Lab-25:Link Layer Discovery Protocol (LLDP)

LLDP is a Link Layer Discovery protocol, as name suggest it runs on Link layer for example Ethernet layer. Its goal is to discover neighbor network device.  It does that by transmitting certain information about device for example interface name, chassis info, link speed, management address etc. It keeps local and remote device info into SNMP MIB

The main motivation behind lldp protocol is to support multi-vendor.Multiple network vendors have their own flavor of link discovery protocol, they are proprietary and don’t inteop with each other. LLDP is a standard based (IEEE 802.1ab) protocol, LLDP from different vendors interop with each other

When enabled network device transmit and receive LLDP data units called LLDPDU. Each device learn information about directly connected neighbor device from the received data units. Learned info is refreshed each time a new LLDP data unit received. In case data unit is not received for certain period (120 sec default) learned info is cleared. LLDP data units are not forwarded by the device

Without LLDP it is impossible to discover network devices in this topology due to devices from different vendors running different flavor of link discovery protocols. LLDP allows discovery in multi-vendor network

LLDP is TLV (Type,Length,Value) based. It has well defined TLVs. Each TLV carry specific info about device

LLDP frame is made of mandatory and optional TLVs. Three TLVs are mandatory, a  frame without mandatory TLVs is considered invalid frame and discarded .

Depending upon subtype field setting  chassis ID can be device MAC address or IP address. It is always first TLV in LLDPDU otherwise frame will be discarded

Depending upon subtype field setting port ID can be interface name, interface MAC address

TTL TLV is used to update LLDP neighbor info. There are two types of  TTL timers, 1) txTTL set by transmitting device in TTL TLV using formula (msgTxInterval x msgTxHold) + 1, 2) rxTTL is a timer set at receiving device based on received TTL.

If received TTL is zero learned info about neighbor is cleared immediately, if TTL is non zero neighbor info is refreshed with received LLDPDU.

Management address TLV is the IP address of the device, this address can be used to get access to device

LLDP maintains two MIBs local and remote. Remote MIB is updated by received LLDPDU. Local mib is updated with local configuration

Transmitting device uses msgTxInterval and msgTxHoldMultiplier to calculate rxTTLV for TTL TLV, the formula is (msgTxInterval x msgTxHold) + 1. rxInfoTTL is set at receiving device based on rxTTL in TTL TLV

I am using open source lldpd on Ubuntu machine. My lldpd version is 0.7.7. More info can be obtain from this link.

You can run lldp cli in interactive mode by typing ‘sudo lldpcli’. Below are some sample cli commands

• show neighbors
• show configuration
• show statistics

Here I am using two Ubuntu server they are connected to each other via LAN ports (eth2 & eth3). They are connected to internet on different LAN interfaces. I have installed llpd on both machines

Here  wireshark captured frame on Ubuntu server-2. LLDP is using multicast MAC address 01:80:c2:00:00:0e, type 0x88cc. It has all three mandatory TLVs and some optional TLVs I am more interested in Organizationally specific TLV ‘MAC/PHY Configuration/Status’

Here is the expanded version of Organizationally specific TLV.