Utilizing CDP and LLDP with vSphere Networking

When I last covered Objective 2 of the VCAP5-DCA on the vBrownBag, one thing I didn’t get a lot of time to cover was the use of Cisco Discovery Protocol (CDP) and┬áLink Layer Discovery Protocol (LLDP). Essentially, this is how switches help provide configuration information to people. CDP is proprietary to Cisco, and LLDP is an 802.1AB open standard.

I find that enabling these protocols to both listen (learn the configuration of the upstream physical switch) and advertise (inform the upstream physical switch of the host configuration) to be quite helpful in bridging the communication gap between the server and network teams. It’s much easier when both parties can see the physical configuration and associate it with logical setups. I understand that this may not hold a lot of value in a blade environment where a small number of uplinks are providing northbound connectivity, but a rack server environment should see a lot of benefit.

This post will cover enabling both protocols in your vSphere environment, as well as some views from the network side of things to help understand what information you are providing.

Turning On The Magic

First, let’s get the bad news out of the way. While CDP is available to both a standard and distributed switch, LLDP is only available in distributed switches. If you’re using standard switches, you’re limited to CDP. Bummer!

Standard vSwitch Configuration

For a standard vSwitch, you are going to have to crack open some CLI. There are lots of examples out there. I use esxcli.

esxcli network vswitch standard set -c both -v vSwitch0
esxcli network vswitch standard list -v vSwitch0

Easy enough, right?

Distributed vSwitch Configuration

As with most things in life, the more expensive distributed switch has the better bells and whistles. All configuration can be done via the GUI, and is set for all hosts because the switch is distributed. You can also choose either CDP or LLDP.

Just Edit Settings on the distributed switch and click on the Advanced section.

I’m using LLDP in my lab as the upstream switch is an HP V1910-24G.

Network Admin View

The above is all nice and dandy, but what are you really doing behind the scenes? In other words – why do you care?

No one likes tracing cables – be a pal!

Here’s a screenshot of my HP switch in the lab after turning on LLDP. This is what your network administrator would see.

So, if you asked your network admin to change the VLAN on vmnic1 for host name esx2, he or she would be able to quickly identify that it is connected to G1/0/5 and make the change for you.

It works in a simlar fashion for CDP. Here is a screenshot of my Cisco switch with CDP enabled.

Again, the network admin can quickly spot that FA0/1 is hooked into host esx and connected to vmnic3.

Thoughts

Sometimes the small things make the largest differences. CDP and LLDP really don’t take much effort to enable, but are rarely turned on. You would probably want to confirm with your network team that they actually want this turned on before pulling the trigger, and perhaps your security team if you’re tied into a DMZ or have a “we dont allow CDP” type of policy.

I’m curious to hear of any stories where this has come in handy from both a server and network admin perspective, or if you just prefer it on / off for some other reason?