Thursday, December 15, 2016

NFV'ing LLDP (making IP phones work)

Many IP phones use LLDP to figure out what VLAN to use, for DHCP (having a built in switch - the phone accepts both tagged and untagged traffic - the untagged traffic is switched through to a connected device like a PC, and the tagged traffic the phone keeps to itself).

The phone generally waits for an LLDP server to send it an LLDP frame to cue it with the right VLAN to use. FAUCET doesn't do LLDP itself, but, it does of course support doing via NFV. Simply run lldpd on your NFV host, and configure the NFV interface to be in the same untagged (native) VLAN as the port with the phone (the phone's interface will have both tagged and native configuration).

You will also have to specify "drop_lldp: False" in the datapath section of FAUCET's config, to tell FAUCET not to drop LLDP by default.

lldpd should have configuration like (to quote the man page - http://manpages.ubuntu.com/manpages/trusty/man8/lldpcli.8.html):

configure med policy application voice vlan 500 priority voice dscp 46

For an extra level of rigor, you could configure a FAUCET ACL that ensures LLDP from client ports is unconditionally forwarded to the NFV host (so that no other connected device could potentially spoof LLDP).