Hello,
having a bit of a debate in my team about turning on LLDP and/or CDP.
I would appreciate if you could spend a minute answering this
survey so I have some numbers to back up my reasoning, or to accept
defeat.
https://www.surveymonkey.com/r/TH3WCWP
Feel free to cross-post to other relevant lists.
Thank you
Pf
The problem with your survey is that there’s no option to answer “it depends”.
Hard yes or no answers aren’t realistic to the questions you’re asking because the context,
security parameters, sensitivity, and other parameters about the network all factor into a
decision whether to run or not run such protocols.
There are some environments where the benefit and convenience is moderately high
and the risk is extremely low. There are other environments where the benefit is relatively
low, but the risks are significantly higher.
Owen
+1 on it depends. IMO, I would prefer LLDP vs. a vendor proprietary discovery protocol. Where you intend to run it in your network is a major factor for risk.
Also, you forgot to add LLDP-MED to #5 (but it might not be relevant to your services).
-Eddie
Thank you both for the feedback.
I left out the "it depends" because it is more suited to a conversation
or email thread like this than to a quick survey. I'm aware of a few
reasons for which "it depends" and I'm learning a few more from the
feedback I'm getting.
Pf
A little more on the "it depends"
switches connected to end-user/customer gear: never ever.
switch to switch, switch to router interfaces: yes, to validate cabling and resolve problems as quickly as possible.
switch to server interfaces: only to servers of teams you can trust. temporarily enable to untrusted teams if you'd need to order remote hands to lookup the exact cabling in case of problems.
Thomas
:Hello,
:having a bit of a debate in my team about turning on LLDP and/or CDP.
:I would appreciate if you could spend a minute answering this
:survey so I have some numbers to back up my reasoning, or to accept
:defeat.
:
:https://www.surveymonkey.com/r/TH3WCWP
"Is LLDP / CDP that evil?" -- geez.
Ask a leading question, get a leaden answer.
It's clear what your biases are from the first few questions you ask.
It _might_ be more interesting for you to present the points of view
within your team.
FWIW, my most recent foray into LLDP involved advising to turn it off
for some systems. There were defects specific to the implementation
on particular hardware, and I had a strange desire to not make my head
hurt. I didn't label it evil, but it just wasn't a situation where I
wanted "guinea pig" treatment while the vendor sorted out LLDP.
-Mike
We require LLDP/LLDP-MED to configure our VOIP phones.
For trunk links, it is extremely helpful to verify correct topology.
For datacenters, it is EXTREMELY helpful to verify hypervisor connectivity.
Hey Thomas,
switches connected to end-user/customer gear: never ever.
switch to server interfaces: only to servers of teams you can trust.
temporarily enable to untrusted teams if you'd need to order remote
hands to lookup the exact cabling in case of problems.
What are the problems in these scenarios LLDP may cause?
I'd say it's extremely helpful anywhere. We enable it on every single
port unless there is a specific reason to disable it.
Our particularly clueful customers can now submit requests like: "For
the system attached to port 1/2/3, please switch to VLAN 456." This
ticket gets closed in about 10 seconds.
We also run LLDP speakers on our University-controlled workstations so
we can see details about the system in "slow lldp neighbor" on the
switch.
The more LLDP the better, from my perspective.