Erroneous interpretation of LLDP-MIB port numbers may cause wrong topology to be detected
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Network Administration Visualized |
Fix Committed
|
High
|
Morten Brekkevold | ||
| 4.6 |
Fix Released
|
High
|
Morten Brekkevold | ||
Bug Description
Local port numbers, as referenced by the LLDP-MIB, can be either dot1dBasePort values or ifIndex values. The definition of the textual convention LldpPortNumber is a bit vague:
LldpPortNumber ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"Each port contained in the chassis (that is known to the
LLDP agent) is uniquely identified by a port number.
A port number has no mandatory relationship to an
If the LLDP agent is a IEEE 802.1D, IEEE 802.1Q bridge, the
object (defined in IETF RFC 1493) associated corresponding
bridge port. If the system hosting LLDP agent is not an
IEEE 802.1D or an IEEE 802.1Q bridge, the LldpPortNumber
will have the same value as the corresponding interface's
Port numbers should be in the range of 1 and 4096 since a
port number bit in LldpPortList."
SYNTAX Integer32(1..4096)
This definition, has in turn, been used by NAV to justify interpreting local port numbers from the LLDP-MIB as BRIDGE-
However, it seems multiple vendors still use ifIndex references, despite this definition. It may not be noticable on devices where dot1dBasePort values happen to coincide with ifIndex values, but it has become very obvious that this is not the case on Juniper EX switches. There can actually be overlaps, but not matches, between ranges of dot1dBasePort numbers and ifIndex numbers, causing NAV's LLDP-based topology information to contain false information about neighbors.
The LLDP-MIB:
| Changed in nav: | |
| status: | Confirmed → In Progress |
| Morten Brekkevold (mbrekkevold) wrote | #1 |
| Changed in nav: | |
| status: | In Progress → Fix Committed |
| milestone: | none → 4.5.4 |
fix committed here: https:/