こんにちは、LinuCエバンジェリストこと、鯨井貴博@opensourcetechです。
今回は、LLDPを使ってみたいと思います。
LLDPとは
Link-Layer Discovery Protocolの略で、IEEE802.1abなどと呼ばれているプロトコルです。
http://www.ieee802.org/3/frame_study/0409/blatherwick_1_0409.pdf
Link Layer Discovery Protocol - Wikipedia
LLDPの用途は、隣接するデバイス(ネットワーク機器など)がどのようなデバイスかを情報交換するもので、CDP(Cisco Discovery Procotol)のマルチベンダー版とでもいうところでしょうか。
LLDPが有効になっているデバイスからは、01:80:c2:00:00:0eなどのMACアドレス宛にマルチキャストフレームが送信され、
LLDPの受信が許可されている隣接デバイスでは、それによって機器の情報を知ることができます。
CentOS7におけるLLDPの有効化
CentOS7でLLDPを使用する場合、lldpadパッケージをインストールします。
[root@localhost ~]# rpm -q lldpad
パッケージ lldpad はインストールされていません。
[root@localhost ~]# yum install lldpad
読み込んだプラグイン:fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.iij.ad.jp
* extras: ftp.iij.ad.jp
* updates: ftp.iij.ad.jp
依存性の解決をしています
--> トランザクションの確認を実行しています。
---> パッケージ lldpad.x86_64 0:1.0.1-3.git036e314.el7 を インストール
--> 依存性の処理をしています: libconfig.so.9()(64bit) のパッケージ: lldpad-1.0.1-3.git036e314.el7.x86_64
--> トランザクションの確認を実行しています。
---> パッケージ libconfig.x86_64 0:1.4.9-5.el7 を インストール
--> 依存性解決を終了しました。
依存性を解決しました
================================================================================
Package アーキテクチャー
バージョン リポジトリー
容量
================================================================================
インストール中:
lldpad x86_64 1.0.1-3.git036e314.el7 base 283 k
依存性関連でのインストールをします:
libconfig x86_64 1.4.9-5.el7 base 59 k
トランザクションの要約
================================================================================
インストール 1 パッケージ (+1 個の依存関係のパッケージ)
総ダウンロード容量: 342 k
インストール容量: 888 k
Is this ok [y/d/N]: y
Downloading packages:
(1/2): libconfig-1.4.9-5.el7.x86_64.rpm | 59 kB 00:00
(2/2): lldpad-1.0.1-3.git036e314.el7.x86_64.rpm | 283 kB 00:00
--------------------------------------------------------------------------------
合計 1.3 MB/s | 342 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
インストール中 : libconfig-1.4.9-5.el7.x86_64 1/2
インストール中 : lldpad-1.0.1-3.git036e314.el7.x86_64 2/2
検証中 : libconfig-1.4.9-5.el7.x86_64 1/2
検証中 : lldpad-1.0.1-3.git036e314.el7.x86_64 2/2
インストール:
lldpad.x86_64 0:1.0.1-3.git036e314.el7
依存性関連をインストールしました:
libconfig.x86_64 0:1.4.9-5.el7
完了しました!
[root@localhost ~]# rpm -q lldpad
lldpad-1.0.1-3.git036e314.el7.x86_64
lldpadを起動します。
※必要があれば、自動起動(systemctl enable)を行なってください。
[root@localhost ~]# systemctl start lldpad
[root@localhost ~]# systemctl status lldpad
● lldpad.service - Link Layer Discovery Protocol Agent Daemon.
Loaded: loaded (/usr/lib/systemd/system/lldpad.service; disabled; vendor preset: disabled)
Active: active (running) since 金 2018-10-19 14:26:56 JST; 4s ago
Main PID: 1811 (lldpad)
CGroup: /system.slice/lldpad.service
└─1811 /usr/sbin/lldpad -t
10月 19 14:26:56 localhost.localdomain systemd[1]: Started Link Layer Discov...
10月 19 14:26:56 localhost.localdomain systemd[1]: Starting Link Layer Disco...
