The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes a scenario where Network Address Translation for Virtual Interface (NAT NVI) causes high CPU utilization. NAT NVI was designed to allow NAT between Virtual Route Forwarding (VRF) contexts, but has been seen to be deployed in non VRF scenarios.
IP Input High CPU with Non-VRF NAT NVI
In some of these Non-VRF scenarios, NAT NVI can cause process switching which can lead to high cpu due to the IP Input process and reduced throughput. Process Switching is seen when NAT NVI is done along with interface overload or the NAT pool that contains IP addresses that are within the subnet of a local interface. When this happens, show process cpu sorted command shows high utilization due to the IP Input process.
Router#show process cpu sorted CPU utilization for five seconds: 84%/37%; one minute: 30%; five minutes: 11%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
112 189988000 137290092 1383 45.91% 13.97% 4.05% 0 IP Input
show ip cef switching statistics feature shows a large and increased number of punts due to Packet destined for us:
Router#show ip cef switching statistics
Reason Drop Punt Punt2Host
RP LES Packet destined for us 0 1402039546 0
RP LES Total 0 1402039546 0
All Total 0 1402039546 0
Replace NAT NVI with Legacy NAT (ip nat inside or ip nat outside) as shown here:
1. Add in the new legacy NAT statements for dynamic and static entries.
(config)#ip nat inside source list 100 interface GigabitEthernet0/0 overload
2. Add ip nat inside or ip nat outside as appropriate to the NAT interfaces.