No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR100, AR120, AR160, AR1200, AR2200, AR3200, and AR3600 V300R003

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
What Should I Do If the CPU Usage Is High After DNS Mapping Is Configured

What Should I Do If the CPU Usage Is High After DNS Mapping Is Configured

After DNS mapping is configured, the CPU processes packets before the router forwards the packets. If a large number of packets need to be processed, the CPU usage is high.

If the CPU usage remains high and affects device usage, it is recommended that you delete the DNS mapping configuration and disable the DNS ALG function to prevent packets from being sent to the CPU, reducing the CPU usage. To protect the router and meet users' service demands, add the NAT server configuration on the interface connecting to the internal network.

When an internal network host accesses an internal network server using the domain name, the host sends a domain name request to the DNS server. The DNS server encapsulates the public IP address corresponding to the domain name into the response packet. If the DNS mapping and DNS ALG functions are enabled, the router converts the public IP address encapsulated in a DNS response packet into a private IP address when forwarding the packet to an internal network host. After the DNS mapping and DNS ALG configurations are deleted, the router cannot perform IP address translation. You can add the NAT server configuration on the interface connecting to the internal network. The public IP address then can be converted into the private IP address of the internal network server, allowing internal network hosts to access the internal network server.

The configuration procedure is as follows:

  1. On the NAT-enabled router, run the undo nat alg enable command to disable the DNS ALG function and run the undo nat dns-map command to delete the DNS mapping configuration.
  2. On the interface connecting to the internal network, run the nat server command to add the NAT server configuration. This configuration allows the router to convert the public IP address of the internal network server into its private IP address when an internal network host accesses the internal network server.

Disable the DNS ALG function and delete the DNS mapping configuration.

<Huawei> system view
[Huawei] undo nat dns-map www.bz2z.com 1.1.1.1 80 tcp
[Huawei] undo nat dns-map bz2z.com 1.1.1.1 80 tcp

Assume that the interface connecting to the public network is GE0/0/0 and the interface connecting to the internal network is GE0/0/1. Check the configuration of the interface connecting to the public network.

[Huawei] interface gigabitethernet 0/0/0
[Huawei-GigabitEthernet0/0/0] display this
#
interface GigabitEthernet0/0/0 
 ip address 1.1.1.2 255.255.255.0 
 nat server protocol tcp global current-interface 80 inside 192.168.1.100 80 
 nat outbound 3001 
[Huawei-GigabitEthernet0/0/0] quit

Configure NAT server on the interface connecting to the internal network. Change the keyword current-interface in the NAT server configuration to the specified public network interface.

[Huawei-GigabitEthernet0/0/1] nat server protocol tcp global interface gigabitethernet 0/0/0 80 inside 192.168.1.100 80

After the preceding configurations are complete, the CPU usage is reduced and internal network hosts can normally access the internal network server.

Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100069333

Views: 33698

Downloads: 169

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next