Page MenuHomePhabricator
Create Task
Maniphest T320229

Enable LLDP on SRX facing interfaces
Closed, ResolvedPublic
Actions

Description

I had a quick look at https://apps.juniper.net/feature-explorer/select-software.html?typ=1&swName=Junos%20OS&rel=20.4R3&sid=1179&platform=SRX1500&pid=21901500 for the pfw

Nothing really stands out except maybe:

We currently have to disable LLDP on the fasw interfaces facing the pfw as the pfw would report the LLDP frames as L2 errors.

fasw-c-eqiad# show protocols lldp 
port-id-subtype interface-name;
interface all;
interface xe-0/2/0 {
    disable;
}
interface xe-1/2/0 {
    disable;
}

This LLDP improvement could potentially allow us to get rid of that special case, streamlining the config, and implementing the change (testing in prod) is safe to do.

We should also look at the management routers, the same thing was happening, but now that they are all running recent Junos, we can probably drop the LLDP exceptions from the asw switch ports. Looking at drmrs it seems to be working fine.

Details

SubjectRepoBranchLines +/-
Enable LLDP on management routersoperations/homer/publicmaster+1 -1
Customize query in gerrit

Event Timeline

ayounsi triaged this task as Low priority.Oct 7 2022, 7:48 AM
ayounsi created this task.
Restricted Application added a project: Infrastructure-Foundations. · View Herald TranscriptOct 7 2022, 7:48 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Maintenance_bot added a project: SRE.Oct 7 2022, 8:29 AM
ayounsi added a comment.Mar 29 2023, 12:59 PM

Enabled it on pfw3-codfw, and removed the exception on fasw-c-codfw and it's working as expected:

pfw3-codfw# run show lldp neighbors    
Local Interface    Parent Interface    Chassis Id          Port info          System Name
xe-0/0/16          -                   64:87:88:f2:73:c0   Core: pfw3-codfw:xe-0/0/16 {#11922_12273-4} re0.cr1-codfw.wikimedia.org
xe-0/0/17          reth0               7c:e2:ca:12:26:c0   Core: pfw3a-codfw:xe-0/0/17 {#11924} [10Gbps DF] fasw-c-codfw.mgmt.codfw.wmnet
xe-7/0/17          reth0               7c:e2:ca:12:26:c0   Core: pfw3b-codfw:xe-0/0/17 {#11925} [10Gbps DF] fasw-c-codfw.mgmt.codfw.wmnet
xe-7/0/16          -                   a8:d0:e5:e3:87:c0   Core: pfw3-codfw:xe-7/0/16 {#11923_12249-1} re0.cr2-codfw.wikimedia.org

I'll prepare a Homer patch to make it permanent.

ayounsi claimed this task.Mar 29 2023, 12:59 PM
gerritbot added a comment.Mar 29 2023, 1:39 PM

Change 904180 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/homer/public@master] Enable LLDP on management routers

https://gerrit.wikimedia.org/r/904180

gerritbot added a project: Patch-For-Review.Mar 29 2023, 1:39 PM
ayounsi added a comment.Mar 29 2023, 1:42 PM

FYI, it's still needed to disable LLDP on switch interfaces facing the management routers.

gerritbot added a comment.Mar 29 2023, 3:29 PM

Change 904180 merged by jenkins-bot:

[operations/homer/public@master] Enable LLDP on management routers

https://gerrit.wikimedia.org/r/904180

Maintenance_bot removed a project: Patch-For-Review.Mar 29 2023, 3:31 PM
ayounsi closed this task as Resolved.Mar 29 2023, 3:51 PM

LLDP is now enabled on all the SRXs.

FYI, it's still needed to disable LLDP on switch interfaces facing the management routers.

To expand on this, the L2 error counters increases on the SRX when the switches send LLDP frames.
Not worth spending time investigating it.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL