CPU Usage Becomes High After DNS Mapping Is Configured on the AR3260

Publication Date:  2015-04-01 Views:  440 Downloads:  0
Issue Description
Networking:




Fault Symptom:

An internal PC is required to access an internal server using the public domain name. The configuration file is as follows:

nat alg dns enable
#
nat dns-map ztbzx.huangshi.gov.cn 61.184.106.138 80 tcp
nat dns-map www.hsztbzx.com 61.184.106.138 80 tcp
#


After the configuration is complete, the CPU usage becomes high and an alarm is generated.

Jun 5 2013 08:57:55+00:00 AR3260 %%01MON/4/CPU_USAGE_HIGH(l)[0]:The CPU is overloaded, and the tasks with top three CPU occupancy are VALP(91%), SOCK(0%), AREM(0%). (CpuUsage=97%, Threshold=80%)
Jun 5 2013 08:56:48+00:00 AR3260 %%01MON/4/CPU_USAGE_HIGH(l)[1]:The CPU is overloaded, and the tasks with top three CPU occupancy are VALP(87%), SOCK(0%), QADP(0%). (CpuUsage=93%, Threshold=80%)
Jun 5 2013 08:54:13+00:00 AR3260 %%01MON/4/CPU_USAGE_HIGH(l)[2]:The CPU is overloaded, and the tasks with top three CPU occupancy are VALP(94%), QADP(1%), SOCK(0%). (CpuUsage=100%, Threshold=80%)
Handling Process
There are many hosts on the internal network. When DNS ALG is enabled and internal hosts forward packets with domain names, the packets need to be sent to the AR for parsing.

To solve the problem, perform the following operations:

1.  Delete the DNS ALG and DNS mapping configuration.

undo nat alg dns enable
undo nat dns-map ztbzx.huangshi.gov.cn 61.184.106.138 80 tcp
undo nat dns-map www.hsztbzx.com 61.184.106.138 80 tcp


2.  Configure the NAT server on GE1/0/0.

#
acl number 3000
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 61.184.106.138 0
#
interface GigabitEthernet1/0/0
ip address 192.168.1.1 255.255.255.0
nat outbound 3000 //Configure Easy IP when an internal host accesses IP address 61.184.106.138 and change the source address to the IP address of GE1/0/0 to ensure that packets exchanged between the internal server and host are forwarded by the router.
nat server protocol tcp global 61.184.106.138 www inside 192.168.1.2 www  //Change the destination address to the private address when an internal host accesses IP address 61.184.106.138.
Suggestions
The ALG function enables the NAT device to identify the IP address or port number in the data field, and to translate addresses according to the mapping table. The AR supports ALG for DNS, FTP, SIP, PPTP, and RTSP.

When many internal hosts use domain names to access internal servers and NAT ALG is enabled, the AR's CPU usage becomes high. You can use outbound NAT or NAT server to prevent this problem.

END