DHCP Snooping Issue on Cisco N3K SW

["Md. abdullah Al naser via NANOG" <nanog () nanog org>]

Hi everyone,

I hope all you are fine. I'm very new to this mailing list and looking for a solution if anyone could help me.
I am a network operation engineer and working for an ISP in Bangladesh. We are serving internet, data connectivity, 
IPTSP, IPTV and other services to corporate and retail clients. Retail clients are basically home users and small 
offices.
To connect their CPE devices to our access network we are using DHCP. For example, we are using 192.168.0.1/24 IP in 
our BRAS interface and rest of all IPs are in DHCP pool to be allocated to the end users. By this time we had some bad 
experience with rouge DHCP server while clients connect the WAN link to the LAN port of CPE devices.
To overcome that we recently deployed DHCP-snooping on our distribution switches which is in between the DHCP server 
and clients. But we are facing new problem after deploying that. Sometime our switch got stuck and clients don't get 
any IP via DHCP and all the allocations on valid DHCP server are stuck in "OFFERED" state. If we disable and then again 
enable the DHCP snooping feature in switch then problem is resolved for temporary. But few hours later the same problem 
happens repeatedly.
For your information we are using Cisco Nexus 3000 switch and around 3k to 4k clients are there under that switch. We 
have a different location/POP where not more than 500 users are there and we don't have this kind of problem at all.
So we assume that our Nexus 3000 switch is not performing well to handle DHCP snooping for large number of customers!!!
For better understanding please check the network topology diagram (attached)
SW Details:
Hardware  cisco Nexus3000 C3064PQ Chassis   Software  BIOS: version 3.8.0  NXOS: version 7.0(3)I4(3)  NXOS image file 
is: bootflash:///nxos.7.0.3.I4.3.bin

Just seeking expert opinion on above mention issue.





Thanks & Regards, 
Naser