Saturday, September 17, 2016

Discovery Protocols - Part II

 on  with No comments 
In , ,  
In Part One of this series, I covered the Cisco Discovery Protocol.  It is definitely the best known of discovery protocols, and the one that a student of Cisco certifications is going to care most about.  Cisco Discovery Protocol, or CDP, is used by most Cisco network devices to share topology information.  It is also used by a number of other manufacturers who may call their implementation CDP or Industry Standard Discovery Protocol (ISDP) in order to not reference Cisco.  But other manufacturers have their own protocols, and there have been a few attempts at an industry standard over the years.  In this post, I'm going to present a brief overview of a few of these other discovery protocols.  I may also cover one or more of them (particularly LLDP and LLDP-med) more in depth in the future if and when I feel the need to dig in further.  Most of these protocols are well known by Wireshark, and Wireshark will have display filters for those that are known.

The first protocol I'll mention is the Extreme Discovery Protocol.  I mention this one first because at the heart of my home network and lab network is an Extreme Summit 400-48t switch.  The Extreme Discovery Protocol, or EDP, allows devices from Extreme Networks to share information and learn about neighboring Extreme devices, much as Cisco's CDP does.   With EDP, devices can can share switch MAC address (switch ID), software version information, IP address, VLAN IP information, port number, and configuration data such a duplex and speed.  Uesful EDP commands include the following:

disable edp ports [ports | all]
enable edp ports [ports | all]
show edp port ports detail
configure edp advertisment-interval timer holddown-interval timeout

Sample packet captures of EDP traffic can be found here on the Wireshark Wiki, and Wireshark display filters can be found here.

Next is the Nortel Discovery Protocol (NDP) aka the SynOptics Network Management Prococol (SONMP).  The SONMP name shows that this protocol was created before the SynOptics and Wellfleet merger in 1994.  After the merger, the protocol was rebranded the Bay Network Management Protocol (BNMP), while some packet capture programs referred to it as the Bay Discovery Protocol (BDP), or the Bay Topological Protocol.  Nortel renamed it NDP after acquiring Bay Networks.  It has also gone by the names Nortel Topological Discovery Protocol (NTDP) and Nortel Management MIB (NMM).   Wireshark display filters can be found here.

Like EDP, NDP is similar in functionality to Cisco's CDP though much simpler in configuration and operation. Nortel's Java Device Manager can display a graphical topology table of the network based on information learned through the NDP. However some information such as the port where the connection originates is left out. From the CLI of Nortel switches and Ethernet Routing Switches, some useful commands include:

show autotopology nmm-table
show sys topology

Sharing an acronym with the Cisco Discovery Protocol, though having nothing else in common is the Cabletron VlanHello Protocol Specification Version 4 (CDP).   Cabletron's CDP is described in RFC 2641 and RFC 2642, both released in 1999.

Next is the Foundry Discovery Protocol (FDP). This is a very simple protocol that interestingly is disabled by default on Foundary/Brocade devices. As with much of the CLI on Foundary/Brocade devices, the syntax for FDP commands is very Cisco IOS-like.

Microsoft's Link Layer Topology Discovery (LLTD) is a link layer discovery protocol that was introduced with Windows Vista and Server 2008. It is used by the Network Map feature to display a graphical representation of the local area network and/or wireless local area network. LLTD can discover and present information such as MAC address, IPv4 address, IPv6 address, hostname and/or FQDN and the function of devices on the local network.

Other proprietary discovery protocols include the Juniper Neighbor Discovery Protocol and the MikroTik Neighbor Discovery Protocol.  Again, similar in theory, but different in operation and configuration.

Finally, there's the Link Layer Discovery Protocol (LLDP) and it's enhancement, LLDP Media Endpoint Discovery (LLDP-MED) which adds enhancements specifically for media devices and IP phones.  These are IEEE vendor independent standard discovery protocols.  Because I envision studying and discussing these protocols in great depth in a future post, I'm not going to go into detail here.


Post a Comment

Discuss this post!