Keeping VoIP calls up while high IP Input process cpu time

Discussion in 'Cisco' started by Brian McCrary, Jun 29, 2005.

  1. Hello,

    I was having a problem with a router that I'm not sure how's the best
    way to prevent it from happening again. I have a MC3810 running 12.3,
    and it provides a PRI and NAT through a T1 data connection.

    One of the computers running through the NAT got a virus and started
    opening up thousands of connections to port 443 per second. This caused
    the IP Input process to max out the CPU time, and as a side effect VoIP
    calls couldn't go through.

    I fixed the problem with an access list so that port won't be a problem
    in the future, however, I'm sure at some time some other virus will
    cause a similar problem with another port.

    Is there any way I can force the router to still handle VoIP calls even
    with a high CPU utilization? I know the IP Input process is obvoisly
    important for VoIP calls too, but I wonder if there is a way I could
    give higher preferences to certain types of activity over others.

    Thanks,

    Brian
     
    Brian McCrary, Jun 29, 2005
    #1
    1. Advertisements

  2. Hi,

    you should configure QOS on your MC3810.
    QOS allowa you to priorize the VOIP over the remaining traffic.

    Andre

    http://www.cisco.com/en/US/tech/tk543/tsd_technology_support_category_home.html
     
    Andre Janssen, Jun 29, 2005
    #2
    1. Advertisements

  3. Brian McCrary

    Anthony Guest

    QoS is the way to go to prioritize VoIP in a high traffic enviornment.
    On a side note though, in 12.3(14)T and later versions of IOS you can
    now use the "ip nat translation max-entries all-host <max-entries>"
    command to limit the number of NAT sessions on a per-host basis.This
    allows only X number of translations to be built per unique
    source ip address.
     
    Anthony, Jul 1, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.