Hello everyone!
I found this website looking for a solution with a problem that I am experimenting on a Cisco UBR7246VXR CMTS. I am having problems with the CPU utilization... The CPU is getting up to 99% when the traffic load is high and the problem is related with the IP Input Process. I am using NAT to provide access to my customers...
This is a "show process cpu sorted" sample:
CPU utilization for five seconds: 64%/8%; one minute: 76%; five minutes: 77%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
89 53017244 10389613 5102 51.05% 62.44% 63.38% 0 IP Input
169 3389924 7257302 467 5.10% 5.64% 6.03% 0 IP NAT Ager
32 91212 189550 481 0.16% 0.15% 0.15% 0 Per-Second Jobs
44 9192 90480 101 0.08% 0.00% 0.00% 0 MCU BPE IP Enque
29 18272 56685 322 0.08% 0.03% 0.02% 0 Net Background
31 1488 186592 7 0.08% 0.00% 0.00% 0 TTY Background
176 103412 2486864 41 0.08% 0.08% 0.08% 0 NAT MIB Helper
5 252176 28198 8943 0.00% 0.14% 0.11% 0 Check heaps
6 56 38 1473 0.00% 0.00% 0.00% 0 Pool Manager
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
8 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
9 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
10 0 2 0 0.00% 0.00% 0.00% 0 ATM AutoVC Perio
11 0 2 0 0.00% 0.00% 0.00% 0 ATM VC Auto Crea
12 128 18904 6 0.00% 0.00% 0.00% 0 Compute SRP rate
13 0 2 0 0.00% 0.00% 0.00% 0 AAA high-capacit
This is the system configuration:
uBR7246VXR#show run
Building configuration...
Current configuration : 4900 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname uBR7246VXR
!
boot-start-marker
boot system flash disk1:ubr7200-ik9su2-mz.123-23-BC9.bin
boot system flash disk0:ubr7200-ik9su2-mz.123-23.BC9.bin
boot-end-marker
!
enable secret 5 $1$DoNm$a3ig9tsYuZrwwFMaqUm521
!
fastether transmit store_and_forward enable
no cable admission-control preempt priority-voice
no cable qos permission create
no cable qos permission update
cable qos permission modems
no aaa new-model
ip subnet-zero
!
!
ip cef
no ip domain lookup
ip domain name tvnacimiento.cl
ip name-server 20.20.10.5
ip name-server 20.20.10.11
ip dhcp ping packets 0
!
username xxxxxx privilege 15 password 7 xxxxxxxx
!
interface FastEthernet0/0
ip address 10.67.37.42 255.255.255.248
ip nat outside
ip route-cache same-interface
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
duplex half
!
interface Cable3/0
no ip address
no cable packet-cache
cable bundle 1
cable downstream channel-id 0
cable downstream rate-limit
cable downstream annex B
cable downstream modulation 64qam
cable downstream interleave-depth 32
cable downstream frequency 339000000
no cable downstream rf-shutdown
cable upstream max-ports 4
cable upstream 0 connector 0
cable upstream 0 frequency 30000000
cable upstream 0 docsis-mode tdma
cable upstream 0 channel-width 1600000 1600000
cable upstream 0 minislot-size 4
cable upstream 0 power-level 0
cable upstream 0 range-backoff 3 6
cable upstream 0 data-backoff automatic
cable upstream 0 modulation-profile 41
no cable upstream 0 shutdown
cable upstream 1 connector 1
cable upstream 1 frequency 30000000
cable upstream 1 docsis-mode tdma
cable upstream 1 channel-width 1600000 1600000
cable upstream 1 minislot-size 4
cable upstream 1 power-level 0
cable upstream 1 range-backoff 3 6
cable upstream 1 data-backoff automatic
cable upstream 1 modulation-profile 41
no cable upstream 1 shutdown
cable upstream 2 connector 2
cable upstream 2 frequency 30000000
cable upstream 2 docsis-mode tdma
cable upstream 2 channel-width 1600000 1600000
cable upstream 2 minislot-size 4
cable upstream 2 power-level 0
cable upstream 2 range-backoff 3 6
cable upstream 2 data-backoff automatic
cable upstream 2 modulation-profile 41
no cable upstream 2 shutdown
cable upstream 3 connector 3
cable upstream 3 frequency 30000000
cable upstream 3 docsis-mode tdma
cable upstream 3 channel-width 1600000 1600000
cable upstream 3 minislot-size 4
cable upstream 3 power-level 0
cable upstream 3 range-backoff 3 6
cable upstream 3 data-backoff automatic
cable upstream 3 modulation-profile 41
no cable upstream 3 shutdown
!
