OmniSwitch OS6860/OS6900/OS10K Troubleshooting Guide Part No.032996-00 Rev.A
AOS Release 7.X and 8.X January 2015
Alcatel-Lucent Page 58 of 148
The binding table entries are usually populated by the UDP Relay software as it tracks the DHCP packets against the
client H/W MAC address and the physical port. It does not require any human intervention. This type is called
"dynamic" (dynamically learned). When the binding entry, for any specific reason, is created by a human admin, the
type is called "static" (statically configured). The dynamic binding entries take precedence over the static entries.
That is, if there exists a static binding entry in the binding table, it will be replaced by a newly learned dynamic
entry; while if there exists a dynamic entry, when the user attempts to add a static entry with the same MAC Address
and Slot/Port, the dynamic entry is not replaced.
Since the DHCP snooping binding database needs to be persistent to survive the switch reboot/takeover, the
snooping binding table is periodically saved to a file. It is named dhcpBinding.db under the /flash/switch directory.
The synchronization period is configurable, and by default is 300 seconds. In addition, there will be a timestamp
stating the last time the synchronization has been successfully performed. This file is also sent to the secondary
CMM in a dual-CMM setup. This will have to be sent to the other chassis in a virtual chassis environment.
The dynamic binding entry is populated when the Relay Agent receives a DHCP-ACK packet. By default the Relay
Agent will remove a binding entry when one of the following conditions occurs:
Receiving a DHCP Release packet (Note, it is commonly seen that the Relay Agent does not receive the
DHCP-RELEASE packets on Windows when ipconfig /release is performed)
When the Relay Agent’s Lease Timer is decremented to 0;
Receiving a NI-Detach event from port manager
Receiving a link-down event from port manager
If the MAC is aged out by source learning; This check is made at the time we sync the binding database to
a file
If binding persistency is enabled by the user (default is disabled) then the only events that will cause the binding
entry to be removed are receiving a DCHP-RELEASE packet or the expiration of the lease timer. The other events
that normally cause removal will be ignored.
Due to the synchronization period, there will potentially be a discrepancy between the binding database in
the memory and the flash binding database file. Also, for the same reason the binding table in the memory
might not be removed promptly, since the MAC Address aging is only checked every synchronization time
period.
There are two actions defined against the DHCP Snooping binding database. The purpose of those actions is mainly
for re-synchronization of the binding table (in memory) and the database (in flash).
The "Purge" action is to clear what’s in the memory;
The "Renew" action is to populate the binding table in the memory based on the flash file.
Functional description:
The max number of Binding entries in the DHCP Snooping Binding Table is 4096. (This is a soft limit that
is put in place for entries syncing to the secondary and/or slave chassis).
DHCP Snooping Binding Table on the Master primary chassis resides in memory. This table will be sync
to flash based on the value of dhcpSnoopingBindingDatabasesyncTimeout value. The default is 5 minutes.
The lowest value is 1 minute.
Once DHCP Snooping Binding Table is written to flash on the Master primary CMM, the system will sync
this to all the secondary/slave CMMs.
If before the next sync to flash operation, there is a takeover action the new binding entries that are still in
memory will not be saved to flash. The new Master primary CMM will not have the new entries.
The DHCP Snooping Binding Table Persistent flag is set as disable by default same as 6.X.
Before writing to flash, the system will decrement lease time of each entry in the DHCP Snooping Binding
Table that is in memory. The system will delete those entries that the lease time expired.
When the dhcpSnoopingBindingDatabasesyncTimeout is changed, the previous timer is stopped and the
system will execute the timeout out with respect to the time that the timeout value is changed. (Start from
fresh).
Ingress Source Filtering can only be enabled on the "client-only" ports.
To Next Page
Loading...
