NAT而引发路由器CPU占用率高的解决方法

现象描述：路由器在网吧中的应用中，经常有用户反映速度慢，路由器CPU占用率高等问题。

解决方法：主要是调整NAT表项超时时间，设置过短可能会影响应用，如在线游戏等等。一般在线游戏如《传奇》等，都使用UDP报文，将UDP报文超时设置大一点。具体设置需要向用户了解应用，分析应用特点，如是用TCP还是UDP还是ICMP？是大量小数据包还是大量数据传输类型？是否频繁有数据交互？这些问题涉及到路由器工作时的状态，如NAT表项占用太多内存，CPU占用率是否太高等等，表现出来就是：是否经常有用户不能上线？是否在线游戏老是掉线？这些问题需要和用户很好地协商才能解决。

网吧里面的用户一般都是直接关闭应用程序，导致TCP连接未能友好关闭，网络上存在大量未 FIN/RST 的TCP半开连接。按照默认，Cisco 24 小时才会将这种 TCP nat 表项删除，BD 为 1 个小时，神州数码为 10分钟。

消除这种无用表项利于路由器内存使用量。

一般一个TCP连接3－5分钟没有传送任何数据，那么很可能就是这种半开的“死”连接，我们将ip nat transaction tcp-timeout设置为180-300即可，具体数据通过在用户处多测试几次，等到效果用户可接受为止。

DCR-1700路由器的实际配置案例：
GateWay#sh run
正在收集配置...
当前配置:!
!version 1.3.0N
service timestamps log date
service timestamps debug date
no service password-encryption
!
boot system flash DCR1700-1.3.0NJ.bin
!
hostname GateWay
!
interface FastEthernet0/0
ip address 211.90.27.214 255.255.255.248
 no ip directed-broadcast
 speed 100
 duplex full
 ip nat outside
!
interface Ethernet1/0
 ip address 192.168.0.1 255.255.255.0
 no ip directed-broadcast
 duplex full
 ip nat inside
!
interface Ethernet2/0
 ip address 192.168.1.1 255.255.255.0
 no ip directed-broadcast
 duplex half
 ip nat inside
!
interface Async0/0
 no ip address
 no ip directed-broadcast
!
ip route default 211.90.27.209 29
!
snmp-server community ro RO Bsm235
snmp-server community rw RO public
!
ip access-list standard 1
 permit 192.168.0.0 255.255.255.0
 permit 192.168.1.0 255.255.255.0
!
!
!
ip nat pool lin 211.90.27.214 211.90.27.214 255.255.255.0
ip nat translation dns-timeout 20
ip nat translation finrst-timeout 5
ip nat translation max-entries 1024
ip nat translation syn-timeout 10
ip nat translation tcp-timeout 180
ip nat translation timeout 45
ip nat translation udp-timeout 20
ip nat translation max-links 10
ip nat inside source list 1 pool lin overload
!
!
!
GateWay#sh ver
Digitalchina Internetwork Operating System Software
1700 Series Software, Version 1.3.0N (BASE), RELEASE SOFTWARE
Copyright (c) 1996-2000 by China Digitalchina CO.LTD
Compiled: 2002-12-10 23:0:14 by system, Image text-base: 0x6004
ROM: System Bootstrap, Version 0.1.9
Serial num:8IRT01V12101000010, ID num:001036
System image file is "DCR1700-1.3.0NJ.bin"
DCR-1700 Processor MPC860T CPU at 50Mhz
32768K bytes of memory,8192K bytes of flash
GateWay uptime is 0:17:57:35, The current time: 2002-12-19 2:52:34
Slot 0: FEC Slot
  Port 0: 10/100Mbps full-duplex Ethernet
Slot 1: SCC Slot
  Port 0: 10M Ethernet
Slot 2: SCC Slot
  Port 0: 10M Ethernet
GateWay#sh ip nat tran ver
Pro. Dir Inside local     Inside global    Outside local    Outside global
TCP  OUT 192.168.0.17:1261 211.90.27.214:10000 61.136.62.129:2002 61.136.62.129:2002
    create time 00:01:15, left time 00:03:00
TCP  OUT 192.168.0.68:1090 211.90.27.214:10004 211.157.3.226:80 211.157.3.226:80
    create time 00:00:05, left time 00:03:00
TCP  OUT 192.168.0.136:1060 211.90.27.214:10005 202.108.42.26:2688 202.108.42.26:2688
    create time 00:01:40, left time 00:03:00
UDP  OUT 192.168.0.68:1089 211.90.27.214:10008 211.90.8.129:53 211.90.8.129:53
    create time 00:00:05, left time 00:00:15
ICMP OUT 192.168.0.23:39371 211.90.27.214:10009 210.51.17.107:10009 210.51.17.107:10009
    create time 00:02:05, left time 00:01:00
TCP  OUT 192.168.0.68:1091 211.90.27.214:10010 211.157.3.226:80 211.157.3.226:80
    create time 00:00:05, left time 00:03:00
ICMP OUT 192.168.0.23:15848 211.90.27.214:10011 210.51.17.108:10011 210.51.17.108:10011
    create time 00:02:05, left time 00:01:00
TCP  OUT 192.168.0.139:1131 211.90.27.214:10012 202.99.160.89:80 202.99.160.89:80
    create time 00:00:05, left time 00:02:55
TCP  OUT 192.168.0.112:1031 211.90.27.214:10013 61.172.252.5:7000 61.172.252.5:7000
    create time 00:00:35, left time 00:02:45
TCP  OUT 192.168.0.56:1049 211.90.27.214:10014 211.167.75.31:10100 211.167.75.31:10100
    create time 00:02:05, left time 00:02:55
TCP  OUT 192.168.0.53:1059 211.90.27.214:10015 61.132.102.228:80 61.132.102.228:80
    create time 00:01:10, left time 00:02:15
TCP  OUT 192.168.0.129:1065 211.90.27.214:10016 61.151.252.238:6230 61.151.252.238:6230
    create time 00:00:25, left time 00:02:35
TCP  OUT 192.168.0.128:1070 211.90.27.214:10017 202.108.42.26:2688 202.108.42.26:2688
    create time 00:01:55, left time 00:03:00
UDP  OUT 192.168.0.125:1068 211.90.27.214:10018 218.63.85.248:10225 218.63.85.248:10225
    create time 00:00:15, left time 00:00:20
TCP  OUT 192.168.0.125:1067 211.90.27.214:10019 61.151.252.238:6230 61.151.252.238:6230
    create time 00:00:15, left time 00:02:45
TCP  OUT 192.168.0.56:1061 211.90.27.214:10020 211.167.75.32:10141 211.167.75.32:10141
    create time 00:00:05, left time 00:03:00
TCP  OUT 192.168.0.88:1041 211.90.27.214:10021 61.153.17.32:2002 61.153.17.32:2002
    create time 00:00:15, left time 00:03:00
UDP  OUT 192.168.0.129:1066 211.90.27.214:10022 218.63.85.248:10225 218.63.85.248:10225
    create time 00:00:25, left time 00:00:20
TCP  OUT 192.168.0.56:1056 211.90.27.214:10023 211.144.9.78:80 211.144.9.78:80
    create time 00:00:50, left time 00:02:10
TCP  OUT 192.168.0.56:1055 211.90.27.214:10024 211.144.9.78:80 211.144.9.78:80
    create time 00:00:50, left time 00:02:10
TCP  OUT 192.168.0.133:1950 211.90.27.214:10025 61.135.129.204:80 61.135.129.204:80
    create time 00:00:40, left time 00:02:35
TCP  OUT 192.168.0.88:1043 211.90.27.214:10026 61.153.17.32:2002 61.153.17.32:2002
    create time 00:00:10, left time 00:02:50
TCP  OUT 192.168.0.114:1049 211.90.27.214:10027 218.104.85.216:7202 218.104.85.216:7202
    create time 00:01:15, left time 00:03:00
UDP  OUT 192.168.0.33:4000 211.90.27.214:10029 61.174.198.251:7377 61.174.198.251:7377
    create time 00:02:05, left time 00:00:20
TCP  OUT 192.168.0.23:1245 211.90.27.214:10030 218.244.110.53:80 218.244.110.53:80
    create time 00:00:15, left time 00:02:45
TCP  OUT 192.168.0.113:1085 211.90.27.214:10031 61.241.130.41:7206 61.241.130.41:7206
    create time 00:01:10, left time 00:03:00
UDP  OUT 192.168.0.88:4000 211.90.27.214:10032 61.144.238.146:8000 61.144.238.146:8000
    create time 00:00:10, left time 00:00:10
UDP  OUT 192.168.0.48:4000 211.90.27.214:10034 202.104.129.251:8000 202.104.129.251:8000
    create time 00:00:05, left time 00:00:15
