Parse D-Link LLDP Data With Python: A Comprehensive Guide

Hey guys! Today, we're diving into the fascinating world of network device discovery and how to parse LLDP (Link Layer Discovery Protocol) data from D-Link switches using Python. LLDP is super useful for network admins because it allows devices on a network to advertise their identity, capabilities, and neighbors. This means we can programmatically gather information about our network topology, which is pretty awesome. Let’s get started!

Why Parse LLDP Data?

Before we jump into the code, let's talk about why parsing LLDP data is so important. In network management, understanding your network's layout is crucial. LLDP data provides a detailed view of connected devices, their ports, and other vital information. This knowledge helps in several ways:

• Network Mapping: Automatically generate network diagrams, saving tons of manual effort.
• Troubleshooting: Quickly identify connectivity issues and trace paths between devices.
• Inventory Management: Keep track of all devices and their configurations.
• Security: Detect unauthorized devices or misconfigurations.

Parsing LLDP data allows us to automate these tasks, making network management more efficient and less error-prone. Plus, it's a great way to level up your Python scripting skills!

Understanding the D-Link LLDP Output

First things first, let’s get familiar with the raw LLDP output from a D-Link switch. Typically, when you execute a command to display LLDP information on a D-Link switch, the output is structured in blocks, with each block representing a port and its neighbors. This output includes details like:

• Port ID: The interface on the local switch.
• Chassis ID: The MAC address of the neighbor device.
• Port Description: A textual description of the neighbor's port.
• System Name: The hostname of the neighbor device.
• System Description: A detailed description of the neighbor device.

Here’s a simplified example of what this output might look like:

Port ID : gi1/0/1
Chassis ID : 00-11-22-33-44-55
Port Description : GigabitEthernet1/0/1
System Name : NeighborSwitch1
System Description : D-Link Gigabit Switch

Port ID : gi1/0/2
Chassis ID : AA-BB-CC-DD-EE-FF
Port Description : GigabitEthernet1/0/2
System Name : NeighborSwitch2
System Description : D-Link Gigabit Switch

As you can see, the output is human-readable but not exactly machine-friendly. Our goal is to transform this unstructured text into structured data that we can easily work with in Python. This involves using regular expressions to identify patterns and extract the relevant information.

Breaking Down the Structure

The key to parsing this output is recognizing the consistent structure. Each port's information is presented in a block, starting with “Port ID” and containing other key-value pairs. The challenge lies in splitting the output into these blocks and then extracting the values associated with each key. We'll use Python’s re module (regular expressions) to tackle this.

The Python Function: parse_dlink_lldp_output

Now, let's dive into the Python function parse_dlink_lldp_output that's designed to do exactly this. We'll break down the code step by step to understand how it works.

import re

def parse_dlink_lldp_output(output: str, ip: str) -> list:
    result = []
    port_blocks = re.split(r"(Port ID\s*:\s*(?:\d+|gi\d+/\d+/\d+|te\d+/\d+/\d+))", output, flags=re.IGNORECASE)
    for i in range(1, len(port_blocks), 2):
        port_id_line = port_blocks[i]
        port_info = port_blocks[i+1]
        
        match = re.search(r"Port ID\s*:\s*(?P<port_id>\d+|gi\d+/\d+/\d+|te\d+/\d+/\d+)", port_id_line, re.IGNORECASE)
        if not match:
            continue
        port_id = match.group("port_id")

        neighbor_info = {"ip": ip, "port": port_id}

        for line in port_info.strip().split("\n"):
            if "Chassis ID" in line:
                match = re.search(r"Chassis ID\s*:\s*(?P<chassis_id>\S+)", line, re.IGNORECASE)
                if match:
                    neighbor_info["chassis_id"] = match.group("chassis_id")
            elif "Port Description" in line:
                match = re.search(r"Port Description\s*:\s*(?P<port_description>.+)", line, re.IGNORECASE)
                if match:
                    neighbor_info["port_description"] = match.group("port_description").strip()
            elif "System Name" in line:
                match = re.search(r"System Name\s*:\s*(?P<system_name>.+)", line, re.IGNORECASE)
                if match:
                    neighbor_info["system_name"] = match.group("system_name").strip()
            elif "System Description" in line:
                match = re.search(r"System Description\s*:\s*(?P<system_description>.+)", line, re.IGNORECASE)
                if match:
                    neighbor_info["system_description"] = match.group("system_description").strip()

        result.append(neighbor_info)
    return result

Step-by-Step Breakdown

1. Importing the re Module: We start by importing the re module, which provides regular expression operations.

   import re
   

2. Function Definition: The function parse_dlink_lldp_output takes two arguments: output (the raw LLDP output as a string) and ip (the IP address of the switch). It returns a list of dictionaries, where each dictionary represents a neighbor device.

