ironcore-dev
diff --git a/‎internal/controller/core/interface_controller.go‎
Lines changed: 149 additions & 0 deletions b/‎internal/controller/core/interface_controller.go‎
Lines changed: 149 additions & 0 deletions
diff --git a/‎internal/controller/core/interface_lldp_test.go‎
Lines changed: 111 additions & 0 deletions b/‎internal/controller/core/interface_lldp_test.go‎
Lines changed: 111 additions & 0 deletions
diff --git a/‎internal/controller/core/lldp_controller.go‎
Lines changed: 67 additions & 21 deletions b/‎internal/controller/core/lldp_controller.go‎
Lines changed: 67 additions & 21 deletions
@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"net/netip"
 	"slices"
+	"strings"
 	"time"
 
 	"k8s.io/apimachinery/pkg/api/equality"
@@ -506,6 +507,11 @@ func (r *InterfaceReconciler) reconcile(ctx context.Context, s *scope) (_ ctrl.R
 		return ctrl.Result{}, fmt.Errorf("failed to get interface status: %w", err)
 	}
 
+	// Neighbor adjacencies is only metadata and should not prevent receonciliation
+	if err := r.updateNeighborAdjacenciesStatus(ctx, s, &status); err != nil {
+		ctrl.LoggerFrom(ctx).V(3).Info("failed to update neighbor adjacency status", "error", err, "interface", klog.KObj(s.Interface))
+	}
+
 	cond = metav1.Condition{
 		Type:    v1alpha1.OperationalCondition,
 		Status:  metav1.ConditionTrue,
@@ -525,6 +531,149 @@ func (r *InterfaceReconciler) reconcile(ctx context.Context, s *scope) (_ ctrl.R
 	return ctrl.Result{RequeueAfter: Jitter(r.RequeueInterval)}, nil
 }
 