TCP  OUT 192.168.0.11:1297 211.90.27.214:10035 202.99.168.34:2002 202.99.168.34:2002
    create time 00:00:50, left time 00:02:10
UDP  OUT 192.168.0.48:1025 211.90.27.214:10037 211.90.8.129:53 211.90.8.129:53
    create time 00:00:05, left time 00:00:15
TCP  OUT 192.168.0.12:1183 211.90.27.214:10038 202.99.168.34:3004 202.99.168.34:3004
    create time 00:00:55, left time 00:03:00
UDP  OUT 192.168.0.82:4001 211.90.27.214:10040 202.104.129.251:8000 202.104.129.251:8000
    create time 00:00:45, left time 00:00:15
TCP  OUT 192.168.0.45:1200 211.90.27.214:10043 61.172.251.118:7200 61.172.251.118:7200
    create time 00:00:55, left time 00:03:00
TCP  OUT 192.168.0.33:1120 211.90.27.214:10044 202.96.140.15:1995 202.96.140.15:1995
    create time 00:02:05, left time 00:03:00
TCP  OUT 192.168.0.112:1034 211.90.27.214:10045 218.25.230.38:7205 218.25.230.38:7205
    create time 00:00:05, left time 00:02:55
TCP  OUT 192.168.0.55:1226 211.90.27.214:10047 211.167.75.31:10100 211.167.75.31:10100
    create time 00:02:05, left time 00:02:55
TCP  OUT 192.168.0.111:1136 211.90.27.214:10048 61.172.252.10:7206 61.172.252.10:7206
    create time 00:01:15, left time 00:03:00
TCP  OUT 192.168.0.16:1307 211.90.27.214:10049 202.96.140.21:1995 202.96.140.21:1995
    create time 00:02:05, left time 00:03:00
TCP  OUT 192.168.0.23:1230 211.90.27.214:10052 61.241.82.24:80 61.241.82.24:80
    create time 00:00:40, left time 00:02:20
TCP  OUT 192.168.0.11:1296 211.90.27.214:10054 202.99.168.34:3004 202.99.168.34:3004
    create time 00:00:50, left time 00:03:00
TCP  OUT 192.168.0.23:1235 211.90.27.214:10056 202.104.32.196:80 202.104.32.196:80
    create time 00:00:40, left time 00:02:20
TCP  OUT 192.168.0.124:1036 211.90.27.214:10057 61.172.247.177:7000 61.172.247.177:7000
    create time 00:00:40, left time 00:02:20
TCP  OUT 192.168.0.113:1082 211.90.27.214:10058 61.172.242.114:7000 61.172.242.114:7000
    create time 00:01:30, left time 00:01:45
TCP  OUT 192.168.0.121:1058 211.90.27.214:10059 61.145.118.171:8188 61.145.118.171:8188
    create time 00:02:00, left time 00:03:00
TCP  OUT 192.168.0.23:1234 211.90.27.214:10060 211.154.222.63:80 211.154.222.63:80
    create time 00:00:40, left time 00:02:20
TCP  OUT 192.168.0.88:1042 211.90.27.214:10061 61.153.17.32:3012 61.153.17.32:3012
    create time 00:00:10, left time 00:03:00
TCP  OUT 192.168.0.17:1264 211.90.27.214:10064 61.136.62.129:2002 61.136.62.129:2002
    create time 00:00:45, left time 00:02:15
TCP  OUT 192.168.0.23:1229 211.90.27.214:10068 210.51.17.108:9065 210.51.17.108:9065
    create time 00:02:00, left time 00:03:00
UDP  OUT 192.168.0.132:1755 211.90.27.214:10069 211.90.8.129:53 211.90.8.129:53
    create time 00:00:10, left time 00:00:10
UDP  OUT 192.168.0.18:4000 211.90.27.214:10070 202.102.142.59:5275 202.102.142.59:5275
    create time 00:00:00, left time 00:00:20
TCP  OUT 192.168.0.23:1241 211.90.27.214:10072 218.244.110.54:80 218.244.110.54:80
    create time 00:00:25, left time 00:03:00
TCP  OUT 192.168.0.17:1263 211.90.27.214:10073 61.136.62.129:3000 61.136.62.129:3000
    create time 00:00:45, left time 00:02:55
TCP  OUT 192.168.0.134:1056 211.90.27.214:10074 202.108.42.45:4588 202.108.42.45:4588
    create time 00:02:00, left time 00:02:55
TCP  OUT 192.168.0.53:1068 211.90.27.214:10075 202.108.36.213:80 202.108.36.213:80
    create time 00:00:45, left time 00:02:15
TCP  OUT 192.168.0.17:1260 211.90.27.214:10078 61.136.62.129:3000 61.136.62.129:3000
    create time 00:01:20, left time 00:03:00
UDP  OUT 61.243.240.117:25025 211.90.27.214:10079 192.168.0.88:1041 192.168.0.88:1041
    create time 00:00:00, left time 00:00:20
TCP  OUT 192.168.0.104:1051 211.90.27.214:10080 61.186.250.72:7200 61.186.250.72:7200
    create time 00:01:00, left time 00:03:00
TCP  OUT 192.168.0.11:1294 211.90.27.214:10081 202.99.168.34:3004 202.99.168.34:3004
    create time 00:01:00, left time 00:03:00
TCP  OUT 192.168.0.12:1184 211.90.27.214:10082 202.99.168.34:2002 202.99.168.34:2002
    create time 00:00:50, left time 00:03:00
TCP  OUT 192.168.0.139:1128 211.90.27.214:10085 202.99.168.98:50 202.99.168.98:50
    create time 00:01:40, left time 00:03:00
TCP  OUT 192.168.0.6:1784 211.90.27.214:10086 218.5.72.43:80 218.5.72.43:80
    create time 00:01:00, left time 00:02:10
TCP  OUT 192.168.0.88:1040 211.90.27.214:10087 61.153.17.32:3012 61.153.17.32:3012
    create time 00:00:20, left time 00:03:00
TCP  OUT 192.168.0.131:1070 211.90.27.214:10089 202.108.42.88:8888 202.108.42.88:8888
    create time 00:01:50, left time 00:03:00
TCP  OUT 192.168.0.137:1210 211.90.27.214:10090 210.38.3.132:3288 210.38.3.132:3288
    create time 00:01:50, left time 00:03:00
UDP  OUT 192.168.0.38:1382 211.90.27.214:10091 211.90.8.129:53 211.90.8.129:53
    create time 00:00:05, left time 00:00:15
TCP  OUT 192.168.0.53:1065 211.90.27.214:10094 61.132.102.228:80 61.132.102.228:80
    create time 00:00:45, left time 00:02:15
UDP  OUT 192.168.0.6:1813 211.90.27.214:10096 211.90.8.129:53 211.90.8.129:53
    create time 00:00:05, left time 00:00:15
TCP  OUT 192.168.0.11:1295 211.90.27.214:10097 202.99.168.34:2002 202.99.168.34:2002
    create time 00:00:55, left time 00:03:00
TCP  OUT 192.168.0.126:1052 211.90.27.214:10099 202.108.42.26:2688 202.108.42.26:2688
    create time 00:01:35, left time 00:03:00
TCP  OUT 192.168.0.130:1108 211.90.27.214:10100 61.172.254.233:41820 61.172.254.233:41820
    create time 00:01:35, left time 00:03:00
TCP  OUT 192.168.0.6:1783 211.90.27.214:10101 218.5.72.43:80 218.5.72.43:80
    create time 00:01:00, left time 00:02:00
TCP  OUT 192.168.0.106:1089 211.90.27.214:10103 218.6.243.253:7200 218.6.243.253:7200
    create time 00:01:20, left time 00:03:00
 