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# lldpad -v
lldpad v1.0.1
Copyright (c) 2007-2010, Intel Corporation
Portions used and/or modified from: hostapd v 0.5.7
Copyright (c) 2004-2007, Jouni Malinen <j@w1.fi> and contributors
続いて、lldpadの設定を行います。
設定の際には、どのインターフェイスに対して設定をするか指定する必要がありますので、ip addr showなどでインターフェイス名を確認しておきます。
[root@localhost ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 ・・・・インターフェイス名enp0s3
link/ether 08:00:27:96:f6:c0 brd ff:ff:ff:ff:ff:ff
inet 192.168.11.22/24 brd 192.168.11.255 scope global noprefixroute enp0s3
valid_lft forever preferred_lft forever
inet6 fe80::e830:c2da:441:a2d7/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::e77f:5380:24e5:f200/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::bba:f6af:15f8:fdcb/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
[root@localhost ~]# lldptool stats -i enp0s3 ・・・LLDPのステータス確認
Total Frames Transmitted = 0
Total Discarded Frames Received = 0
Total Error Frames Received = 0
Total Frames Received = 0
Total Discarded TLVs = 0
Total Unrecognized TLVs = 0
Total Ageouts = 0
[root@localhost ~]# lldptool set-lldp adminStatus=rxtx -i enp0s3 ・・・LLDPの送受信を許可
adminStatus = rxtx
[root@localhost ~]# lldptool set-tlv -V sysName enableTx=yes -i enp0s3 ・・・LLDPで送信する情報を設定
enableTx = yes
[root@localhost ~]# cat /var/lib/lldpad/lldpad.conf ・・・設定の確認
dcbx :
{
version = "1.0";
dcbx_version = 2;
};
nearest_customer_bridge :
{
enp0s3 :
{
tlvid00000001 :
{
info = "0408002796F6C0";
};
tlvid00000002 :
{
info = "0308002796F6C0";
};
};
};
nearest_nontpmr_bridge :
{
enp0s3 :
{
tlvid00000001 :
{
info = "0408002796F6C0";
};
tlvid00000002 :
{
info = "0308002796F6C0";
};
};
};
lldp :
{
enp0s3 :
{
tlvid00000001 :
{
info = "0408002796F6C0";
};
tlvid00000002 :
{
info = "0308002796F6C0";
};
adminStatus = 3;
tlvid00000005 :
{
enableTx = true;
};
};
};
LLDP隣接デバイスの設定
今回は、Juniper SRX(Junos)でLLDPを有効にし、隣接デバイスとして使用します。
以下のように該当インターフェイスでLLDPが有効化されていれば OKです。
set protocols lldp interface all
LLDPの動作確認
CentOS7では、以下のようにLLDPの送受信ができるようになったこと(①)やLLDP隣接デバイスの情報(②)が確認できます。
Total Frames Transmitted = 3
Total Discarded Frames Received = 0
Total Error Frames Received = 0
Total Frames Received = 1
Total Discarded TLVs = 0
Total Unrecognized TLVs = 0
Total Ageouts = 0
[root@localhost ~]# lldptool get-tlv -i enp0s3 -n ・・・②
Chassis ID TLV
MAC: f4:cc:55:b3:86:00
Port ID TLV
Local: 512
Time to Live TLV
120
System Name TLV
TestZTP-SRX300
System Description TLV
Juniper Networks, Inc. srx300 internet router, kernel JUNOS 15.1X49-D150.2, Build date: 2018-09-19 18:04:07 UTC Copyright (c) 1996-2018 Juniper Networks, Inc.
System Capabilities TLV
System capabilities: Bridge, Router
Enabled capabilities: Bridge, Router
Management Address TLV
IPv4: 192.168.10.40
Ifindex: 511
OID: ?
