What Should I Do If the CPU Usage Is High After DNS Mapping Is Configured?
After DNS mapping is configured, the CPU processes packets before the router forwards the packets. If a large number of packets need to be processed, the CPU usage is high.
If the CPU usage remains high and affects device usage, it is recommended that you delete the DNS mapping configuration and disable the DNS ALG function to prevent packets from being sent to the CPU, reducing the CPU usage. To protect the router and meet users' service demands, add the NAT server configuration on the interface connecting to the internal network.
When an internal network host accesses an internal network server using the domain name, the host sends a domain name request to the DNS server. The DNS server encapsulates the public IP address corresponding to the domain name into the response packet. If the DNS mapping and DNS ALG functions are enabled, the router converts the public IP address encapsulated in a DNS response packet into a private IP address when forwarding the packet to an internal network host. After the DNS mapping and DNS ALG configurations are deleted, the router cannot perform IP address translation. You can add the NAT server configuration on the interface connecting to the internal network. The public IP address then can be converted into the private IP address of the internal network server, allowing internal network hosts to access the internal network server.
The configuration procedure is as follows:
- On the NAT-enabled router, run the undo nat alg enable command to disable the DNS ALG function and run the undo nat dns-map command to delete the DNS mapping configuration.
- On the interface connecting to the internal network, run the nat server command to add the NAT server configuration. This configuration allows the router to convert the public IP address of the internal network server into its private IP address when an internal network host accesses the internal network server.
Disable the DNS ALG function and delete the DNS mapping configuration.
<Huawei> system view [Huawei] undo nat dns-map www.bz2z.com 1.1.1.1 80 tcp [Huawei] undo nat dns-map bz2z.com 1.1.1.1 80 tcp
Assume that the interface connecting to the public network is GE0/0/0 and the interface connecting to the internal network is GE0/0/1. Check the configuration of the interface connecting to the public network.
[Huawei] interface gigabitethernet 0/0/0 [Huawei-GigabitEthernet0/0/0] display this # interface GigabitEthernet0/0/0 ip address 1.1.1.2 255.255.255.0 nat server protocol tcp global current-interface 80 inside 192.168.1.100 80 nat outbound 3001 [Huawei-GigabitEthernet0/0/0] quit
Configure NAT server on the interface connecting to the internal network. Change the keyword current-interface in the NAT server configuration to the specified public network interface.
[Huawei-GigabitEthernet0/0/1] nat server protocol tcp global interface gigabitethernet 0/0/0 80 inside 192.168.1.100 80
After the preceding configurations are complete, the CPU usage is reduced and internal network hosts can normally access the internal network server.