Monitor the LLDP Service

The Cumulus NetQ UI enables operators to view the health of the LLDP service on a network-wide and a per session basis, giving greater insight into all aspects of the service. This is accomplished through two card workflows, one for the service and one for the session. They are described separately here.

Monitor the LLDP Service (All Sessions)

With NetQ, you can monitor the number of nodes running the LLDP service, view nodes with the most LLDP neighbor nodes, those nodes with the least neighbor nodes, and view alarms triggered by the LLDP service. For an overview and how to configure LLDP in your data center network, refer to Link Layer Discovery Protocol.

LLDP Service Card Workflow Summary

The small LLDP Service card displays:

Item

Description

Indicates data is for all sessions of a Network Service or Protocol

Title

LLDP: All LLDP Sessions, or the LLDP Service

Total number of switches with the LLDP service enabled during the designated time period

Total number of LLDP-related alarms received during the designated time period

Chart

Distribution of LLDP-related alarms received during the designated time period

The medium LLDP Service card displays:

Item

Description

Time period

Range of time in which the displayed data was collected; applies to all card sizes

Indicates data is for all sessions of a Network Service or Protocol

Title

LLDP: All LLDP Sessions, or the LLDP Service

Total number of switches with the LLDP service enabled during the designated time period

Total number of LLDP-related alarms received during the designated time period

Total Nodes Running chart

Distribution of switches and hosts with the LLDP service enabled during the designated time period, and a total number of nodes running the service currently.

Note: The node count here may be different than the count in the summary bar. For example, the number of nodes running LLDP last week or last month might be more or less than the number of nodes running LLDP currently.

Total Open Alarms chart

Distribution of LLDP-related alarms received during the designated time period, and the total number of current LLDP-related alarms in the network.

Note: The alarm count here may be different than the count in the summary bar. For example, the number of new alarms received in this time period does not take into account alarms that have already been received and are still active. You might have no new alarms, but still have a total number of alarms present on the network of 10.

Total Sessions chart

Distribution of LLDP sessions running during the designated time period, and the total number of sessions running on the network currently.

The large LLDP service card contains two tabs.

The Sessions Summary tab which displays:

Item

Description

Time period

Range of time in which the displayed data was collected; applies to all card sizes

Indicates data is for all sessions of a Network Service or Protocol

Title

Sessions Summary (Network Services | All LLDP Sessions)

Total number of switches with the LLDP service enabled during the designated time period

Total number of LLDP-related alarms received during the designated time period

Total Nodes Running chart

Distribution of switches and hosts with the LLDP service enabled during the designated time period, and a total number of nodes running the service currently.

Note: The node count here may be different than the count in the summary bar. For example, the number of nodes running LLDP last week or last month might be more or less than the number of nodes running LLDP currently.

Total Sessions chart

Distribution of LLDP sessions running during the designated time period, and the total number of sessions running on the network currently

Total Sessions with No Nbr chart

Distribution of LLDP sessions missing neighbor information during the designated time period, and the total number of session missing neighbors in the network currently

Table/Filter options

When the Switches with Most Sessions filter is selected, the table displays switches running LLDP sessions in decreasing order of session count—devices with the largest number of sessions are listed first

When the Switches with Most Unestablished Sessions filter is selected, the table displays switches running LLDP sessions in decreasing order of unestablished session count—devices with the largest number of unestablished sessions are listed first

Show All Sessions

Link to view all LLDP sessions in the full screen card

The Alarms tab which displays:

Item

Description

Time period

Range of time in which the displayed data was collected; applies to all card sizes

(in header)

Indicates data is all alarms for all LLDP sessions

Title

Alarms (visible when you hover over card)

Total number of switches with the LLDP service enabled during the designated time period

(in summary bar)

Total number of LLDP-related alarms received during the designated time period

Total Alarms chart

Distribution of LLDP-related alarms received during the designated time period, and the total number of current LLDP-related alarms in the network.

Note: The alarm count here may be different than the count in the summary bar. For example, the number of new alarms received in this time period does not take into account alarms that have already been received and are still active. You might have no new alarms, but still have a total number of alarms present on the network of 10.

Table/Filter options

When the Events by Most Active Device filter is selected, the table displays switches running LLDP sessions in decreasing order of alarm count—devices with the largest number of sessions are listed first

Show All Sessions

Link to view all LLDP sessions in the full screen card

The full screen LLDP Service card provides tabs for all switches, all sessions, and all alarms.

Item

Description

Title

Network Services | LLDP

Closes full screen card and returns to workbench

Time period

Range of time in which the displayed data was collected; applies to all card sizes; select an alternate time period by clicking

Results

Number of results found for the selected tab

All Switches tab

Displays all switches and hosts running the EVPN service. By default, the device list is sorted by hostname. This tab provides the following additional data about each device:

  • Agent

    • State: Indicates communication state of the NetQ Agent on a given device. Values include Fresh (heard from recently) and Rotten (not heard from recently).

    • Version: Software version number of the NetQ Agent on a given device. This should match the version number of the NetQ software loaded on your server or appliance; for example, 2.1.0.

  • ASIC

    • Core BW: Maximum sustained/rated bandwidth. Example values include 2.0 T and 720 G.

    • Model: Chip family. Example values include Tomahawk, Trident, and Spectrum.

    • Model Id: Identifier of networking ASIC model. Example values include BCM56960 and BCM56854.

    • Ports: Indicates port configuration of the switch. Example values include 32 x 100G-QSFP28, 48 x 10G-SFP+, and 6 x 40G-QSFP+.

    • Vendor: Manufacturer of the chip. Example values include Broadcom and Mellanox.

  • CPU

    • Arch: Microprocessor architecture type. Values include x86_64 (Intel), ARMv7 (AMD), and PowerPC.

    • Max Freq: Highest rated frequency for CPU. Example values include 2.40 GHz and 1.74 GHz.

    • Model: Chip family. Example values include Intel Atom C2538 and Intel Atom C2338.

    • Nos: Number of cores. Example values include 2, 4, and 8.

  • Disk Total Size: Total amount of storage space in physical disks (not total available). Example values: 10 GB, 20 GB, 30 GB.

  • License State: Indicator of validity. Values include ok and bad.

  • Memory Size: Total amount of local RAM. Example values include 8192 MB and 2048 MB.

  • OS

    • Vendor: Operating System manufacturer. Values include Cumulus Networks, RedHat, Ubuntu, and CentOS.

    • Version: Software version number of the OS. Example values include 3.7.3, 2.5.x, 16.04, 7.1.

    • Version Id: Identifier of the OS version. For Cumulus, this is the same as the Version (3.7.x).

  • Platform

    • Date: Date and time the platform was manufactured. Example values include 7/12/18 and 10/29/2015.

    • MAC: System MAC address. Example value: 17:01:AB:EE:C3:F5.

    • Model: Manufacturer's model name. Examples include AS7712-32X and S4048-ON.

    • Number: Manufacturer part number. Examples values include FP3ZZ7632014A, 0J09D3.

    • Revision: Release version of the platform

    • Series: Manufacturer serial number. Example values include D2060B2F044919GD000060, CN046MRJCES0085E0004.

    • Vendor: Manufacturer of the platform. Example values include Cumulus Express, Dell, EdgeCore, Lenovo, Mellanox.

  • Time: Date and time the data was collected from device.

All Sessions tab

Displays all EVPN sessions network-wide. By default, the session list is sorted by hostname. This tab provides the following additional data about each session:

  • Adv All Vni: Indicates whether the VNI state is advertising all VNIs (true) or not (false)

  • Adv Gw Ip: Indicates whether the host device is advertising the gateway IP address (true) or not (false)

  • DB State: Session state of the DB

  • Export RT: IP address and port of the export route target used in the filtering mechanism for BGP route exchange

  • Import RT: IP address and port of the import route target used in the filtering mechanism for BGP route exchange

  • In Kernel: Indicates whether the associated VNI is in the kernel (in kernel) or not (not in kernel)

  • Is L3: Indicates whether the session is part of a layer 3 configuration (true) or not (false)

  • Origin Ip: Host device's local VXLAN tunnel IP address for the EVPN instance

  • OPID: LLDP service identifier

  • Rd: Route distinguisher used in the filtering mechanism for BGP route exchange

  • Timestamp: Date and time the session was started, deleted, updated or marked as dead (device is down)

  • Vni: Name of the VNI where session is running

All Sessions tab

Displays all LLDP sessions network-wide. By default, the session list is sorted by hostname. This tab provides the following additional data about each session:

  • DB State: Session state of the DB.

  • Ifname: Name of the host interface where LLDP session is running

  • LLDP Peer:

    • Os: Operating system (OS) used by peer device. Values include Cumulus Linux, RedHat, Ubuntu, and CentOS.

    • Osv: Version of the OS used by peer device. Example values include 3.7.3, 2.5.x, 16.04, 7.1.

    • Bridge: Indicates whether the peer device is a bridge (true) or not (false)

    • Router: Indicates whether the peer device is a router (true) or not (false)

    • Station: Indicates whether the peer device is a station (true) or not (false)

  • OPID: LLDP service identifier

  • Peer:

    • Hostname: User-defined name for the peer device

    • Ifname: Name of the peer interface where the session is running

  • Timestamp: Date and time that the session was started, deleted, updated, or marked dead (device is down)

All Alarms tab

Displays all LLDP events network-wide. By default, the event list is sorted by time, with the most recent events listed first. The tab provides the following additional data about each event:

  • Message: Text description of a LLDP-related event. Example: LLDP Session with host leaf02 swp6 modified fields leaf06 swp21

  • Source: Hostname of network device that generated the event

  • Severity: Importance of the event. Values include critical, warning, info, and debug.

  • Type: Network protocol or service generating the event. This always has a value of lldp in this card workflow.

Export

Enables export of all or selected items in a CSV or JSON formatted file

Enables manipulation of table display; choose columns to display and reorder columns

View Service Status Summary

A summary of the LLDP service is available from the Network Services card workflow, including the number of nodes running the service, the number of LLDP-related alarms, and a distribution of those alarms.

To view the summary, open the small LLDP Service card.

In this example, there are no LLDP alarms present on the network of 14 devices.

For more detail, select a different size LLDP Network Services card.

View the Distribution of Nodes, Alarms, and Sessions

It is useful to know the number of network nodes running the LLDP protocol over a period of time, as it gives you insight into nodes that might be misconfigured or experiencing communication issues. Additionally, if there are a large number of alarms, it is worth investigating either the service or particular devices.

To view the distribution, open the medium LLDP Service card.

In this example, we see that 13 nodes are running the LLDP protocol, that there are 52 sessions established, and that no LLDP-related alarms have occurred in the last 24 hours.

View the Distribution of Missing Neighbors

You can view the number of missing neighbors in any given time period and how that number has changed over time. This is a good indicator of link communication issues.

To view the distribution, open the large LLDP Service card and view the bottom chart on the left, Total Sessions with No Nbr.

In this example, we see that 16 of the 52 sessions are missing the neighbor (peer) device.

View Devices with the Most LLDP Sessions

You can view the load from LLDP on your switches using the large LLDP Service card. This data enables you to see which switches are handling the most LLDP traffic currently, validate that is what is expected based on your network design, and compare that with data from an earlier time to look for any differences.

To view switches and hosts with the most LLDP sessions:

  1. Open the large LLDP Service card.
  2. Select Switches with Most Sessions from the filter above the table.
    The table content is sorted by this characteristic, listing nodes running the most LLDP sessions at the top. Scroll down to view those with the fewest sessions.

To compare this data with the same data at a previous time:

  1. Open another large LLDP Service card.
  2. Move the new card next to the original card if needed.
  3. Change the time period for the data on the new card by hovering over the card and clicking .
  4. Select the time period that you want to compare with the current time.
    You can now see whether there are significant differences between this time period and the previous time period.

    In this case, notice that the alarms have reduced significantly in the last week. If the changes are unexpected, you can investigate further by looking at another time frame, determining if more nodes are now running LLDP than previously, looking for changes in the topology, and so forth.

View Devices with the Most Unestablished LLDP Sessions

You can identify switches that are experiencing difficulties establishing LLDP sessions; both currently and in the past.

To view switches with the most unestablished LLDP sessions:

  1. Open the large LLDP Service card.
  2. Select Switches with Most Unestablished Sessions from the filter above the table.
    The table content is sorted by this characteristic, listing nodes with the most unestablished CLAG sessions at the top. Scroll down to view those with the fewest unestablished sessions.

Where to go next depends on what data you see, but a few options include:

  • Change the time period for the data to compare with a prior time.

    If the same switches are consistently indicating the most unestablished sessions, you might want to look more carefully at those switches using the Switches card workflow to determine probable causes. Refer to Monitor Switches.

  • Click Show All Sessions to investigate all LLDP sessions with events in the full screen card.

Switches experiencing a large number of LLDP alarms may indicate a configuration or performance issue that needs further investigation. You can view the switches sorted by the number of LLDP alarms and then use the Switches card workflow or the Alarms card workflow to gather more information about possible causes for the alarms.

To view switches with most LLDP alarms:

  1. Open the large LLDP Service card.
  2. Hover over the header and click .
  3. Select Events by Most Active Device from the filter above the table.
    The table content is sorted by this characteristic, listing nodes with the most BGP alarms at the top. Scroll down to view those with the fewest alarms.

Where to go next depends on what data you see, but a few options include:

  • Hover over the Total Alarms chart to focus on the switches exhibiting alarms during that smaller time slice.
    The table content changes to match the hovered content. Click on the chart to persist the table changes.
  • Change the time period for the data to compare with a prior time. If the same switches are consistently indicating the most alarms, you might want to look more carefully at those switches using the Switches card workflow.
  • Click Show All Sessions to investigate all switches running LLDP sessions in the full screen card.

View All LLDP Events

The LLDP Network Services card workflow enables you to view all of the LLDP events in the designated time period.

To view all LLDP events:

  1. Open the full screen LLDP Service card.
  2. Click the All Alarms tab.

Where to go next depends on what data you see, but a few options include:

  • Open the All Switches or All Sessions tabs to look more closely at the alarms from the switch or session perspective.
  • Sort on other parameters:
    • by Message to determine the frequency of particular events
    • by Severity to determine the most critical events
    • by Time to find events that may have occurred at a particular time to try to correlate them with other system events
  • Export data to a file
  • Return to your workbench by clicking in the top right corner

View Details About All Switches Running LLDP

You can view all stored attributes of all switches running LLDP in your network in the full screen card.

To view all switch details, open the LLDP Service card, and click the All Switches tab.

Return to your workbench by clicking in the top right corner.

View Detailed Information About All LLDP Sessions

You can view all stored attributes of all LLDP sessions in your network in the full screen card.

To view all session details, open the LLDP Service card, and click the All Sessions tab.

Return to your workbench by clicking in the top right corner.

Take Actions on Data Displayed in Results List

In the full screen LLDP Service card, you can determine which results are displayed in the results list, and which are exported.

To take actions on the data, click in the blank column at the very left of a row. A checkbox appears, selecting that switch, session, or alarm, and an edit menu is shown at the bottom of the card (shown enlarged here).

You can perform the following actions on the results list:

Option Action or Behavior on Click
Select All Selects all items in the results list
Clear All Clears all existing selections of items in the results list. This also hides the edit menu.
Open Cards Open the corresponding validation or trace result card.
Hide Selected Hide selected items (switches, sessions, alarms, and so forth) from the results list.
Show Only Selected Hide unselected items (switches, sessions, alarms, and so forth) from the results list.
Export Selected Exports selected data into a .csv file. If you want to export to a .json file format, use the Export button.

To return to original display of results, click the associated tab.

Monitor a Single LLDP Session

With NetQ, you can monitor the number of nodes running the LLDP service, view neighbor state changes, and compare with events occurring at the same time, as well as monitor the running LLDP configuration and changes to the configuration file. For an overview and how to configure LLDP in your data center network, refer to Link Layer Discovery Protocol.

To access the single session cards, you must open the full screen LLDP Service card, click the All Sessions tab, select the desired session, then click (Open Cards).

Granularity of Data Shown Based on Time Period

On the medium and large single LLDP session cards, the status of the neighboring peers is represented in heat maps stacked vertically; one for peers that are reachable (neighbor detected), and one for peers that are unreachable (neighbor not detected). Depending on the time period of data on the card, the number of smaller time blocks used to indicate the status varies. A vertical stack of time blocks, one from each map, includes the results from all checks during that time. The results are shown by how saturated the color is for each block. If all peers during that time period were detected for the entire time block, then the top block is 100% saturated (white) and the neighbor not detected block is zero percent saturated (gray). As peers become reachable, the neighbor detected block increases in saturation, the peers that are unreachable (neighbor not detected) block is proportionally reduced in saturation. An example heat map for a time period of 24 hours is shown here with the most common time periods in the table showing the resulting time blocks.

Time Period Number of Runs Number Time Blocks Amount of Time in Each Block
6 hours 18 6 1 hour
12 hours 36 12 1 hour
24 hours 72 24 1 hour
1 week 504 7 1 day
1 month 2,086 30 1 day
1 quarter 7,000 13 1 week

LLDP Session Card Workflow Summary

The small LLDP Session card displays:

Item

Description

Indicates data is for a single session of a Network Service or Protocol

Title

LLDP Session

 

Host and peer devices in session. Arrow points from host to peer.

,

Indicates whether the host sees the peer or not; has a peer, no peer

The medium LLDP Session card displays:

Item

Description

Time period

Range of time in which the displayed data was collected

Indicates data is for a single session of a Network Service or Protocol

Title

LLDP Session

 

Host and peer devices in session. Arrow points from host to peer.

,

Indicates whether the host sees the peer or not; has a peer, no peer

Time period

Range of time for the distribution chart

Heat map

Distribution of neighbor availability (detected or undetected) during this given time period

Hostname

User-defined name of the host device

Interface Name

Software interface on the host device where the session is running

Peer Hostname

User-defined name of the peer device

Peer Interface Name

Software interface on the peer where the session is running

The large LLDP Session card contains two tabs.

The Session Summary tab displays:

 

Description

Time period

Range of time in which the displayed data was collected

Indicates data is for a single session of a Network Service or Protocol

Title

Summary Session (Network Services | LLDP Session)

 

Host and peer devices in session. Arrow points from host to peer.

,

Indicates whether the host sees the peer or not; has a peer, no peer

Heat map

Distribution of neighbor state (detected or undetected) during this given time period

Alarm Count chart

Distribution and count of LLDP alarm events during the given time period

Info Count chart

Distribution and count of LLDP info events during the given time period

Host Interface Name

Software interface on the host where the session is running

Peer Hostname

User-defined name of the peer device

Peer Interface Name

Software interface on the peer where the session is running

The Configuration File Evolution tab displays:

Item

Description

Time period

Range of time in which the displayed data was collected; applies to all card sizes

Indicates configuration file information for a single session of a Network Service or Protocol

Title

(Network Services | LLDP Session) Configuration File Evolution

Device identifiers (hostname, IP address, or MAC address) for host and peer in session. Click to open associated device card.

,

Indicates whether the host sees the peer or not; has a peer, no peer

Timestamps

When changes to the configuration file have occurred, the date and time are indicated. Click the time to see the changed file.

Configuration File

When File is selected, the configuration file as it was at the selected time is shown. When Diff is selected, the configuration file at the selected time is shown on the left and the configuration file at the previous timestamp is shown on the right. Differences are highlighted.

Note: If no configuration file changes have been made, the card shows no results.

The full screen LLDP Session card provides tabs for all LLDP sessions and all events.

Item

Description

Title

Network Services | LLDP

Closes full screen card and returns to workbench

Time period

Range of time in which the displayed data was collected; applies to all card sizes; select an alternate time period by clicking

Results

Number of results found for the selected tab

All LLDP Sessions tab

Displays all LLDP sessions on the host device. By default, the session list is sorted by hostname. This tab provides the following additional data about each session:

  • DB State: Session state of the DB.

  • Ifname: Name of the host interface where LLDP session is running

  • LLDP Peer:

    • Os: Operating system (OS) used by peer device. Values include Cumulus Linux, RedHat, Ubuntu, and CentOS.

    • Osv: Version of the OS used by peer device. Example values include 3.7.3, 2.5.x, 16.04, 7.1.

    • Bridge: Indicates whether the peer device is a bridge (true) or not (false)

    • Router: Indicates whether the peer device is a router (true) or not (false)

    • Station: Indicates whether the peer device is a station (true) or not (false)

  • OPID: LLDP service identifier

  • Peer:

    • Hostname: User-defined name for the peer device

    • Ifname: Name of the peer interface where the session is running

  • Timestamp: Date and time that the session was started, deleted, updated, or marked dead (device is down)

All Events tab

Displays all events network-wide. By default, the event list is sorted by time, with the most recent events listed first. The tab provides the following additional data about each event:

  • Message: Text description of an event. Example: LLDP Session with host leaf02 swp6 modified fields leaf06 swp21

  • Source: Hostname of network device that generated the event

  • Severity: Importance of the event. Values include critical, warning, info, and debug.

  • Type: Network protocol or service generating the event. This always has a value of lldp in this card workflow.

Export

Enables export of all or selected items in a CSV or JSON formatted file

Enables manipulation of table display; choose columns to display and reorder columns

View Session Status Summary

A summary of the LLDP session is available from the LLDP Session card workflow, showing the node and its peer and current status.

To view the summary:

  1. Open the full screen LLDP Service card.
  2. Double-click on a session. The full screen card closes automatically.
  3. Locate the medium LLDP Session card.
  4. Optionally, open the small LLDP Session card.

View LLDP Session Neighbor State Changes

You can view the neighbor state for a given LLDP session from the medium and large LLDP Session cards. For a given time period, you can determine the stability of the LLDP session between two devices. If you experienced connectivity issues at a particular time, you can use these cards to help verify the state of the neighbor. If the neighbor was not alive more than it was alive, you can then investigate further into possible causes.

To view the neighbor availability for a given LLDP session on the medium card:

  1. Open the full screen LLDP Service card.
  2. Double-click on a session. The full screen card closes automatically.
  3. Locate the medium LLDP Session card.

In this example, the heat map tells us that this LLDP session has been able to detect a neighbor for the entire time period.

From this card, you can also view the host name and interface name, and the peer name and interface name.

To view the neighbor availability for a given LLDP session on the large LLDP Session card, open that card.

From this card, you can also view the alarm and info event counts, host interface name, peer hostname, and peer interface identifying the session in more detail.

View Changes to the LLDP Service Configuration File

Each time a change is made to the configuration file for the LLDP service, NetQ logs the change and enables you to compare it with the last version. This can be useful when you are troubleshooting potential causes for alarms or sessions losing their connections.

To view the configuration file changes:

  1. Open the large LLDP Session card.
  2. Hover over the card and click to open the LLDP Configuration File Evolution tab.
  3. Select the time of interest on the left; when a change may have impacted the performance. Scroll down if needed.

  4. Choose between the File view and the Diff view (selected option is dark; File by default).
    The File view displays the content of the file for you to review.

    The Diff view displays the changes between this version (on left) and the most recent version (on right) side by side. The changes are highlighted in red and green. In this example, we don’t have any changes to the file, so the same file is shown on both sides, and thus no highlighted lines.

View All LLDP Session Details

You can view all stored attributes of all of the LLDP sessions associated with the two devices on this card.

To view all session details, open the full screen LLDP Session card, and click the All LLDP Sessions tab.

To return to your workbench, click in the top right of the card.

View All Events

You can view all of the alarm and info events in the network.

To view all events, open the full screen LLDP Session card, and click the All Events tab.

Where to go next depends on what data you see, but a few options include:

  • Open the All LLDP Sessions tabs to look more closely at the details of the sessions between these two devices.
  • Sort on other parameters:
    • by Message to determine the frequency of particular events
    • by Severity to determine the most critical events
    • by Time to find events that may have occurred at a particular time to try to correlate them with other system events
  • Export data to a file
  • Return to your workbench by clicking in the top right corner