interface Cable3/1
no ip address
shutdown
no cable packet-cache
cable downstream channel-id 81
cable downstream annex B
cable downstream modulation 64qam
cable downstream interleave-depth 32
cable downstream rf-shutdown
cable upstream max-ports 4
cable upstream 0 connector 4
cable upstream 0 docsis-mode tdma
cable upstream 0 channel-width 1600000 1600000
cable upstream 0 minislot-size 4
cable upstream 0 range-backoff 3 6
cable upstream 0 modulation-profile 41
cable upstream 0 shutdown
cable upstream 1 connector 5
cable upstream 1 docsis-mode tdma
cable upstream 1 channel-width 1600000 1600000
cable upstream 1 minislot-size 4
cable upstream 1 range-backoff 3 6
cable upstream 1 modulation-profile 41
cable upstream 1 shutdown
cable upstream 2 connector 6
cable upstream 2 docsis-mode tdma
cable upstream 2 channel-width 1600000 1600000
cable upstream 2 minislot-size 4
cable upstream 2 range-backoff 3 6
cable upstream 2 modulation-profile 41
cable upstream 2 shutdown
cable upstream 3 connector 7
cable upstream 3 docsis-mode tdma
cable upstream 3 channel-width 1600000 1600000
cable upstream 3 minislot-size 4
cable upstream 3 range-backoff 3 6
cable upstream 3 modulation-profile 41
cable upstream 3 shutdown
!
interface Bundle1
ip address 172.201.1.1 255.255.255.0 secondary
ip address 172.201.2.1 255.255.255.0 secondary
ip address 10.10.0.1 255.255.0.0
ip accounting output-packets
ip nat inside
ip dhcp relay information trusted
cable arp filter request-send 3 2
cable arp filter reply-accept 3 2
cable dhcp-giaddr policy
cable helper-address 10.67.37.43
!
ip nat inside source list 100 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.67.37.41
no ip http server
no ip http secure-server
!
access-list 48 permit 10.67.37.43
access-list 100 permit ip 172.201.1.0 0.0.0.255 any
access-list 100 permit ip 172.201.2.0 0.0.0.255 any
cdp run
!
nls resp-timeout 1
cpd cr-id 1
snmp-server community public RO 48
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login local
line vty 5 15
login
!
scheduler allocate 4000 400
end
Can anyone please help me to understand what the problem is?
Thanks.
Just like in this thread: http://docsis.org/node/1711
Its generally a bad idea to have your CMTS doing the NAT translation, you need to get that load off onto another router.
The CMTS configuration it is good?
I have a linux box that I could use to handle the NAT... I need to know if there is some solution that I can apply into the CMTS until I get the linux box working with NAT.
Thanks for your help.
Some additional information:
uBR7223-LA#show interfaces switching
FastEthernet0/0
Throttle count 1
Drops RP 5 SP 0
SPD Flushes Fast 136769 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 21562 Drops 0
Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 9123901 1820985297 13221267 1048180663
Cache misses 0 - - -
Fast 199765532 2359252669 125624927 3815397679
Auton/SSE 0 0 0 0
Protocol ARP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 8577 514620 5409 324540
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol CDP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 3190 1116500 3199 1356304
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol Other
Switching path Pkts In Chars In Pkts Out Chars Out
Process 4 5070 19160 1149600
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
NOTE: all counts are cumulative and reset only after a reload.
Interface FastEthernet1/0 is disabled
Cable3/0
Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 0 0 0 0
Cache misses 0 - - -
Fast 0 0 195173027 2018808755
Auton/SSE 0 0 0 0
Protocol Other
Switching path Pkts In Chars In Pkts Out Chars Out
Process 135948818 0 0 0
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
NOTE: all counts are cumulative and reset only after a reload.
Interface Cable3/1 is disabled
Bundle1
Throttle count 0
Drops RP 0 SP 0
SPD Flushes Fast 103542 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 48527 Drops 0
Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 10133186 876657787 3 1147
Cache misses 0 - - -
Fast 125637217 3811062090 195181073 2027660120
Auton/SSE 0 0 0 0
Protocol ARP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 46455 2098440 0 0
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
Protocol Other
Switching path Pkts In Chars In Pkts Out Chars Out
Process 135962824 0 0 0
Cache misses 0 - - -
Fast 0 0 0 0
Auton/SSE 0 0 0 0
NOTE: all counts are cumulative and reset only after a reload.
NAT on a cmts usually causes a bit of high CPU. One thing I noticed is that your translating your 172 sinners to a 10 subnet... Both are private unroutable subnets. Do you end up NATing the 10 subnet? I would recommend removing the NATing from the cmts and doing it on a upstream router
I didn't notice that. Where is the router that is the gateway for your CMTS? *It* should be doing the NAT translation. ... what drove you to add the nat translation in the first place, or has it always been configured like this?
Don't mess with a linux box, you're just compounding the problem. Its pointless to do a Nat translation in your CMTS when your CMTS has a local IP, which means there are two nat translations happening back to back (which is a bad thing).
how many sessions nat translations do you hace and traffic on mbps ?
thanks
I think that you have a problem with your internet provider, you are using IP addresses of your provider, so you have a lot of filters on these IP's so you have this problem.
Put the NAT on your router in the front of your CMTS, and make BGP with your own IP's.