]>
Commit | Line | Data |
---|---|---|
1 | lldpd: implementation of IEEE 802.1ab (LLDP) | |
2 | ============================================ | |
3 | ||
4 | [![Build Status](https://secure.travis-ci.org/vincentbernat/lldpd.png?branch=master)](http://travis-ci.org/vincentbernat/lldpd) | |
5 | ||
6 | http://vincentbernat.github.com/lldpd/ | |
7 | ||
8 | Features | |
9 | -------- | |
10 | ||
11 | LLDP (Link Layer Discovery Protocol) is an industry standard protocol | |
12 | designed to supplant proprietary Link-Layer protocols such as | |
13 | Extreme's EDP (Extreme Discovery Protocol) and CDP (Cisco Discovery | |
14 | Protocol). The goal of LLDP is to provide an inter-vendor compatible | |
15 | mechanism to deliver Link-Layer notifications to adjacent network | |
16 | devices. | |
17 | ||
18 | lldpd implements both reception and sending. It also implements an | |
19 | SNMP subagent for net-snmp to get local and remote LLDP | |
20 | information. The LLDP MIB is partially implemented but the most useful | |
21 | tables are here. lldpd also partially implements LLDP-MED. | |
22 | ||
23 | lldpd supports bridge, vlan and bonding. bonding need to be done on | |
24 | real physical devices, not on bridges, vlans, etc. However, vlans can | |
25 | be mapped on the bonding device. You can bridge vlan but not add vlans | |
26 | on bridges. More complex setups may give false results. | |
27 | ||
28 | The following OS are supported: | |
29 | ||
30 | * FreeBSD | |
31 | * GNU/Linux | |
32 | * NetBSD | |
33 | * OpenBSD | |
34 | * Mac OS X | |
35 | ||
36 | Installation | |
37 | ------------ | |
38 | ||
39 | To compile lldpd, use the following: | |
40 | ||
41 | ./configure | |
42 | make | |
43 | sudo make install | |
44 | ||
45 | You need libevent that you can grab from http://libevent.org or | |
46 | install from your package system (libevent-dev for Debian/Ubuntu and | |
47 | libevent-devel for Redhat/Fedora/CentOS/SuSE). | |
48 | ||
49 | If your system does not have libevent, ./configure will use the | |
50 | shipped copy and compile it statically. | |
51 | ||
52 | If it complains about a missing agent/struct.h, your installation of | |
53 | Net-SNMP is incomplete. The easiest way to fix this is to provide an | |
54 | empty struct.h: | |
55 | ||
56 | touch src/struct.h | |
57 | ||
58 | lldpd uses privilege separation to increase its security. Two | |
59 | processes, one running as root and doing minimal stuff and the other | |
60 | running as an unprivileged user into a chroot doing most of the stuff, | |
61 | are cooperating. You need to create a user called `_lldpd` in a group | |
62 | `_lldpd` (this can be change with `./configure`). You also need to | |
63 | create an empty directory `/var/run/lldpd` (it needs to be owned by | |
64 | root, not `_lldpd`!). If you get fuzzy timestamps from syslog, copy | |
65 | `/etc/locatime` into the chroot. | |
66 | ||
67 | `lldpcli` lets one query information collected through the command | |
68 | line. If you don't want to run it as root, just install it setuid or | |
69 | setgid `_lldpd`. | |
70 | ||
71 | Installation (Mac OS X) | |
72 | ----------------------- | |
73 | ||
74 | The same procedure as above applies for Mac OS X. However, there are | |
75 | simpler alternatives: | |
76 | ||
77 | 1. Use [Homebrew](http://mxcl.github.io/homebrew/): | |
78 | ||
79 | brew install lldpd | |
80 | # Or, for the latest version: | |
81 | brew install https://raw.github.com/vincentbernat/lldpd/master/osx/lldpd.rb | |
82 | ||
83 | 2. Build an OSX installer package which should work on the same | |
84 | version of OS X (it is important to use a separate build | |
85 | directory): | |
86 | ||
87 | mkdir build && cd build | |
88 | ../configure --prefix=/usr --sysconfdir=/private/etc --with-embedded-libevent | |
89 | make -C osx pkg ARCHS="i386 x86_64" | |
