Keeping VoIP calls up while high IP Input process cpu time

Discussion in 'Cisco' started by Brian McCrary, Jun 29, 2005.

  1. Hello,

    I was having a problem with a router that I'm not sure how's the best
    way to prevent it from happening again. I have a MC3810 running 12.3,
    and it provides a PRI and NAT through a T1 data connection.

    One of the computers running through the NAT got a virus and started
    opening up thousands of connections to port 443 per second. This caused
    the IP Input process to max out the CPU time, and as a side effect VoIP
    calls couldn't go through.

    I fixed the problem with an access list so that port won't be a problem
    in the future, however, I'm sure at some time some other virus will
    cause a similar problem with another port.

    Is there any way I can force the router to still handle VoIP calls even
    with a high CPU utilization? I know the IP Input process is obvoisly
    important for VoIP calls too, but I wonder if there is a way I could
    give higher preferences to certain types of activity over others.


    Brian McCrary, Jun 29, 2005
    1. Advertisements

  2. Hi,

    you should configure QOS on your MC3810.
    QOS allowa you to priorize the VOIP over the remaining traffic.

    Andre Janssen, Jun 29, 2005
    1. Advertisements

  3. Brian McCrary

    Anthony Guest

    QoS is the way to go to prioritize VoIP in a high traffic enviornment.
    On a side note though, in 12.3(14)T and later versions of IOS you can
    now use the "ip nat translation max-entries all-host <max-entries>"
    command to limit the number of NAT sessions on a per-host basis.This
    allows only X number of translations to be built per unique
    source ip address.
    Anthony, Jul 1, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.