a router, but is better done on a Secuity appliance if possible.

http://www.cisco.com/en/US/tech/tk827/tk831/technologies_white_paper09186a00800a62d9.shtml

NAT is just one operation on the existing traffic but doesn't influence the decision if traffic is process-switched or CEF processed.

I would try to setting up a policer to limit traffic up to 40Mbps and see the results if CPU goes high.

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any  purpose.   Information provided is for informational purposes only and  should not  be construed as rendering professional advice of any kind.   Usage of  this posting's information is solely at reader's own risk

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Just an FYI, worked with a 2811 that had a full DS3 that would top out its CPU when line rate hit about 20 Mbps, duplex, or about 40 Mbps total.  The figures you're noting are theoretical and don't account for services such as NAT.  I'm unaware of any normal user method to "see" how a router is spending its interrupt time, although there might be a diagnostic option to do so that might be available to TAC.  However, since Cisco "rates" a 2801 for single T1 and 2811 for dual T1s, I recall(?), suspect their recommendation would be you need a platform with higher performance.

BTW, what's the total (all interface rates divided by two) traffic rate passing through the router when it tops the CPU?

The version in my router is 12.4.24T4. I tried exchange the version to the 12.4.24T5 but i didn't have results.

When i start the download the traffic rate passing through the router is 1.5Mbps no more and CPU goes to 99%/97%.

I think the perfomance was for be better because i have the 20 mb WAN link.

I will try today a new hardware the 2821, because in the documment talks about the process switching in the 2821 is 5.8Mbps.

What you are seeing is going to be normal. The numbers you quote are from the following document:

http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

The only thing this document is good for is to compare platform performance to eachother. For example a 2851 should be roughly twice as fast as a 2801 under the same conditions. The first paragraph tries to illustrate this:

"Numbers are given with 64 byte packet size, IP only, and are only an indication of raw switching performance. These are testing numbers, usually with FE to FE, GigE to GigE or POS to POS, no services enabled. As you add ACL's, encryption, compression, etc - performance will decline significantly from the given numbers, unless it is a hardware-assisted platform, such as the ASR 1000, 7600 or 12000, which process QoS, ACL's, and other features in hardware (or when a hardware assist is installed, for instance an AIM-VPN in a 3745 will offload the encryption from the CPU). Every situation is different - please simulate the true environment to get applicable performance values.
Knowing the performance for a specific router platform is not a good indication of how well a specific feature will perform. If a feature is supported in the CEF path, for instance, and we know the feature-free CEF throughput in a specific configuration, then we only know the platform's "never-to-exceed" performance but we do not know the actual performance of any given feature, which will always be less."

For these software forwarding platforms everything is a factor. If the packet size used in the tests of that document were larger the throughput would be higher, but we might not see as many packets per second. The router has to do roughly the same amount of work per packet when forwarding for most features regardless of its size. So for the same packet rate the throughput of 1000 byte packets will be significantly more than 100 byte packets yet the cpu usage will be similar.

In your example we are not process switching. High cpu under interrupt is the router forwarding packets in the fast path. When a router is process switching the packets are not forwarded under interrupt, but are instead given to a process called IP Input. If the cpu due to the IP Input process is not high then the cause is not process switching of traffic.

For every feature enabled in the forwarding path there will be a reduction in the forwarding performance of the router. QOS, ACLs, Netflow, NAT, FW, etc will all cause some sort of impact due to the extra work the cpu has to do to provide that feature. Some features are also more cpu intensive than others. There is no possible way to give a performance scenario for all conditions. A better document would be to look at a Miercom report. Typically these are tests with a lot of common features turned on with a mix of traffic. If you do not use some of the same features then it would be reasonable to expect some improvement to performance.

Overall though it sounds like this rotuer is undersized for the amount of traffic and features you are using. When you try with another platform I would still expect to see the CPU usage due to interrupts. Either the cpu will still be high because even more traffic is being forwarded by the router or the cpu usage will be lower.

Thank you all for the answers. The answers were clear to me.

I exchanged my router 2801 by a 2821 today, and this router didn't have problems with my 20mb wan link.

The router is working in 30% when I'm doing a download.

I was seeing your perfomance and is better than 2801 and 2811 in the doccument and i confirmed it today.

I think these routers weren't supporting all traffic and the features the same time, because i have VPN, ACL,Call Manager, QoS,NAT and others features using this router beyond the link.

Disclaimer

The    Author of this posting offers the information contained within this    posting without consideration and with the reader's understanding that    there's no  implied or expressed suitability or fitness for any    purpose.  Information provided is for informational purposes only and    should not be construed as rendering professional advice of any kind.     Usage of this posting's information is solely at reader's own risk

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising    out of the use or inability to use the posting's information even if    Author has been advised of the possibility of such damage.

Posting

When i start the download the traffic rate passing through the router is 1.5Mbps no more and CPU goes to 99%/97%.

1.5 Mbps and it tops out interrupt CPU! -- would expect better than that -- you might want to post your full config (sanitized)

Also, process CPU usually shows shows separately when you use the show CPU command.