I have a CCR1036 doing NAT and plan to replace with a/several CCR2116(s).
The 1036 has a large number of connections in the conntrack table (typically 150-300k) and it won’t be long until it starts to hit the throughput limits of its 2x10G interfaces. Despite this, CPU use is topping out at only around 35%.
The 2116 am I testing has L3HW enabled and NAT offload seems to be working fine, but I have it only lightly loaded at the moment.
My question: is it foolish to try to NAT this many connections with the switch chip? Has anyone tried offloaded NAT with several hundred thousand connections as I propose to? I know that the busiest connections get swapped in and the slower/idle ones gets swapped out, but am I asking too much of this process? Will the switch chip burst into flames?
Any insight is greatly appreciated.