+// updateNeighborAdjacenciesStatus updates the Interface status with the LLDP neighbor adjacencies returned by the provider.
+// It validates the adjacencies by looking for at the corresponding label/annotation.
+// It first attempts to validate through label (neighbor is managed by the operator and exists as a kubernetes resource).
+// If that fails, it attempts to validate through annotation (neighbor is not managed by the operator).
+// Only returns an error if there is an issue during the validation process, but does not return an error if the validation fails (i.e. the adjacency is marked as invalid).
+func (r *InterfaceReconciler) updateNeighborAdjacenciesStatus(ctx context.Context, s *scope, status *provider.InterfaceStatus) error {
+	if s.Interface.Spec.Type != v1alpha1.InterfaceTypePhysical || len(status.LLDPAdjacencies) == 0 {
+		s.Interface.Status.Neighbors = nil
+		return nil
+	}
+
+	type neighborKey struct{ ChassisID, PortID string }
+
+	existingNeighbors := make(map[neighborKey]v1alpha1.Neighbor)
+	for _, n := range s.Interface.Status.Neighbors {
+		existingNeighbors[neighborKey{n.ChassisID, n.PortID}] = n
+	}
+
+	var errs []error
+	neighbors := make([]v1alpha1.Neighbor, 0, len(status.LLDPAdjacencies))
+	for _, adj := range status.LLDPAdjacencies {
+		key := neighborKey{adj.ChassisID, adj.PortID}
+
+		adjacency := v1alpha1.Neighbor{
+			NeighborInfo: v1alpha1.NeighborInfo{
+				SystemName:        adj.SysName,
+				SystemDescription: adj.SysDescription,
+				ChassisID:         adj.ChassisID,
+				ChassisIDType:     adj.ChassisIDType,
+				PortID:            adj.PortID,
+				PortIDType:        adj.PortIDType,
+				PortDescription:   adj.PortDescription,
+			},
+			Validation: v1alpha1.NeighborValidationUndefined,
+		}
+
+		// The TTL reported by the device and the operator clock can drift one from each other for more than one second.
+		// If we use the TTL to compute ExpirationTime on each reconciliation, then ExpirationTime will keep changing, triggering unnecessary updates to the Interface status.
+		// Thus, we preserve the existing ExpirationTime as long as the neighbor is still valid, at the cost of some inaccuracy.
+		if existing, found := existingNeighbors[key]; found && existing.ExpirationTime != nil && existing.ExpirationTime.After(time.Now()) {
+			adjacency.ExpirationTime = existing.ExpirationTime
+		} else {
+			t := metav1.NewTime(time.Now().Add(time.Duration(adj.TTL) * time.Second).Truncate(time.Second))
+			adjacency.ExpirationTime = &t
+		}
+
+		if err := r.validateLLDPAdjacencyThroughLabel(ctx, s.Interface, &adjacency); err != nil {
+			errs = append(errs, fmt.Errorf("failed to validate LLDP adjacency %q/%q through label: %w", adj.ChassisID, adj.PortID, err))
+		}
+		if adjacency.Validation == v1alpha1.NeighborValidationUndefined {
+			if err := r.validateLLDPAdjacencyThroughAnnotation(ctx, s.Interface, &adjacency); err != nil {
+				errs = append(errs, fmt.Errorf("failed to validate LLDP adjacency %q/%q through annotation: %w", adj.ChassisID, adj.PortID, err))
+			}
+		}
+		neighbors = append(neighbors, adjacency)
+	}
+
+	s.Interface.Status.Neighbors = neighbors
+
+	return kerrors.NewAggregate(errs)
+}
+
+func (r *InterfaceReconciler) validateLLDPAdjacencyThroughLabel(ctx context.Context, intf *v1alpha1.Interface, n *v1alpha1.Neighbor) error {
+	neighborLabelValue, ok := intf.Labels[v1alpha1.PhysicalInterfaceNeighborLabel]
+	if !ok {
+		n.Validation = v1alpha1.NeighborValidationUndefined
+		return nil
+	}
+
+	key := client.ObjectKey{
+		Name:      neighborLabelValue,
+		Namespace: intf.Namespace,
+	}
+
+	remoteIntf := new(v1alpha1.Interface)
+	if err := r.Get(ctx, key, remoteIntf); err != nil {
+		n.Validation = v1alpha1.NeighborValidationError
+		if !apierrors.IsNotFound(err) {
+			return fmt.Errorf("failed to get neighbor interface %q: %w", neighborLabelValue, err)
+		}
+		return fmt.Errorf("could not verify neighbor adjacency: neighbor interface %q not found: %w", neighborLabelValue, err)
+	}
+
+	log := ctrl.LoggerFrom(ctx, "LLDP validation", klog.KObj(intf))
+
+	remoteDevice, err := deviceutil.GetOwnerDevice(ctx, r, remoteIntf)
+	if err != nil {
+		n.Validation = v1alpha1.NeighborValidationError
+		return fmt.Errorf("could not find the device owning interface %q: %w", remoteIntf.Name, err)
+	}
+
+	if remoteDevice.Status.Hostname == "" {
+		n.Validation = v1alpha1.NeighborValidationError
+		return fmt.Errorf("the neighbor device does not have a hostname yet, cannot validate adjacency: neighborInterface=%q", remoteIntf.Name)
+	}
+
+	if remoteDevice.Status.Hostname != n.SystemName {
+		n.Validation = v1alpha1.NeighborDeviceMismatch
+		log.V(0).Info("the neighbor device hostname does not match", "expected", n.SystemName, "actual", remoteDevice.Status.Hostname)
+		return nil
+	}
+
+	if remoteIntf.Spec.Name != n.PortID {
+		n.Validation = v1alpha1.NeighborInterfaceMismatch
+		log.V(0).Info("the neighbor interface name does not match", "expected", n.PortID, "actual", remoteIntf.Spec.Name)
+		return nil
+	}
+
+	n.Validation = v1alpha1.NeighborVerified
+
+	return nil
+}
+
+func (r *InterfaceReconciler) validateLLDPAdjacencyThroughAnnotation(ctx context.Context, intf *v1alpha1.Interface, n *v1alpha1.Neighbor) error {
+	neighborAnnotationValue, ok := intf.Annotations[v1alpha1.PhysicalInterfaceNeighborRawAnnotation]
+	if !ok {
+		n.Validation = v1alpha1.NeighborValidationUndefined
+		return nil
+	}
+
+	remoteDeviceID, remotePortID, ok := strings.Cut(neighborAnnotationValue, "::")
+	if !ok || remoteDeviceID == "" || remotePortID == "" {
+		n.Validation = v1alpha1.NeighborValidationError
+		return fmt.Errorf("invalid neighbor annotation value %q, expected format is <deviceIdentifier>::<portID>", neighborAnnotationValue)
+	}
+
+	log := ctrl.LoggerFrom(ctx, "LLDP validation", klog.KObj(intf))
+	if remoteDeviceID != n.ChassisID && remoteDeviceID != n.SystemName {
+		n.Validation = v1alpha1.NeighborDeviceMismatch
+		log.V(0).Info("the neighbor device identifier does not match", "annotationValue", remoteDeviceID, "chassisID", n.ChassisID, "systemName", n.SystemName)
+		return nil
+	}
+
+	if remotePortID != n.PortID {
+		n.Validation = v1alpha1.NeighborInterfaceMismatch
+		log.V(0).Info("the neighbor port identifier does not match", "annotationValue", remotePortID, "portID", n.PortID)
+		return nil
+	}
+
+	n.Validation = v1alpha1.NeighborVerified
+	return nil
+}
+
 func (r *InterfaceReconciler) reconcileIPv4(ctx context.Context, s *scope) (provider.IPv4, error) {
 	switch {
 	case len(s.Interface.Spec.IPv4.Addresses) > 0:
 
