LLDP TLVs Explained and Frame format
What is LLDP
Link Layer Discovery Protocol (LLDP) is a vendor-independent link layer protocol used by network devices for advertising their identity, and capabilities to neighbors on a LAN segment.
LLDP is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network. This protocol runs over the Data Link Layer, which allows two systems running different network layer protocols to learn about each other.
LLDP TLVs
LLDP supports a set of attributes that it uses to learn information about neighbor devices. These attributes have a defined format known as a Type-Length-Value (TLV). LLDP-supported devices can use TLVs to receive and send information to their neighbors. Details such as configuration information, device capabilities, and device identity can be advertised using this protocol.
The topology of an LLDP-enabled network can be discovered by crawling the hosts and querying this database. Information that may be retrieved include:
- System name and description
- Port name and description
- VLAN name
- IP management address
- System capabilities (switching, routing, etc.)
- MAC/PHY information
- MDI power
- Link aggregation
Each LLDP frame starts with the following mandatory TLVs: Chassis ID, Port ID, and Time-to-Live. The mandatory TLVs are followed by any number of optional TLVs.
LLDP Frame format
LLDP frames use the IEEE 802.3 format, which consists of the following fields:
• Destination address (6 bytes): Uses a multicast address of 01-80-C2-00-00-0E.
• Source address (6 bytes): MAC address of the sending device or port.
• LLDP Ethertype (2 bytes): Uses 88-CC.
• LLDP PDU (1500 bytes): LLDP payload consisting of TLVs.
• FCS (4 bytes): Cyclic Redundancy Check (CRC) for error checking.
The frame optionally ends with a special TLV: named end of LLDPDU in which both the type and length fields are 0
LLDP TLV Format
an LLDP TLVs carry the information about neighboring devices within the LLDP PDU using the following basic format:
TLV Header (16 bits), which includes the following fields:
• TLV Type (7 bits)
• TLV Information String Length (9 bits)
• TLV Information String (0 to 511 bytes)
To see the whole picture, below is the LLDP frame format (from cisco learning):
Below is an example of an LLDP Frame captured in Wireshark:
LLDP Operating modes
LLDP supports three different operating modes:
- Transmit only – Transmits LLDP packets, do not process received packets and discards them.
- Receive only – Processes received LLDP packets but do not sends LLDP packets.
- Both transmit and receive – Perform both transmit and receive LLDP packet processing
LLDP Timers
- Hold time: – Is the duration that a receiving device should maintain LLDP neighbor information before aging it. If this timer expires and no LLDP packet is received the neighbor information is wiped. Default is 120 seconds.
- LLDP Packet Frequency timer: – An interval at which the device sends LLDP updates to neighbors. Default is 30 seconds.
- Reinit time: – The delay time in seconds for LLDP to initialize on any interface. Default is 2 seconds
