cvx posted loopback as mgmt

  • 1
  • Problem
  • Updated 1 year ago
as a switch,  loop back typically != mgmt 
but cvx is sedning loopback as mgmt-ip in LLDP pkt!

[lldpcli] $ show neighbors-------------------------------------------------------------------------------
LLDP neighbors:
Interface:    eth0, via: LLDP, RID: 2, Time: 0 day, 00:54:41
    ChassisID:    mac 52:54:00:3d:4b:65
    SysName:      leaf-1
    SysDescr:     Cumulus Linux version 3.1.1 running on QEMU Standard PC (i440FX + PIIX, 1996)
    MgmtIP:       fe80::5054:ff:fe3d:4b65
    Capability:   Bridge, on
    Capability:   Router, on
    PortID:       ifname swp2
    PortDescr:    to.server_1_leaf_1:
Photo of Eric Dong

Eric Dong

  • 762 Points 500 badge 2x thumb

Posted 1 year ago

  • 1
Photo of Sean Cavanaugh

Sean Cavanaugh, Alum

  • 3,360 Points 3k badge 2x thumb
Hey Eric,

Are you using mgmt vrf?  If you are the lldpd (the daemon responsible for lldp) is running in the 'default' vrf.

cumulus@ig-leaf-01:mgmt-vrf:~$ ps -aux | grep lldp
root       924  0.0  1.0  55500  4596 ?        Ss   Nov14   0:00 lldpd: monitor .
_lldpd     937  0.0  0.6  55500  2980 ?        S    Nov14   0:11 lldpd: connected to oob-mgmt-switch
cumulus   2083  0.0  0.4  12732  2132 pts/0    S+   14:35   0:00 grep lldp
cumulus@ig-leaf-01:mgmt-vrf:~$ vrf identify 924

As per the man page (man lldpctl)
Specify the management addresses of this system. As for interfaces (described above), this option can use wildcards and inversions.  Without this option, the first IPv4 and the first IPv6 are used. If an exact IP address is provided, it is used as a management address without any check. If only negative patterns are provided, only one IPv4 and one IPv6 addresses are chosen. Otherwise, many of them can be selected. If you want to blacklist IPv6 addresses, you can use !*:*.
So I added this to my switch:
nano /etc/lldpd.d/README.conf
configure system ip management pattern

Then did a
systemctl restart lldpd.service
Looks good to me.  Let me know if that works for you.
Photo of Eric Dong

Eric Dong

  • 762 Points 500 badge 2x thumb
cool, thanks Sean, 

tried, didn't work, cumulus still picking up loopback.
am I able to use mgmt vrf's ip for LLDP running in default vrf? 
Photo of Eric Dong

Eric Dong

  • 762 Points 500 badge 2x thumb
on 2nd thought, this is a better behavior, thanks for the pointer
Photo of David Ahern

David Ahern, Employee

  • 292 Points 250 badge 2x thumb
This is a limitation of the Linux lldpd package. It takes the first address for IPv4 and IPv6 as the management IP. The loopback device is created first, so if it has been configured with any addresses the first one for each family will be selected as the Management IP. This behavior is independent of VRFs.

The earlier suggestion (configure system ip management pattern will set the MgmtIP if the system is configured with that address. You can use wildcard as well (e.g., 192.168.0.*) and it will look for an address that matches.