- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- DHCP-Snooping Database on A5500
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-22-2017 08:22 AM - edited 12-22-2017 08:34 AM
12-22-2017 08:22 AM - edited 12-22-2017 08:34 AM
I have a few A5500 switches routing between buildings, and ~15-20 access switches hooked up to the A5500. I've been running DHCP-Snooping on it. I have it configured to backup the binding database locally to "snoop.txt" every 5 minutes. I'm seeing sporadic CPU times being maxxed out at 100%, and the DHSE task is showing ~60+%. The CLI is effectively not usable while it's maxed out. The DHSE task is "DHCP-Snooping Security Enforcement". Any ideas why this would be hitting the CPU so hard.
To be clear, although the switch seems to still be routing information, it might take a second or two just to enter a character. When running a command like "_hidecmd"; "dis cpu task". I might be waiting ~3-5 minutes to get any result, normally this would take ~.5-1 seconds to display data.
(This looks like a flash I/O issue, after disabling snooping, re-enabling it. And then manually backing up the binding database, it looks like it crawls for a few seconds when it backs up the incredibly tiny initial database. This is a bug, it shouldn't take MINUTES to backup a 58KB file to flash)
Solved! Go to Solution.
- Tags:
- DHCP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-22-2017 09:35 AM
12-22-2017 09:35 AM
SolutionHi Jm!
Our recommendation is to NOT log the snooping database to flash. Especially every 5 minutes. FLASH chips are rated for a certain number of operations before they start to fail. It is better to log that database to a server on your network. The feature does support that and your performance will be better.
Happy Holidays!
Regards,
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-22-2017 09:38 AM
12-22-2017 09:38 AM
Re: DHCP-Snooping Database on A5500
https://support.hpe.com/hpsc/doc/public/display?docId=a00030083en_us
I'm seeing that this actually can corrupt other parts of the flash potentially as well. Although flash does degrade over time, I would assume it's enterprise grade flash. and SHOULD have plenty of write cycles. I see that this is a known issue now. I'll have to change our current practice, as it loads down the CPU to 100% almost constantly, and is basically a broken feature. In the next firmware release, it should at minimum strongly discourage saving to flash, as this has caused quite a few time consuming issues for us.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-22-2017 09:44 AM
12-22-2017 09:44 AM
Re: DHCP-Snooping Database on A5500
Hi!
I can suggest that to the Product Manager.
Thanks!
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-23-2017 02:55 AM
12-23-2017 02:55 AM
Re: DHCP-Snooping Database on A5500
@jmhalder wrote:
In the next firmware release, it should at minimum strongly discourage saving to flash, as this has caused quite a few time consuming issues for us.
In other words, when a user issues the dhcp-snooping binding database update interval Command then the Switch should be programmed to warn that, setting up a too short database update interval and configuring the Switch to save the database locally instead of remotely (as suggested workaround), this setting can corrupt the Switch's flash (from the Release Notes: "The files in the flash might be corrupted if the DHCP snooping entry file is frequently updated to flash and can cause the switch image loading to fail after a reboot"). Never stop learning!
I'm not an HPE Employee

Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP