From: Jarrod J. <jjo...@le...> - 2015-07-30 00:19:46
|
Genesis actually does collect and relays lldp data when available. In this case, it would be of no help since that also is not supported by this switch to my knowledge. I can't think of a switch that does lldp but not bridge mib or q bridge. Now the next logical question is why does it bother with switch interrogation at all when a lldp clue is seen. I know its not perfect, but it at least is somewhat independent verification of the data rather than trusting it at face value. After that the next question would be why grab if not to trust it. One for debug. The other little surprise is that it publishes a public key code to the switch using lldp. One day I was hoping to get around to harder verification using snmpv3 to get the public key from the switch and use the key to provide some meaningful assurance of the full key and chain it to provide secure credentials. Basically I have ambitions of one day providing a more secure flow for things like host keys, kerberos principals and tls certificates, today has a lot of security gaps for sake of convenience, and I hope to preserve or improve the convenience while mitigating risks better. On Jul 29, 2015 8:01 PM, Allison Andrews <aka...@lb...> wrote: On 7/26/15 5:02 PM, Christopher Samuel wrote: > On 23/07/15 02:11, Jarrod Johnson wrote: > >> Mellanox has declined our request to report mac address forwarding >> databases on their ethernet products (they did not disagree with the >> feature, just did not think they could justify the development >> investment to make it happen). > > That's a real shame, perhaps there should be a caveat in the xCAT > documentation to avoid these products if you're using xCAT? > > All the best, > Chris > Has anyone considered adapting the xcat discovery feature to use LLDP data collected from the switch by the node being installed rather than SNMP data collected by the xcat master? This seems to be the route other provisioning tools are heading(I know Razor - https://docs.puppetlabs.com/pe/latest/razor_intro.html uses this approach) and might allow xcat to work with more hardware. -Allie ------------------------------------------------------------------------------ _______________________________________________ xCAT-user mailing list xCA...@li... https://lists.sourceforge.net/lists/listinfo/xcat-user |