Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

DHCP-Snooping Database on A5500

SOLVED
Go to solution
jmhalder
Occasional Contributor

DHCP-Snooping Database on A5500

I have a few A5500 switches routing between buildings, and ~15-20 access switches hooked up to the A5500. I've been running DHCP-Snooping on it. I have it configured to backup the binding database locally to "snoop.txt" every 5 minutes. I'm seeing sporadic CPU times being maxxed out at 100%, and the DHSE task is showing ~60+%. The CLI is effectively not usable while it's maxed out. The DHSE task is "DHCP-Snooping Security Enforcement". Any ideas why this would be hitting the CPU so hard.

 

To be clear, although the switch seems to still be routing information, it might take a second or two just to enter a character. When running a command like "_hidecmd"; "dis cpu task". I might be waiting ~3-5 minutes to get any result, normally this would take ~.5-1 seconds to display data.

 

(This looks like a flash I/O issue, after disabling snooping, re-enabling it. And then manually backing up the binding database, it looks like it crawls for a few seconds when it backs up the incredibly tiny initial database. This is a bug, it shouldn't take MINUTES to backup a 58KB file to flash)

4 REPLIES
VoIP-Buddy
Trusted Contributor
Solution

Re: DHCP-Snooping Database on A5500

 Hi Jm!

Our recommendation is to NOT log the snooping database to flash.  Especially every 5 minutes.  FLASH chips are rated for a certain number of operations before they start to fail.   It is better to log that database to a server on your network.  The feature does support that and your performance will be better.

Happy Holidays!

Regards,

David

jmhalder
Occasional Contributor

Re: DHCP-Snooping Database on A5500

https://support.hpe.com/hpsc/doc/public/display?docId=a00030083en_us

 

I'm seeing that this actually can corrupt other parts of the flash potentially as well. Although flash does degrade over time, I would assume it's enterprise grade flash. and SHOULD have plenty of write cycles. I see that this is a known issue now. I'll have to change our current practice, as it loads down the CPU to 100% almost constantly, and is basically a broken feature. In the next firmware release, it should at minimum strongly discourage saving to flash, as this has caused quite a few time consuming issues for us.

VoIP-Buddy
Trusted Contributor

Re: DHCP-Snooping Database on A5500

Hi!

I can suggest that to the Product Manager.

Thanks!

David

parnassus
Honored Contributor

Re: DHCP-Snooping Database on A5500


jmhalder wrote:
In the next firmware release, it should at minimum strongly discourage saving to flash, as this has caused quite a few time consuming issues for us.

In other words, when a user issues the dhcp-snooping binding database update interval Command then the Switch should be programmed to warn that, setting up a too short database update interval and configuring the Switch to save the database locally instead of remotely (as suggested workaround), this setting can corrupt the Switch's flash (from the Release Notes: "The files in the flash might be corrupted if the DHCP snooping entry file is frequently updated to flash and can cause the switch image loading to fail after a reboot"). Never stop learning!