a quick survey about LLDP and similar
Hello, having a bit of a debate in my team about turning on LLDP and/or CDP. I would appreciate if you could spend a minute answering this survey so I have some numbers to back up my reasoning, or to accept defeat. https://www.surveymonkey.com/r/TH3WCWP Feel free to cross-post to other relevant lists. Thank you Pf -- Pierfrancesco Caci, ik5pvx
The problem with your survey is that there’s no option to answer “it depends”. Hard yes or no answers aren’t realistic to the questions you’re asking because the context, security parameters, sensitivity, and other parameters about the network all factor into a decision whether to run or not run such protocols. There are some environments where the benefit and convenience is moderately high and the risk is extremely low. There are other environments where the benefit is relatively low, but the risks are significantly higher. Owen
On Feb 28, 2019, at 01:00 , Pierfrancesco Caci <pf@tippete.net> wrote:
Hello, having a bit of a debate in my team about turning on LLDP and/or CDP. I would appreciate if you could spend a minute answering this survey so I have some numbers to back up my reasoning, or to accept defeat.
https://www.surveymonkey.com/r/TH3WCWP
Feel free to cross-post to other relevant lists.
Thank you
Pf
-- Pierfrancesco Caci, ik5pvx
+1 on it depends. IMO, I would prefer LLDP vs. a vendor proprietary discovery protocol. Where you intend to run it in your network is a major factor for risk. Also, you forgot to add LLDP-MED to #5 (but it might not be relevant to your services). -Eddie
On Feb 28, 2019, at 1:27 AM, Owen DeLong <owen@delong.com> wrote:
The problem with your survey is that there’s no option to answer “it depends”.
Hard yes or no answers aren’t realistic to the questions you’re asking because the context, security parameters, sensitivity, and other parameters about the network all factor into a decision whether to run or not run such protocols.
There are some environments where the benefit and convenience is moderately high and the risk is extremely low. There are other environments where the benefit is relatively low, but the risks are significantly higher.
Owen
On Feb 28, 2019, at 01:00 , Pierfrancesco Caci <pf@tippete.net> wrote:
Hello, having a bit of a debate in my team about turning on LLDP and/or CDP. I would appreciate if you could spend a minute answering this survey so I have some numbers to back up my reasoning, or to accept defeat.
https://www.surveymonkey.com/r/TH3WCWP
Feel free to cross-post to other relevant lists.
Thank you
Pf
-- Pierfrancesco Caci, ik5pvx
Thank you both for the feedback. I left out the "it depends" because it is more suited to a conversation or email thread like this than to a quick survey. I'm aware of a few reasons for which "it depends" and I'm learning a few more from the feedback I'm getting. Pf
"Eddie" == Eddie Parra <eparra@zscaler.com> writes:
Eddie> +1 on it depends. IMO, I would prefer LLDP vs. a vendor proprietary Eddie> discovery protocol. Where you intend to run it in your network is a Eddie> major factor for risk. Eddie> Also, you forgot to add LLDP-MED to #5 (but it might not be relevant Eddie> to your services). Eddie> -Eddie >> On Feb 28, 2019, at 1:27 AM, Owen DeLong <owen@delong.com> wrote: >> >> The problem with your survey is that there’s no option to answer “it depends”. >> >> Hard yes or no answers aren’t realistic to the questions you’re >> asking because the context, >> security parameters, sensitivity, and other parameters about the >> network all factor into a >> decision whether to run or not run such protocols. >> >> There are some environments where the benefit and convenience is >> moderately high >> and the risk is extremely low. There are other environments where >> the benefit is relatively >> low, but the risks are significantly higher. >> >> Owen >> >> >>> On Feb 28, 2019, at 01:00 , Pierfrancesco Caci <pf@tippete.net> wrote: >>> >>> >>> Hello, >>> having a bit of a debate in my team about turning on LLDP and/or CDP. >>> I would appreciate if you could spend a minute answering this >>> survey so I have some numbers to back up my reasoning, or to accept >>> defeat. >>> >>> https://www.surveymonkey.com/r/TH3WCWP >>> >>> Feel free to cross-post to other relevant lists. >>> >>> Thank you >>> >>> Pf >>> >>> -- >>> Pierfrancesco Caci, ik5pvx >> -- Pierfrancesco Caci, ik5pvx
A little more on the "it depends" switches connected to end-user/customer gear: never ever. switch to switch, switch to router interfaces: yes, to validate cabling and resolve problems as quickly as possible. switch to server interfaces: only to servers of teams you can trust. temporarily enable to untrusted teams if you'd need to order remote hands to lookup the exact cabling in case of problems. Thomas On 2/28/19 10:27 AM, Owen DeLong wrote:
The problem with your survey is that there’s no option to answer “it depends”.
