HPE Community
Comware Based
1752617 Members
4323 Online
108788 Solutions
New Discussion юеВ

DHCP-Snooping Database on A5500

 
SOLVED
Go to solution
jmhalder
Occasional Contributor

тАО12-22-2017 08:22 AM - edited тАО12-22-2017 08:34 AM

тАО12-22-2017 08:22 AM - edited тАО12-22-2017 08:34 AM

DHCP-Snooping Database on A5500

I have a few A5500 switches routing between buildings, and ~15-20 access switches hooked up to the A5500. I've been running DHCP-Snooping on it. I have it configured to backup the binding database locally to "snoop.txt" every 5 minutes. I'm seeing sporadic CPU times being maxxed out at 100%, and the DHSE task is showing ~60+%. The CLI is effectively not usable while it's maxed out. The DHSE task is "DHCP-Snooping Security Enforcement". Any ideas why this would be hitting the CPU so hard.

 

To be clear, although the switch seems to still be routing information, it might take a second or two just to enter a character. When running a command like "_hidecmd"; "dis cpu task". I might be waiting ~3-5 minutes to get any result, normally this would take ~.5-1 seconds to display data.

 

(This looks like a flash I/O issue, after disabling snooping, re-enabling it. And then manually backing up the binding database, it looks like it crawls for a few seconds when it backs up the incredibly tiny initial database. This is a bug, it shouldn't take MINUTES to backup a 58KB file to flash)

0 Kudos
4 REPLIES 4
VoIP-Buddy
HPE Pro

тАО12-22-2017 09:35 AM

тАО12-22-2017 09:35 AM

Solution

Re: DHCP-Snooping Database on A5500

 Hi Jm!

Our recommendation is to NOT log the snooping database to flash.  Especially every 5 minutes.  FLASH chips are rated for a certain number of operations before they start to fail.   It is better to log that database to a server on your network.  The feature does support that and your performance will be better.

Happy Holidays!

Regards,

David

I work for HPE in Aruba Technical Support
0 Kudos
jmhalder
Occasional Contributor

тАО12-22-2017 09:38 AM

тАО12-22-2017 09:38 AM

Re: DHCP-Snooping Database on A5500

https://support.hpe.com/hpsc/doc/public/display?docId=a00030083en_us

 

I'm seeing that this actually can corrupt other parts of the flash potentially as well. Although flash does degrade over time, I would assume it's enterprise grade flash. and SHOULD have plenty of write cycles. I see that this is a known issue now. I'll have to change our current practice, as it loads down the CPU to 100% almost constantly, and is basically a broken feature. In the next firmware release, it should at minimum strongly discourage saving to flash, as this has caused quite a few time consuming issues for us.

0 Kudos
VoIP-Buddy
HPE Pro

тАО12-22-2017 09:44 AM

тАО12-22-2017 09:44 AM

Re: DHCP-Snooping Database on A5500

Hi!

I can suggest that to the Product Manager.

Thanks!

David

I work for HPE in Aruba Technical Support
0 Kudos
parnassus
Honored Contributor

тАО12-23-2017 02:55 AM

тАО12-23-2017 02:55 AM

Re: DHCP-Snooping Database on A5500

@jmhalder wrote:
In the next firmware release, it should at minimum strongly discourage saving to flash, as this has caused quite a few time consuming issues for us.

In other words, when a user issues the dhcp-snooping binding database update interval Command then the Switch should be programmed to warn that, setting up a too short database update interval and configuring the Switch to save the database locally instead of remotely (as suggested workaround), this setting can corrupt the Switch's flash (from the Release Notes: "The files in the flash might be corrupted if the DHCP snooping entry file is frequently updated to flash and can cause the switch image loading to fail after a reboot"). Never stop learning!


I'm not an HPE Employee
Kudos and Accepted Solution banner
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.