03-09-2010 02:48 AM - edited 03-04-2019 07:45 AM
Hello,
we are a little ISP and our design is based on private address. Our internet router is translating now 50.000 entries.
The issue is that we are used static NAT:
...
...
ip nat inside source static 10.17.254.129 <public_IP>
....
If we use the command "show ip nat translation | include 10.17.254.129" we have:
tcp 80.73.145.8:57618 10.17.254.129:57618 92.123.73.24:80 92.123.73.24:80
tcp 80.73.145.8:57937 10.17.254.129:57937 92.123.73.24:80 92.123.73.24:80
tcp 80.73.145.8:57956 10.17.254.129:57956 92.123.73.49:80 92.123.73.49:80
tcp 80.73.145.8:57957 10.17.254.129:57957 92.123.73.24:80 92.123.73.24:80
tcp 80.73.145.8:57967 10.17.254.129:57967 92.123.73.49:80 92.123.73.49:80
tcp 80.73.145.8:57968 10.17.254.129:57968 92.123.73.24:80 92.123.73.24:80
tcp 80.73.145.8:57980 10.17.254.129:57980 92.123.73.49:80 92.123.73.49:80
tcp 80.73.145.8:57996 10.17.254.129:57996 92.123.73.24:80 92.123.73.24:80
tcp 80.73.145.8:58000 10.17.254.129:58000 92.123.73.49:80 92.123.73.49:80
tcp 80.73.145.8:58114 10.17.254.129:58114 92.123.73.24:80 92.123.73.24:80
--- 80.73.145.8 10.17.254.129 --- ---
The router is creating a NAT entries for each new connection. I know that it is normal but
I'd like to know if there is a possible configuration where don't create entries because de router's CPU is
nearly 90% because of interruptions due to NAT translations.
We are using:
Cisco IOS Software, 7200 Software (C7200-IS-M), Version 12.4(25b), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 12-Aug-09 18:47 by prod_rel_team
ROM: System Bootstrap, Version 12.3(4r)T1, RELEASE SOFTWARE (fc1)
BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.2(13)ZD1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
internet1 uptime is 24 weeks, 1 day, 5 hours, 31 minutes
System returned to ROM by reload at 06:54:02 MET Mon Sep 21 2009
System restarted at 06:57:00 MET Mon Sep 21 2009
System image file is "disk2:/c7200-is-mz.124-25b.bin"
Last reload reason: Reload Command
Thanks.
03-09-2010 08:33 AM
Hello again,
I have test the command "no ip nat create flow-entries" and the behavior now has changed. Now for each
connection/flow a entries is not create. Do you know if there is other considerations that i should follow?.
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide