Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
949
Views
0
Helpful
4
Replies

Help I need another Router my 7201 is at 100% and the ASR1002 replacement isnt much better?

gary
Level 1
Level 1

‎02-14-2013 03:44 PM - edited ‎03-07-2019 11:43 AM

HELP  I NEED ADVISE ON CHOOSING ANOTHER ROUTER ??   

I am working with a client who has a CISCO7201 which is at 100% CPU  with  131,000 nat sessions.

7201: dies at 100% CPU, drops packets, end users see little or no traffic,

I replaced the 7201 with and ASR1002 with ESP5  and it is not much better. 

ASR 1002: limping at 85% RP CPU, 62% SP CPU, drops packets, end users see 30% of actual plan speed.

The ASR is currently running at 83% RP CPU, 63% SP CPU with

WHAT ARE THE RECOMMEDATIONS AND ADVISE HERE, THE ASR1002 ISNT MUCH BETTER 

FROM ASR1002

Total active translations: 110861 (423 static, 110438 dynamic; 110687

extended)

Outside interfaces:

GigabitEthernet0/0/0, Loopback6, Loopback127

Inside interfaces:

GigabitEthernet0/0/1.55

Hits: 5319971872  Misses: 122285308

CEF Translated packets: 0, CEF Punted packets: 0

Expired translations: 123414071

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 1 pool cvc55 refcount 109542

pool cvc55: netmask 255.255.254.0

start 180.181.124.1 end 180.181.125.254

type generic, total addresses 510, allocated 150 (29%), misses 0

nat-limit statistics:

max entry: max allowed 0, used 0, missed 0

Pool stats drop: 0  Mapping stats drop: 0

Port block alloc fail: 0

IP alias add fail: 0

Limit entry add fail: 0

Labels:
0 Helpful
4 Replies 4

vmiller
Level 7
Level 7

‎02-14-2013 04:06 PM

move the NAT to a firewall (pretty good sized one at that)

You are process switching all that NAT traffic,

0 Helpful

gary
Level 1
Level 1
In response to vmiller

‎02-14-2013 04:13 PM

Thank you.  Which ASA would you recommend ?  I was thinking ASA5525 or ASA5515 or one of the older ASA5550 ?

0 Helpful

vmiller
Level 7
Level 7
In response to gary

‎02-15-2013 08:15 AM

5515 minimum. 25 if you can swing it. Once you get the translations off the router, your performance should improve.

0 Helpful

Nicholas Oliver
Cisco Employee
Cisco Employee

‎02-25-2013 10:47 AM

Gary,

When it comes to strict scaling, the ESP-5 is targeted at about 250K NAT translations, the ESP-10 is targeted at 1M NAT translations.  I assume there are times when you end up above the level shown in the output above given your description of the level of CPU utilization.  Here's a doc for reference:

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-450070.html

The "Security" Section shows NAT translations on each ESP.  Hope that helps.

-Nick

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card