Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Discussion in 'Networking' started by fohdeesha, Jul 12, 2018.

  1. tommybackeast

    tommybackeast Active Member

    Joined:
    Jun 10, 2018
    Messages:
    143
    Likes Received:
    35
    a basic VLAN question : I have a ICX 6450-24p and have just been using it for a 10GB Switch, while using none of other features. I had planned to learn VLANS, more networking this summer; but Life occurred.

    I currently use a simple Asus-Merlin consumer router/AP.

    I am now looking to get a 1U appliance to run pfSense on.

    Please note I am a network noob - I had thought that since the 6450 is a Layer 3 Switch; that I should make the VLANs on the Switch; but am now reading it is "cleaner" and easier for a network rookie to make VLANs on the pfSense appliance.

    Thus, question: in simple words, can someone explain the Pros/Cons of setting up VLANs on the pfSense appliance vs setting them up on the 6450 Brocade switch?
     
    #2181
  2. BobTB

    BobTB New Member

    Joined:
    Jul 19, 2019
    Messages:
    16
    Likes Received:
    3
    In the guide for flashing the firmware ther is ICX6430 / ICX6450 section, since I have two ICX6430, can I actually flash the ICX64R08030t.bin to it? Is there also ICX64S08030t.bin ?
     
    #2182
  3. infoMatt

    infoMatt Member

    Joined:
    Apr 16, 2019
    Messages:
    40
    Likes Received:
    18
    No advantage or disadvantage: if you want L2 isolation, you have to define VLANs on both pfSense and the switches, otherwise the clients will all be on the same broadcast domain.

    VLAN are layer 2 topology... i.e. even a plain managed layer2 switch can understand and manage VLAN; the advantage of a L3 switch is that it can route (at line speed) between vlan, instead of having to loop the traffic to the router/firewall and back to the switch again ("router on a stick") tagged with another VLAN.
    Instructions of how to define VLAN on pfSense is out of this topic, you can start by watching some video tutorials, it not difficult.

    If you want to use the switch in L3 mode, you have to define a virtual interface on each VLAN, each one with it's own IP address, and use it as the default gateway for the client in that network; to avoid having full routing visibility you'll have to dig through ACLs; there are some examples in this thread.

    "R" firmware does support the L3/routing features, the "S" one is just for layer 2 (ie. VLAN)... there's no advantage of using the S version on the 6450, apart for a slight reduction on image size and maybe a couple of seconds at boot...
    On the 6430, as it doesn't have routing capabilities, I'd flash the S version (the same as the software it should have now...); a nicer question would be: flashing a router-capable firmware would brick it? Onestly, I don't know, sorry :(
     
    #2183
    Last edited: Aug 24, 2019
    tommybackeast likes this.
  4. tommybackeast

    tommybackeast Active Member

    Joined:
    Jun 10, 2018
    Messages:
    143
    Likes Received:
    35
    [QUOTE="; the advantage of a L3 switch is that it can route (at line speed) between vlan, instead of having to loop the traffic to the router/firewall and back to the switch again ("router on a stick") tagged with another VLAN. :([/QUOTE]


    That makes sense, thanks
     
    #2184
  5. Wolfstar

    Wolfstar Member

    Joined:
    Nov 28, 2015
    Messages:
    60
    Likes Received:
    28
    I just had a thread on Reddit about this subject, if you want to dig more. Note that @infoMatt is absolutely correct - VLANs are Layer 2 technology, so you'll have to configure on the switch anyhow. What you're reading about being "easier" is routing between VLANs, which is another (though related) subject. Go read the thread, I wrote a bunch of stuff on the topic going back and forth with the original poster. Should help explain the pros and cons.

    VLANs for Dummies : homelab
     
    #2185
    tommybackeast likes this.
  6. BobTB

    BobTB New Member

    Joined:
    Jul 19, 2019
    Messages:
    16
    Likes Received:
    3
    The problem is, that in the zip files on the "how to" site there is no S firmware. I found a firmware on the ruckus website, but it is version 08030r which is older than 08030t. Does aoyone knows where I can get the latest "S" firmware?
     
    #2186
  7. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    1,385
    Likes Received:
    1,115
    #2187
    tommybackeast likes this.
  8. nerdalertdk

    nerdalertdk Fleet Admiral

    Joined:
    Mar 9, 2017
    Messages:
    133
    Likes Received:
    52
    The ICX7250-48p should have BGP, if i read this right ?

    Q. Does the Brocade ICX 7250 have Layer 3 capabilities?
    A. All Brocade ICX 7250 models, except the Brocade ICX 7250-24G, have IPv4 and IPv6 Layer 3 capabilities:

    • Base Layer 3 routing: Available in Brocade ICX 7250* models, with no license required. It includes IPv4 and IPv6 static routes and routing between directly connected subnets.

    • Premium Layer 3 routing: Adds IPv4/IPv6 static and dynamic routes with RIPv1/v2/RIPng announce, VRRP, and OSPFv2/v3. It also includes unicast routing protocols, such as PIM, and rich Layer 3 features, such as Policy-Based Routing (PBR), VRRP, and VRRP-E. Additionally, BGP, VRF capabilities, and IPv4-over-IPv6 tunneling features are included.

