C3640 poor performance

davidensc · ‎07-20-2005

i have a C3640 (128/32) with c3640-jk9o3s-mz.123-15.bin with 2 FE.

It is configured to create 3 vlan in F0/0 and to connect to my ISP in F0/1.

I have configured 250 static nat (tcp/80).

When the traffic grows up to 1,5-2,0 Mb i notice a high cpu usage (80-90%) and a decrease of the performance.

i've tried differnts IOS image and i have played around the config: cef/no cef, acl/no acl, no subinterface, ecc..

Now i try to discover a robust/scalable solution in order to offer a good performance with 300 static nat (tcp/80) and a bandwith up to 20-25 Mb.

It's the PIX-525 what i looking for?

Maybe a 38xx.

thanks

davide

paddyxdoyle · ‎07-21-2005

Hi David,

I noticed you have a k9 image on your router, are you by any chance using IPSEC to and from the router.

Also out of interest why do you have 300 statics NATs on your device? Are you hosting externally accessed web services or similar?

Each NAT takes up a portion of memory as its permanently in the NAT table, could you use dynamic NAT in your network?

Rgds

PJD

davidensc · ‎07-21-2005

the k9 is only the last ios tested.

i also tried a simple c3640-is-mz.123-15.bin (IP/PLUS) but my problems remains..

i have a couple of iis server with multiple domain mapped with static nat in external dns.

do you think that a pix 525 can solve my performance problems?

thank you very much

davide

r.sneekes · ‎07-21-2005

A pix525 will certainly do. Even an pix515E should be more then enough for your requirments.

But you might still consider the pix525 if ur expecting more growth in the future.