@@ -0,0 +1,111 @@
+// SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package core
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/ironcore-dev/network-operator/api/core/v1alpha1"
+)
+
+var _ = Describe("Interface Controller - LLDP Neighbor", func() {
+	Context("When reconciling an interface with LLDP neighbor information", func() {
+		var (
+			name string
+			key  client.ObjectKey
+		)
+
+		BeforeEach(func() {
+			By("Creating a Device resource for testing")
+			device := &v1alpha1.Device{
+				ObjectMeta: metav1.ObjectMeta{
+					GenerateName: "test-interface-lldp-",
+					Namespace:    metav1.NamespaceDefault,
+				},
+				Spec: v1alpha1.DeviceSpec{
+					Endpoint: v1alpha1.Endpoint{
+						Address: "192.168.10.2:9339",
+					},
+				},
+			}
+			Expect(k8sClient.Create(ctx, device)).To(Succeed())
+			name = device.Name
+			key = client.ObjectKey{Name: name, Namespace: metav1.NamespaceDefault}
+		})
+
+		AfterEach(func() {
+			By("Cleaning up all Interface resources")
+			Expect(k8sClient.DeleteAllOf(ctx, &v1alpha1.Interface{}, client.InNamespace(metav1.NamespaceDefault))).To(Succeed())
+
+			device := &v1alpha1.Device{}
+			err := k8sClient.Get(ctx, key, device)
+			Expect(err).NotTo(HaveOccurred())
+
+			By("Cleaning up the test Device resource")
+			Expect(k8sClient.Delete(ctx, device, client.PropagationPolicy(metav1.DeletePropagationForeground))).To(Succeed())
+		})
+
+		It("Should populate LLDP neighbor information in interface status", func() {
+			By("Configuring the test provider to return LLDP neighbor information")
+			testProvider.SetLLDPNeighbor("Ethernet1/1", "neighbor-switch", "00:11:22:33:44:55", "Ethernet1/1", 120)
+
+			By("Creating a Physical Interface resource")
+			intf := &v1alpha1.Interface{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      name,
+					Namespace: metav1.NamespaceDefault,
+				},
+				Spec: v1alpha1.InterfaceSpec{
+					DeviceRef:  v1alpha1.LocalObjectReference{Name: name},
+					Name:       "Ethernet1/1",
+					AdminState: v1alpha1.AdminStateUp,
+					Type:       v1alpha1.InterfaceTypePhysical,
+				},
+			}
+			Expect(k8sClient.Create(ctx, intf)).To(Succeed())
+
+			By("Verifying the controller populates the LLDP neighbor information in status")
+			Eventually(func(g Gomega) {
+				resource := &v1alpha1.Interface{}
+				g.Expect(k8sClient.Get(ctx, key, resource)).To(Succeed())
+				g.Expect(resource.Status.Neighbors).NotTo(BeEmpty())
+				g.Expect(resource.Status.Neighbors[0].SystemName).To(Equal("neighbor-switch"))
+				g.Expect(resource.Status.Neighbors[0].ChassisID).To(Equal("00:11:22:33:44:55"))
+				g.Expect(resource.Status.Neighbors[0].PortID).To(Equal("Ethernet1/1"))
+				g.Expect(resource.Status.Neighbors[0].ExpirationTime).NotTo(BeNil())
+			}).Should(Succeed())
+		})
+
+		It("Should handle interface without LLDP neighbor", func() {
+			By("Creating a Physical Interface resource without LLDP neighbor configured")
+			intf := &v1alpha1.Interface{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      name,
+					Namespace: metav1.NamespaceDefault,
+				},
+				Spec: v1alpha1.InterfaceSpec{
+					DeviceRef:  v1alpha1.LocalObjectReference{Name: name},
+					Name:       "Ethernet1/2",
+					AdminState: v1alpha1.AdminStateUp,
+					Type:       v1alpha1.InterfaceTypePhysical,
+				},
+			}
+			Expect(k8sClient.Create(ctx, intf)).To(Succeed())
+
+			By("Verifying the neighbor field is nil when no LLDP neighbor exists")
+			Eventually(func(g Gomega) {
+				resource := &v1alpha1.Interface{}
+				g.Expect(k8sClient.Get(ctx, key, resource)).To(Succeed())
+				g.Expect(resource.Status.Conditions).NotTo(BeEmpty())
+				// Neighbors should be empty when no LLDP neighbor exists
+				if len(resource.Status.Neighbors) > 0 {
+					g.Expect(resource.Status.Neighbors[0].SystemName).To(BeEmpty())
+				}
+			}).Should(Succeed())
+		})
+	})
+})
@@ -422,40 +422,48 @@ func (r *LLDPReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager)
 		return fmt.Errorf("failed to create label selector predicate: %w", err)
 	}
 
