No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CPU Usage Becomes High After DNS Mapping Is Configured on the AR3260

Publication Date:  2015-04-01 Views:  1104 Downloads:  0

Issue Description


Fault Symptom:

An internal PC is required to access an internal server using the public domain name. The configuration file is as follows:

nat alg dns enable
nat dns-map 80 tcp
nat dns-map 80 tcp

After the configuration is complete, the CPU usage becomes high and an alarm is generated.

Jun 5 2013 08:57:55+00:00 AR3260 %%01MON/4/CPU_USAGE_HIGH(l)[0]:The CPU is overloaded, and the tasks with top three CPU occupancy are VALP(91%), SOCK(0%), AREM(0%). (CpuUsage=97%, Threshold=80%)
Jun 5 2013 08:56:48+00:00 AR3260 %%01MON/4/CPU_USAGE_HIGH(l)[1]:The CPU is overloaded, and the tasks with top three CPU occupancy are VALP(87%), SOCK(0%), QADP(0%). (CpuUsage=93%, Threshold=80%)
Jun 5 2013 08:54:13+00:00 AR3260 %%01MON/4/CPU_USAGE_HIGH(l)[2]:The CPU is overloaded, and the tasks with top three CPU occupancy are VALP(94%), QADP(1%), SOCK(0%). (CpuUsage=100%, Threshold=80%)

Handling Process

There are many hosts on the internal network. When DNS ALG is enabled and internal hosts forward packets with domain names, the packets need to be sent to the AR for parsing.

To solve the problem, perform the following operations:

1.  Delete the DNS ALG and DNS mapping configuration.

undo nat alg dns enable
undo nat dns-map 80 tcp
undo nat dns-map 80 tcp

2.  Configure the NAT server on GE1/0/0.

acl number 3000
rule 0 permit ip source destination 0
interface GigabitEthernet1/0/0
ip address
nat outbound 3000 //Configure Easy IP when an internal host accesses IP address and change the source address to the IP address of GE1/0/0 to ensure that packets exchanged between the internal server and host are forwarded by the router.
nat server protocol tcp global www inside www  //Change the destination address to the private address when an internal host accesses IP address


The ALG function enables the NAT device to identify the IP address or port number in the data field, and to translate addresses according to the mapping table. The AR supports ALG for DNS, FTP, SIP, PPTP, and RTSP.

When many internal hosts use domain names to access internal servers and NAT ALG is enabled, the AR's CPU usage becomes high. You can use outbound NAT or NAT server to prevent this problem.