90 | ||
91 | If you want to compile for an older version of Mac OS X, you need | |
92 | to find the right SDK and issues commands like those: | |
93 | ||
94 | SDK=/Developer/SDKs/MacOSX10.6.sdk | |
95 | mkdir build && cd build | |
96 | ../configure --prefix=/usr --sysconfdir=/private/etc --with-embedded-libevent \ | |
97 | CFLAGS="-mmacosx-version-min=10.6 -isysroot $SDK" \ | |
98 | LDFLAGS="-mmacosx-version-min=10.6 -isysroot $SDK" | |
99 | make -C osx pkg ARCHS="i386 x86_64" | |
100 | ||
101 | If you don't follow the above procedures, you will have to create the | |
102 | user/group `_lldpd`. Have a look at how this is done in | |
103 | `osx/scripts/postinstall`. | |
104 | ||
105 | Usage | |
106 | ----- | |
107 | ||
108 | lldpd also implements CDP (Cisco Discovery Protocol), FDP (Foundry | |
109 | Discovery Protocol), SONMP (Nortel Discovery Protocol) and EDP | |
110 | (Extreme Discovery Protocol). However, recent versions of IOS should | |
111 | support LLDP and most Extreme stuff support LLDP. When a EDP, CDP or | |
112 | SONMP frame is received on a given interface, lldpd starts sending | |
113 | EDP, CDP, FDP or SONMP frame on this interface. Informations collected | |
114 | through EDP/CDP/FDP/SONMP are integrated with other informations and | |
115 | can be queried with `lldpcli` or through SNMP. | |
116 | ||
117 | For bonding, you need 2.6.24 (in previous version, PACKET_ORIGDEV | |
118 | affected only non multicast packets). See: | |
119 | ||
120 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=80feaacb8a6400a9540a961b6743c69a5896b937 | |
121 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8032b46489e50ef8f3992159abd0349b5b8e476c | |
122 | ||
123 | Otherwise, a packet received on a bond will be affected to all | |
124 | interfaces of the bond. | |
125 | ||
126 | On 2.6.27, we are able to receive packets on real interface for bonded | |
127 | devices. This allows one to get neighbor information on active/backup | |
128 | bonds. Without the 2.6.27, lldpd won't receive any information on | |
129 | inactive slaves. Here are the patchs (thanks to Joe Eykholt): | |
130 | ||
131 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d7a3681232f545c6a59f77e60f7667673ef0e93 | |
132 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc9bd5cebc0825e0fabc0186ab85806a0891104f | |
133 | * http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f982307f22db96201e41540295f24e8dcc10c78f | |
134 | ||
135 | On FreeBSD, only a recent 9 kernel (9.1 or more recent) will allow to | |
136 | send LLDP frames on enslaved devices. See this bug report for more | |
137 | information: | |
138 | ||
139 | * http://www.freebsd.org/cgi/query-pr.cgi?pr=138620 | |
140 | ||
141 | Some devices (notably Cisco IOS) send frames on the native VLAN while | |
142 | they should send them untagged. If your network card does not support | |
143 | accelerated VLAN, you will receive those frames as well. However, if | |
144 | your network card handles VLAN encapsulation/decapsulation (check with | |
145 | `ethtool -k`), you need a recent kernel to be able to receive those | |
146 | frames without listening on all available VLAN. Starting from Linux | |
147 | 2.6.27, lldpd is able to capture VLAN frames when VLAN acceleration is | |
148 | supported by the network card. Here is the patch: | |
149 | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc1d0411b804ad190cdadabac48a10067f17b9e6 | |
150 | ||
151 | On some versions, frames are sent on VLAN 1. If your network card | |
152 | support accelerated VLAN, you need to subscribe to this VLAN as | |
153 | well. The Linux kernel does not provide any interface for this. The | |
154 | easiest way is to create the VLAN for each port: | |
155 | ||
156 | ip link add link eth0 name eth0.1 type vlan id 1 | |
157 | ip link set up dev eth0.1 | |
158 | ||