Hard yes or no answers aren’t realistic to the questions you’re asking because the context, security parameters, sensitivity, and other parameters about the network all factor into a decision whether to run or not run such protocols.
There are some environments where the benefit and convenience is moderately high and the risk is extremely low. There are other environments where the benefit is relatively low, but the risks are significantly higher.
Owen
On Feb 28, 2019, at 01:00 , Pierfrancesco Caci <pf@tippete.net> wrote:
Hello, having a bit of a debate in my team about turning on LLDP and/or CDP. I would appreciate if you could spend a minute answering this survey so I have some numbers to back up my reasoning, or to accept defeat.
https://www.surveymonkey.com/r/TH3WCWP
Feel free to cross-post to other relevant lists.
Thank you
Pf
-- Pierfrancesco Caci, ik5pvx
Hey Thomas,
switches connected to end-user/customer gear: never ever.
switch to server interfaces: only to servers of teams you can trust. temporarily enable to untrusted teams if you'd need to order remote hands to lookup the exact cabling in case of problems.
What are the problems in these scenarios LLDP may cause? -- ++ytti
:Hello, :having a bit of a debate in my team about turning on LLDP and/or CDP. :I would appreciate if you could spend a minute answering this :survey so I have some numbers to back up my reasoning, or to accept :defeat. : :https://www.surveymonkey.com/r/TH3WCWP "Is LLDP / CDP that evil?" -- geez. Ask a leading question, get a leaden answer. It's clear what your biases are from the first few questions you ask. It _might_ be more interesting for you to present the points of view within your team. FWIW, my most recent foray into LLDP involved advising to turn it off for some systems. There were defects specific to the implementation on particular hardware, and I had a strange desire to not make my head hurt. I didn't label it evil, but it just wasn't a situation where I wanted "guinea pig" treatment while the vendor sorted out LLDP. -Mike -- Michael J. O'Connor mjo@dojo.mi.org =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "We buy junk and sell antiques." -Anguished English
On Thu, Feb 28, 2019 at 10:00:55AM +0100, Pierfrancesco Caci wrote:
Hello, having a bit of a debate in my team about turning on LLDP and/or CDP. I would appreciate if you could spend a minute answering this survey so I have some numbers to back up my reasoning, or to accept defeat.
https://www.surveymonkey.com/r/TH3WCWP
Feel free to cross-post to other relevant lists.
Thank you
Pf
We require LLDP/LLDP-MED to configure our VOIP phones. For trunk links, it is extremely helpful to verify correct topology. For datacenters, it is EXTREMELY helpful to verify hypervisor connectivity.
On Fri, Mar 1, 2019 at 8:26 AM Anderson, Charles R <cra@wpi.edu> wrote:
We require LLDP/LLDP-MED to configure our VOIP phones.
For trunk links, it is extremely helpful to verify correct topology.
For datacenters, it is EXTREMELY helpful to verify hypervisor connectivity.
I'd say it's extremely helpful anywhere. We enable it on every single port unless there is a specific reason to disable it. Our particularly clueful customers can now submit requests like: "For the system attached to port 1/2/3, please switch to VLAN 456." This ticket gets closed in about 10 seconds. We also run LLDP speakers on our University-controlled workstations so we can see details about the system in "slow lldp neighbor" on the switch. The more LLDP the better, from my perspective.
participants (8)
-
Anderson, Charles R -
Eddie Parra -
Hunter Fuller -
Mike O'Connor -
Owen DeLong -
Pierfrancesco Caci -
Saku Ytti -
Thomas Mieslinger