-	c := ctrl.NewControllerManagedBy(mgr).
+	bldr := ctrl.NewControllerManagedBy(mgr).
 		For(&v1alpha1.LLDP{}).
 		Named("lldp").
 		WithEventFilter(filter)
 
 	for _, gvk := range v1alpha1.LLDPDependencies {
 		obj := &unstructured.Unstructured{}
 		obj.SetGroupVersionKind(gvk)
-		c = c.Watches(
+
+		bldr = bldr.Watches(
 			obj,
 			handler.EnqueueRequestsFromMapFunc(r.mapProviderConfigToLLDP),
 			builder.WithPredicates(predicate.ResourceVersionChangedPredicate{}),
 		)
 	}
 
-	// Watches enqueues LLDPs for updates in referenced Device resources.
-	// Triggers on update events when the Paused spec field changes.
-	c = c.Watches(
-		&v1alpha1.Device{},
-		handler.EnqueueRequestsFromMapFunc(r.deviceToLLDPs),
-		builder.WithPredicates(predicate.Funcs{
-			UpdateFunc: func(e event.UpdateEvent) bool {
-				oldDevice := e.ObjectOld.(*v1alpha1.Device)
-				newDevice := e.ObjectNew.(*v1alpha1.Device)
-				// Only trigger when Paused spec field changes.
-				return oldDevice.Spec.Paused != newDevice.Spec.Paused
-			},
-			GenericFunc: func(e event.GenericEvent) bool {
-				return false
-			},
-		}),
-	)
-
-	return c.Complete(r)
+	return bldr.
+		// Watches enqueues LLDPs for updates in referenced Device resources.
+		// Triggers on update events when the Paused spec field changes.
+		Watches(
+			&v1alpha1.Device{},
+			handler.EnqueueRequestsFromMapFunc(r.deviceToLLDPs),
+			builder.WithPredicates(predicate.Funcs{
+				UpdateFunc: func(e event.UpdateEvent) bool {
+					oldDevice := e.ObjectOld.(*v1alpha1.Device)
+					newDevice := e.ObjectNew.(*v1alpha1.Device)
+					// Only trigger when Paused spec field changes.
+					return oldDevice.Spec.Paused != newDevice.Spec.Paused
+				},
+				GenericFunc: func(e event.GenericEvent) bool {
+					return false
+				},
+			}),
+		).
+		// Watches enqueues LLDPs for updates in referenced Interface resources.
+		// This ensures LLDP reconciles when a referenced Interface is created or updated.
+		Watches(
+			&v1alpha1.Interface{},
+			handler.EnqueueRequestsFromMapFunc(r.interfaceToLLDPs),
+			builder.WithPredicates(predicate.ResourceVersionChangedPredicate{}),
+		).
+		Complete(r)
 }
 
 func (r *LLDPReconciler) mapProviderConfigToLLDP(ctx context.Context, obj client.Object) []reconcile.Request {
@@ -534,3 +542,41 @@ func (r *LLDPReconciler) deviceToLLDPs(ctx context.Context, obj client.Object) [
 
 	return requests
 }
+
+// interfaceToLLDPs is a [handler.MapFunc] to be used to enqueue requests for reconciliation
+// for LLDPs when a referenced Interface is created or updated.
+func (r *LLDPReconciler) interfaceToLLDPs(ctx context.Context, obj client.Object) []ctrl.Request {
+	intf, ok := obj.(*v1alpha1.Interface)
+	if !ok {
+		panic(fmt.Sprintf("Expected an Interface but got a %T", obj))
+	}
+
+	log := ctrl.LoggerFrom(ctx, "Interface", klog.KObj(intf))
+
+	list := new(v1alpha1.LLDPList)
+	if err := r.List(ctx, list,
+		client.InNamespace(intf.Namespace),
+		client.MatchingLabels{v1alpha1.DeviceLabel: intf.Spec.DeviceRef.Name},
+	); err != nil {
+		log.Error(err, "Failed to list LLDPs")
+		return nil
+	}
+
+	var requests []ctrl.Request
+	for _, lldp := range list.Items {
+		for _, ifRef := range lldp.Spec.InterfaceRefs {
+			if ifRef.Name == intf.Name {
+				log.V(2).Info("Enqueuing LLDP for reconciliation", "LLDP", klog.KObj(&lldp))
+				requests = append(requests, ctrl.Request{
+					NamespacedName: client.ObjectKey{
+						Name:      lldp.Name,
+						Namespace: lldp.Namespace,
+					},
+				})
+				break
+			}
+		}
+	}
+
+	return requests
+}