Port Description TLV
ge-0/0/1
MAC/PHY Configuration Status TLV
Auto-negotiation supported and enabled
PMD auto-negotiation capabilities: 0x6c1d
MAU type: Unknown [0x0000]
Link Aggregation TLV
Aggregation capable
Currently not aggregated
Aggregated Port ID: 0
Maximum Frame Size TLV
1514
Port VLAN ID TLV
PVID: 3
VLAN Name TLV
VID 3: Name vlan-3
End of LLDPDU TLV
また、Juniper SRX(Junos)では、「show lldp neighbors」を使って確認します。
Local Interface Parent Interface Chassis Id Port info System Name
ge-0/0/1 - 08:00:27:96:f6:c0 08:00:27:96:f6:c0 CentOS7.Linux
ge-0/0/0 - f4:a7:39:c7:11:eb ge-0/0/1 TOC
Local Interface Parent Interface Chassis Id Port info System Name
ge-0/0/1 - 08:00:27:96:f6:c0 08:00:27:96:f6:c0 CentOS777.Linux
ge-0/0/0 - f4:a7:39:c7:11:eb ge-0/0/1 TOC
LLDPのパケットキャプチャ(pcap)
実際にやり取りされているデータは、以下になります。
Githubに pcapをアップしてありますので、興味のある方はどうぞ。
packetcaptures/lldp_packets.pcap at master · kujiraitakahiro/packetcaptures · GitHub
[root@localhost ~]# man lldptool > lldptool.man
[root@localhost ~]# cat lldptool.man
lldptool(8) Linux lldptool(8)
NAME
lldptool - manage the LLDP settings and status of lldpad
SYNOPSIS
lldptool <command> [options] [argument]
DESCRIPTION
lldptool is used to query and configure lldpad. It connects to the client interface of lldpad to
perform these operations. lldptool will operate in interactive mode if it is executed without a
command. In interactive mode, lldptool will also function as an event listener to print out
events as they are received asynchronously from lldpad. It will use libreadline for interactive
input when available.
OPTIONS
-i [ifname]
specifies the network interface to which the command applies. Most lldptool commands
require specifying a network interface.
-V [tlvid]
specifies the TLV identifier
The tlvid is an integer value used to identify specific LLDP TLVs. The tlvid value is the
Type value for types not equal to 127 (the organizationally specific type). For organiza‐
tionally specific TLVs, the tlvid is the value represented by the 3 byte OUI and 1 byte
subtype - where the subtype is the lowest order byte of the tlvid.
The tlvid can be entered as a numerical value (e.g. 10 or 0xa), or for supported TLVs, as a
keyword. Review the lldptool help output to see the list of supported TLV keywords.
-n "neighbor" option for commands which can use it (e.g. get-tlv)
-g [bridge scope]
specify the bridge scope this command operates on. Allows to set and query all LLDP TLV
modules for "nearest_bridge" (short: "nb"), "nearest_customer_bridge" ("ncb") and "near‐
est_nontpmr_bridge" ("nntpmrb") group mac addresses. Configurations are saved into indepen‐
dent sections in lldpad.conf. If no bridge scope is supplied this defaults to "nearest
bridge" to preserve the previous behaviour.
-c <argument list>
"config" option for TLV queries. Indicates that the query is for the configuration elements
for the specified TLV. The argument list specifies the specific elements to query. If no
arguments are listed, then all configuration elements for the TLV are returned.
-r show raw client interface messages
-R show only raw Client interface messages
COMMANDS
license
show license information
-h, help
show usage information
-v, version
show version information
-S, stats
get LLDP statistics for the specified interface
-t, get-tlv
get TLV information for the specified interface
-T, set-tlv
set TLV information for the specified interface
-l, get-lldp
get LLDP parameters for the specified interface
-L, set-lldp
set LLDP parameters for the specified interface
-p, ping
display the process identifier of the running lldpad process
-q, quit
exit from interactive mode
ARGUMENTS
This section lists arguments which are available for administration of LLDP parameters. Arguments
for basic TLV's (non-organizationally specific TLVs) are also described. See the SEE ALSO section
for references to other lldptool man pages which contain usage details and arguments for various
organizationally specific TLVs.