   def parse_dlink_lldp_output(output: str, ip: str) -> list:
       result = []
   

3. Splitting the Output into Port Blocks: The core of the parsing logic is splitting the output into blocks, each corresponding to a port. We use re.split with a regular expression that matches the “Port ID” line. The re.split function splits the string at each match of the pattern, and the pattern itself is also included in the result. This is why we use a capturing group (...) in the regex.

   port_blocks = re.split(r"(Port ID\s*:\s*(?:\d+|gi\d+/\d+/\d+|te\d+/\d+/\d+))", output, flags=re.IGNORECASE)
   

   • r"(Port ID\s*:\s*(?:\d+|gi\d+/\d+/\d+|te\d+/\d+/\d+))": This is the regular expression pattern.
     • Port ID\s*:: Matches the literal string “Port ID” followed by zero or more whitespace characters and a colon.
     • \s*: Matches zero or more whitespace characters.
     • (?:\d+|gi\d+/\d+/\d+|te\d+/\d+/\d+): This is a non-capturing group (?:...) that matches either:
       • \d+: One or more digits (e.g., “1”).
       • gi\d+/\d+/\d+: “gi” followed by digits and slashes (e.g., “gi1/0/1”).
       • te\d+/\d+/\d+: “te” followed by digits and slashes (e.g., “te1/0/1”).
   • flags=re.IGNORECASE: This flag makes the regular expression case-insensitive.

4. Iterating Through Port Blocks: The port_blocks list contains alternating “Port ID” lines and port information blocks. We iterate through this list with a step of 2 to process each port block.

   for i in range(1, len(port_blocks), 2):
       port_id_line = port_blocks[i]
       port_info = port_blocks[i+1]
   

   • We start from index 1 because the first element is likely to be an empty string or some initial text before the first “Port ID”.
   • port_id_line gets the “Port ID” line.
   • port_info gets the block of text containing the rest of the port information.

5. Extracting the Port ID: We use re.search to extract the port ID from the port_id_line. The regular expression looks for the “Port ID” line and captures the actual ID using a named capturing group (?P<port_id>...).

   match = re.search(r"Port ID\s*:\s*(?P<port_id>\d+|gi\d+/\d+/\d+|te\d+/\d+/\d+)", port_id_line, re.IGNORECASE)
   if not match:
       continue
   port_id = match.group("port_id")
   

   • If no match is found, we use continue to skip to the next iteration.
   • match.group("port_id") retrieves the captured port ID.

6. Initializing the Neighbor Information Dictionary: We create a dictionary neighbor_info to store the information about the neighbor device. It initially includes the switch IP and the port ID.

   neighbor_info = {"ip": ip, "port": port_id}
   

7. Parsing Port Information Lines: We split the port_info block into lines and iterate through them to extract the Chassis ID, Port Description, System Name, and System Description.

   for line in port_info.strip().split("\n"):
       if "Chassis ID" in line:
           match = re.search(r"Chassis ID\s*:\s*(?P<chassis_id>\S+)", line, re.IGNORECASE)
           if match:
               neighbor_info["chassis_id"] = match.group("chassis_id")
       elif "Port Description" in line:
           match = re.search(r"Port Description\s*:\s*(?P<port_description>.+)", line, re.IGNORECASE)
           if match:
               neighbor_info["port_description"] = match.group("port_description").strip()
       elif "System Name" in line:
           match = re.search(r"System Name\s*:\s*(?P<system_name>.+)", line, re.IGNORECASE)
           if match:
               neighbor_info["system_name"] = match.group("system_name").strip()
       elif "System Description" in line:
           match = re.search(r"System Description\s*:\s*(?P<system_description>.+)", line, re.IGNORECASE)
           if match:
               neighbor_info["system_description"] = match.group("system_description").strip()
   

   • For each type of information (Chassis ID, Port Description, etc.), we check if the line contains the corresponding string.
   • If it does, we use re.search with a specific regular expression to extract the value.
   • The extracted value is added to the neighbor_info dictionary.

