- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- DHCP-Snooping Database on A5500
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-22-2017 08:22 AM - edited тАО12-22-2017 08:34 AM
тАО12-22-2017 08:22 AM - edited тАО12-22-2017 08:34 AM
I have a few A5500 switches routing between buildings, and ~15-20 access switches hooked up to the A5500. I've been running DHCP-Snooping on it. I have it configured to backup the binding database locally to "snoop.txt" every 5 minutes. I'm seeing sporadic CPU times being maxxed out at 100%, and the DHSE task is showing ~60+%. The CLI is effectively not usable while it's maxed out. The DHSE task is "DHCP-Snooping Security Enforcement". Any ideas why this would be hitting the CPU so hard.
To be clear, although the switch seems to still be routing information, it might take a second or two just to enter a character. When running a command like "_hidecmd"; "dis cpu task". I might be waiting ~3-5 minutes to get any result, normally this would take ~.5-1 seconds to display data.
(This looks like a flash I/O issue, after disabling snooping, re-enabling it. And then manually backing up the binding database, it looks like it crawls for a few seconds when it backs up the incredibly tiny initial database. This is a bug, it shouldn't take MINUTES to backup a 58KB file to flash)
Solved! Go to Solution.
- Tags:
- DHCP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-22-2017 09:35 AM
тАО12-22-2017 09:35 AM
SolutionHi Jm!
Our recommendation is to NOT log the snooping database to flash. Especially every 5 minutes. FLASH chips are rated for a certain number of operations before they start to fail. It is better to log that database to a server on your network. The feature does support that and your performance will be better.
Happy Holidays!
Regards,
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-22-2017 09:38 AM
тАО12-22-2017 09:38 AM
Re: DHCP-Snooping Database on A5500
https://support.hpe.com/hpsc/doc/public/display?docId=a00030083en_us
I'm seeing that this actually can corrupt other parts of the flash potentially as well. Although flash does degrade over time, I would assume it's enterprise grade flash. and SHOULD have plenty of write cycles. I see that this is a known issue now. I'll have to change our current practice, as it loads down the CPU to 100% almost constantly, and is basically a broken feature. In the next firmware release, it should at minimum strongly discourage saving to flash, as this has caused quite a few time consuming issues for us.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-22-2017 09:44 AM
тАО12-22-2017 09:44 AM
Re: DHCP-Snooping Database on A5500
Hi!
I can suggest that to the Product Manager.
Thanks!
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-23-2017 02:55 AM
тАО12-23-2017 02:55 AM
Re: DHCP-Snooping Database on A5500
@jmhalder wrote:
In the next firmware release, it should at minimum strongly discourage saving to flash, as this has caused quite a few time consuming issues for us.
In other words, when a user issues the dhcp-snooping binding database update interval Command then the Switch should be programmed to warn that, setting up a too short database update interval and configuring the Switch to save the database locally instead of remotely (as suggested workaround), this setting can corrupt the Switch's flash (from the Release Notes: "The files in the flash might be corrupted if the DHCP snooping entry file is frequently updated to flash and can cause the switch image loading to fail after a reboot"). Never stop learning!
I'm not an HPE Employee