159 | You can check both cases using tcpdump: | |
160 | ||
161 | tcpdump -epni eth0 ether host 01:80:c2:00:00:0e | |
162 | tcpdump -eni eth0 ether host 01:80:c2:00:00:0e | |
163 | ||
164 | If the first command does not display received LLDP packets but the | |
165 | second one does, LLDP packets are likely encapsulated into a VLAN: | |
166 | ||
167 | 10:54:06.431154 f0:29:29:1d:7c:01 > 01:80:c2:00:00:0e, ethertype 802.1Q (0x8100), length 363: vlan 1, p 7, ethertype LLDP, LLDP, name SW-APP-D07.VTY, length 345 | |
168 | ||
169 | In this case, just create VLAN 1 will fix the situation. | |
170 | ||
171 | More information: | |
172 | * http://en.wikipedia.org/wiki/Link_Layer_Discovery_Protocol | |
173 | * http://standards.ieee.org/getieee802/download/802.1AB-2005.pdf | |
174 | * http://wiki.wireshark.org/LinkLayerDiscoveryProtocol | |
175 | ||
176 | Development | |
177 | ----------- | |
178 | ||
179 | During development, you may want to execute lldpd at its current | |
180 | location inside of doing `make install`. The correct way to do this is | |
181 | to issue the following command: | |
182 | ||
183 | sudo libtool execute src/daemon/lldpd -L $PWD/src/client/lldpcli -d | |
184 | ||
185 | You can append any further arguments. If lldpd is unable to find | |
186 | `lldpcli` it will start in an unconfigured mode and won't send or | |
187 | accept LLDP frames. | |
188 | ||
189 | Embedding | |
190 | --------- | |
191 | ||
192 | To embed lldpd into an existing system, there are two point of entries: | |
193 | ||
194 | 1. If your system does not use standard Linux interface, you can | |
195 | support additional interfaces by implementing the appropriate | |
196 | `struct lldpd_ops`. You can look at | |
197 | `src/daemon/interfaces-linux.c` for examples. Also, have a look at | |
198 | `interfaces_update()` which is responsible for discovering and | |
199 | registering interfaces. | |
200 | ||
201 | 2. `lldpcli` provides a convenient way to query `lldpd`. It also | |
202 | comes with various outputs, including XML which allows one to | |
203 | parse its output for integration and automation purpose. Another | |
204 | way is to use SNMP support. A third way is to write your own | |
205 | controller using `liblldpctl.so`. Its API is described in | |
206 | `src/lib/lldpctl.h`. The custom binary protocol between | |
207 | `liblldpctl.so` and `lldpd` is not stable. Therefore, the library | |
208 | should always be shipped with `lldpd`. On the other hand, programs | |
209 | using `liblldpctl.so` can rely on the classic ABI rules. | |
210 | ||
211 | Troubleshooting | |
212 | --------------- | |
213 | ||
214 | You can use `tcpdump` to look after the packets received and send by | |
215 | `lldpd`. To look after LLDPU, use: | |
216 | ||
217 | tcpdump -s0 -vv -pni eth0 ether dst 01:80:c2:00:00:0e | |
218 | ||
219 | License | |
220 | ------- | |
221 | ||
222 | lldpd is distributed under the ISC license: | |
223 | ||
224 | > Permission to use, copy, modify, and/or distribute this software for any | |
225 | > purpose with or without fee is hereby granted, provided that the above | |
226 | > copyright notice and this permission notice appear in all copies. | |
227 | > | |
228 | > THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
229 | > WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
230 | > MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
231 | > ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
232 | > WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
233 | > ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
234 | > OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
235 | ||
236 | Also, `lldpcli` will be linked to GNU Readline (which is GPL licensed) | |
237 | if available. To avoid this, use `--without-readline` as a configure | |
238 | option. |