adminStatus
Argument for the get-lldp/set-lldp commands. Configures the LLDP adminStatus parameter for
the specified interface. Valid values are: disabled, rx, tx, rxtx
enableTx
Argument for the get-tlv/set-tlv commands. May be applied per interface for a specified
TLV. Valid values are: yes, no. If the DCBX TLV enableTx is set to no, then all of the
DCB feature TLVs DCBX advertise settings will be turned off as well. Setting enableTx to
yes will enable the DCBX advertise settings.
ipv4 Argument for the get-tlv/set-tlv commands with respect to the Management Address TLV. The
get command will retrieve the configured value. Set values take the form of an IPv4
address: A.B.C.D
ipv6 Argument for the get-tlv/set-tlv commands with respect to the Management Address TLV. The
get command will retrieve the configured value. Set values take the form of an IPv6
address: 1111:2222:3333:4444:5555:6666:7777:8888 and various shorthand variations.
EXAMPLES
Configure LLDP adminStatus to Receive and Transmit for interface eth2
lldptool -L -i eth2 adminStatus=rxtx
lldptool set-lldp -i eth2 adminStatus=rxtx
Query the LLDP adminStatus for interface eth3
lldptool -l -i eth3 adminStatus
lldptool get-lldp -i eth3 adminStatus
Query the LLDP statistics for interface eth3
lldptool -S -i eth3 adminStatus
lldptool stats -i eth3 adminStatus
Query the local TLVs which are being transmitted for a given interface:
lldptool -t -i eth3
lldptool get-tlv -i eth3
Query the received neighbor TLVs received on a given interface:
lldptool -t -n -i eth3
lldptool get-tlv -n -i eth3
Query the value of the System Description TLV as received from the neighbor on a given interface:
lldptool -t -n -i eth3 -V sysDesc
lldptool get-tlv -n -i eth3 -V 6
Disable transmit of the IEEE 802.3 MAC/PHY Configuration Status TLV for a given interface:
lldptool -T -i eth3 -V macPhyCfg enableTx=no
lldptool set-tlv -i eth3 -V 0x120f01 enableTx=no
Query value of the transmit setting for the Port Description TLV for a given interface:
lldptool -t -i eth3 -V portDesc -c enableTx
lldptool get-tlv -i eth3 -V 4 -c enableTx
Set a Management Address TLV on eth3 to carry IPv4 address 192.168.10.10
lldptool -T -i eth3 -V mngAddr ipv4=192.168.10.10
Set a Management Address TLV on eth3 to carry IPv6 address ::192.168.10.10
lldptool -T -i eth3 -V mngAddr ipv6=::192.168.10.10
Get the configured IPv4 address for the Management Address TLV on eth3
lldptool -t -i eth3 -V mngAddr -c ipv4
Get all configured attributes for the Management Address TLV on eth3
lldptool -t -i eth3 -V mngAddr -c
Enable transmit of the Edge Virtual Bridging TLV for interface eth4
lldptool -i eth4 -T -g ncb -V evbCfg enableTx=yes
Enable transmit of VDP for interface eth4
lldptool -i eth4 -T -V vdp enableTx=yes
Display process identifier of lldpad
lldptool -p
SEE ALSO
lldptool-dcbx(8), lldptool-ets(8), lldptool-pfc(8), lldptool-app(8), lldptool-med(8), lldptool-
vdp(8), lldptool-evb(8), lldptool-evb22(8), dcbtool(8), lldpad(8)
COPYRIGHT
lldptool - LLDP agent configuration utility
Copyright(c) 2007-2012 Intel Corporation. Portions of lldptool are based on:
hostapd-0.5.7
Copyright
(c) 2004-2008, Jouni Malinen <j@w1.fi>
LICENSE
This program is free software; you can redistribute it and/or modify it under the terms and condi‐
tions of the GNU General Public License, version 2, as published by the Free Software Foundation.
This program is distributed in the hope it will be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not,
write to the Free Software Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301
USA.
The full GNU General Public License is included in this distribution in the file called "COPYING".
SUPPORT
Contact Information: open-lldp Mailing List <lldp-devel@open-lldp.org>
open-lldp August 2012 lldptool(8)