8. Appending to the Result: After parsing all the information for a port, we append the neighbor_info dictionary to the result list.

   result.append(neighbor_info)
   

9. Returning the Result: Finally, the function returns the result list, which contains dictionaries representing all the neighbor devices.

   return result
   

Key Regular Expressions Explained

Let's take a closer look at some of the regular expressions used in the function:

• Port ID: r"Port ID\s*:\s*(?P<port_id>\d+|gi\d+/\d+/\d+|te\d+/\d+/\d+)"
  • This regex captures the port ID, which can be a simple number (e.g., “1”) or a more complex interface name (e.g., “gi1/0/1” or “te1/0/1”).
• Chassis ID: r"Chassis ID\s*:\s*(?P<chassis_id>\S+)"
  • This regex captures the chassis ID, which is typically a MAC address. \S+ matches one or more non-whitespace characters.
• Port Description: r"Port Description\s*:\s*(?P<port_description>.+)"
  • This regex captures the port description. .+ matches any character (except newline) one or more times.
• System Name: r"System Name\s*:\s*(?P<system_name>.+)"
  • This regex captures the system name (hostname). .+ matches any character (except newline) one or more times.
• System Description: r"System Description\s*:\s*(?P<system_description>.+)"
  • This regex captures the system description. .+ matches any character (except newline) one or more times.

Using named capturing groups (?P<name>...) makes it easier to access the captured values by name (e.g., match.group("port_id")).

Example Usage

To use the function, you’ll need to get the LLDP output from your D-Link switch. You can do this via SSH using a library like netmiko or paramiko. Here’s a basic example using netmiko:

from netmiko import ConnectHandler

def get_lldp_output(device, command="show lldp neighbors"): 
    try:
        with ConnectHandler(**device) as net_connect:
            output = net_connect.send_command(command)
            return output
    except Exception as e:
        print(f"Error connecting to device {device['host']}: {e}")
        return None


# Device credentials
device = {
    "device_type": "dlink_switch",
    "host": "your_switch_ip",
    "username": "your_username",
    "password": "your_password",
}

output = get_lldp_output(device)

if output:
    lldp_data = parse_dlink_lldp_output(output, device["host"])
    for neighbor in lldp_data:
        print(neighbor)

In this example, we first define a function get_lldp_output that uses netmiko to connect to the switch and execute the show lldp neighbors command. Then, we call our parse_dlink_lldp_output function with the output and the switch’s IP address. Finally, we print the parsed LLDP data, which will be a list of dictionaries.

Integrating with netmiko

The netmiko library simplifies SSH connections to network devices. To use it, you'll need to install it:

pip install netmiko

The get_lldp_output function demonstrates how to establish a connection, send a command, and retrieve the output. Error handling is included to catch any connection issues.

Real-World Applications

So, what can you do with this parsed LLDP data in the real world? Here are a few ideas:

Network Inventory

You can create a script that polls all your switches, parses the LLDP data, and stores it in a database. This gives you a centralized inventory of all connected devices, their interfaces, and neighbor relationships. This can be super handy for tracking hardware and software versions, and also for capacity planning.

Network Mapping

By analyzing the LLDP data, you can automatically generate network diagrams. You can use libraries like graphviz to visualize the network topology, showing how devices are connected. This is a huge time-saver compared to manually drawing diagrams, and keeps your documentation up-to-date.

Troubleshooting and Monitoring

If a device goes offline, you can use LLDP data to quickly trace the path to that device and identify potential issues. You can also set up monitoring scripts that alert you if a new, unknown device appears on the network, which could be a security risk.

Advanced Tips and Tricks

To take your LLDP parsing skills to the next level, here are a few advanced tips:

Handling Different Output Formats

D-Link switches may have different output formats depending on the firmware version or configuration. You might need to adjust the regular expressions to handle these variations. Always test your script with a variety of outputs to ensure it works correctly.

Error Handling

Implement robust error handling in your script. This includes handling SSH connection errors, parsing errors, and unexpected output formats. Logging errors can help you troubleshoot issues and improve the script’s reliability.

Data Validation

Validate the parsed data to ensure its accuracy. For example, you can check if MAC addresses are in the correct format or if interface names are valid. This can help you catch errors in the LLDP output or in your parsing logic.

Storing Data

Consider storing the parsed LLDP data in a structured format, such as a database or a JSON file. This makes it easier to query and analyze the data, and to integrate it with other network management tools. You could use SQLite for a simple local database, or a more robust database like PostgreSQL for larger deployments.

Conclusion

Parsing LLDP data from D-Link switches is a powerful way to automate network discovery and management tasks. By using Python and regular expressions, you can transform raw LLDP output into structured data that can be used for network mapping, inventory management, troubleshooting, and more. I hope this comprehensive guide has given you a solid foundation for working with LLDP data. Now go out there and start parsing!

This detailed guide should help you not only understand the code but also apply it in practical scenarios. Happy coding, and may your networks always be discoverable!