    • Layer 3 IPv6 and multicast routing: Will be available, with the Premium Layer 3 routing, in a future software release.


    Source : https://www.proficomms.cz/files/datasheets/Brocade/brocade-icx-7250-faq.pdf
     
    #2188
  9. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    1,385
    Likes Received:
    1,115
    That's probably an old page before they decided to not include it, but they 100% do not have bgp
     
    #2189
  10. tommybackeast

    tommybackeast Active Member

    Joined:
    Jun 10, 2018
    Messages:
    143
    Likes Received:
    35
    Nothing to do with topic at hand, I was just re-reading some old documentation you wrote up on the 6450 and simply wished to compliment you on how clearly you write documentation.
     
    #2190
    mathiastro and fohdeesha like this.
  11. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    1,385
    Likes Received:
    1,115
    Thanks! always open to suggestions
     
    #2191
  12. dwright1542

    dwright1542 Active Member

    Joined:
    Dec 26, 2015
    Messages:
    356
    Likes Received:
    68
    So I've rolled a bunch of these out in stacks, and I can now confirm that I have a stack which is exhibiting the same behavior. If I tag VLAN's on 1/2/2 or 2/2/2 the whole port goes south. BOTH switches.
     
    #2192
  13. Wolfstar

    Wolfstar Member

    Joined:
    Nov 28, 2015
    Messages:
    60
    Likes Received:
    28
    ICX stacking ports when used to stack are non-configurable. If I had to guess, the fact that you're tagging ports on a stacked port is taken by the switch to mean stacking should be disabled. I would personally think that the opposite would be true (toss an error because can't configure stacked ports) but that's not how they work it.

    This doesn't seem related at all to the error issue you're referencing; pretty sure @fohdeesha was right on that one and it was a faulty ASIC/switch.
     
    #2193
  14. dwright1542

    dwright1542 Active Member

    Joined:
    Dec 26, 2015
    Messages:
    356
    Likes Received:
    68
    The 40G only ports are still stacked, 1/2/2 to 1/2/5 and 1/2/7 to 1/2/10, 2/2/2 to 2/2/5 and 2/2/7 to 2/2/10 are setup as breakouts, unstacked. Like I said, I've done a mess of these, and these are the first ones to show this EXACT behavior. It's very odd.
     
    #2194
  15. Wolfstar

    Wolfstar Member

    Joined:
    Nov 28, 2015
    Messages:
    60
    Likes Received:
    28
    Are you getting the ASIC errors too?

    Gotta admit, we've seen issues with OS bugs on stacking ports in some of the 08.0.30 code, but I thought that was cleared in the versions most of us are running, and we're seeing it on 7450s at work. Manifests differently, but I wouldn't be surprised if you're seeing an IOS bug that's rare as hell.
     
    #2195
  16. dwright1542

    dwright1542 Active Member

    Joined:
    Dec 26, 2015
    Messages:
    356
    Likes Received:
    68
    I'm not familiar with how to see the ASIC errors...I don't see them in the logs. Although on bootup, I did see the same QSFP error.
     
    #2196
  17. Wolfstar

    Wolfstar Member

    Joined:
    Nov 28, 2015
    Messages:
    60
    Likes Received:
    28
    Yep, the QSFP+ error was what I was referring to. A few replies down from the one you quoted earlier, Fohdeesha mentions that "chow" was the codename for the Marvell ASIC used in the switch.
     
    #2197
  18. dwright1542

    dwright1542 Active Member

    Joined:
    Dec 26, 2015
    Messages:
    356
    Likes Received:
    68
    You know a way to show that boot log after the fact?
     
    #2198
  19. Wolfstar

    Wolfstar Member

    Joined:
    Nov 28, 2015
    Messages:
    60
    Likes Received:
    28
    I don't, sadly. If anyone would, @fohdeesha would know but I'm not sure if there is a way.
     
    #2199
  20. fohdeesha

    fohdeesha Kaini Industries

    Joined:
    Nov 20, 2016
    Messages:
    1,385
    Likes Received:
    1,115
    if you're seeing qsfp and/or chow errors on boot there's definitely something defective, the question is how defective. apparently only enough to show up when you mix stack and non stack 40g ports. Don't think the 6610's save boot logs anywhere
     
    #2200
Similar Threads: Brocade Series
Forum Title Date
Networking [SOLVED] Help Needed - Brocade ICX 6450 + Ruckus R720 Nov 25, 2019
Networking Brocade ICX 6610 - what does dhcp-client enable do? Nov 19, 2019
Networking MikroTik CSS326-24G-2S+RM vs Brocade ICX6450-24 Nov 1, 2019
Networking Brocade ICX6450-24P vs Aruba S2500-24P for Homelab Sep 22, 2019
Networking Brocade VDX 6720 - what do I need to know? Sep 16, 2019

Share This Page