A few days ago I had an “interesting” experience on a router that was running low on memory: when I enabled NAT, it immediately ran out of memory although it had over 4 MB free memory before that (and since I was doing the tests in a lab, I wasn't worried about that … in a production network, 4 MB of free memory is something to worry about).

It took me a while to figure out what was going on: the moment you enable NAT in IOS release 12.4, it activates Network Based Application Recognition (NBAR) even when CEF is disabled (and supposedly NBAR requires CEF to run).

Here's a sample test: the moment I've configured a loopback interface to be NAT inside interface (and it was the only NAT-enabled interface in the box), NBAR consumed 4.5 MB of memory:

R2(config)#int loop 0
R2(config-if)#ip nat inside
R2(config-if)#do show ip nbar resources
NBAR memory usage for tracking Stateful sessions
   System link age      : 30 secs
   Initial memory       : 4455 KBytes
   Max initial memory   : 14852 KBytes
   Memory expansion     : 112 KBytes
   Max memory expansion : 112 KBytes
   Memory in use        : 4455 KBytes
   Max memory allowed   : 29705 KBytes
   Active links         : 0
   Total links          : 39784