GateWay#sh ip nat sta
Total active translations: 1 (0 static, 0 dynamic; 1 PAT)
Outside interfaces:
 FastEthernet0/0
Inside interfaces:
 Ethernet1/0 Ethernet2/0
Dynamic mappings:
-- Inside Source
-- Outside Source
ICMP=2, UDP=44, TCP=47 / TOTAL=93
 
GateWay#
GateWay#sh cpu
CPU Usage :     27.0% user, 73.0% idle
GateWay#sh cpu
CPU Usage :     21.7% user, 78.3% idle
GateWay#sh cpu
CPU Usage :     27.0% user, 73.0% idle
GateWay#sh cpu
CPU Usage :     22.3% user, 77.7% idle
GateWay#sh cpu
CPU Usage :     25.5% user, 74.5% idle
GateWay#sh cpu
CPU Usage :     24.7% user, 75.3% idle
GateWay#sh cpu
CPU Usage :     19.9% user, 80.1% idle
GateWay#sh cpu
CPU Usage :     23.0% user, 77.0% idle
GateWay#sh cpu
CPU Usage :     21.1% user, 78.9% idle
GateWay#sh cpu
CPU Usage :     18.9% user, 81.1% idle
GateWay#

相关文章

H3C AR 18-2X 系列以太网宽带路由..[03-23]

H3C AR 18-6X 系列全千兆以太网路..[03-23]

H3C AR 28-1X 系列模块化路由器[03-23]

H3C AR 46 系列路由器[03-23]

H3C MSR 20 系列路由器[03-23]

H3C MSR 30 系列路由器[03-23]

最新文章

通用软件产品[04-18]

DCS-3950S交换机如何避免“传奇木..[09-11]

千兆模块与intel千兆网卡连接协商..[09-11]

交互式电子白板方案[09-08]

如何通过申请的域名访问NAT后的内..[06-09]

WinXP如何启用自带802.1x客户端功..[06-09]