Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

snclawson

Member
Feb 7, 2013
46
18
8
all icx6xxx series are marvell, icx7xxx is broadcom. If I recall correctly up-n-atom and I found the hidden debug shell, it required a bunch of u-boot args to get the system to boot in a state where it was allowed. What are you trying to do that's not exposed through the regular cli?
Just interested in poking around and seeing how they've implemented things. My`day job' has consisted of writing software for switches that have mainly had Broadcom ASICs in them (including the Helix4 that the 7250 uses), so I'm somewhat familiar with poking around the ASIC registers via bshell (`bshell' being the `Broadcom shell' that comes as part of their SDK). =)
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,491
2,668
113
31
fohdeesha.com
If you're familiar with IDA Pro or Ghidra, the fastiron binary extracted from their firmware decompiles really nicely in them - can see pretty much all the broadcom registers and a ton of the SDK etc (this is how we found the shell enable commands in the first place)
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,491
2,668
113
31
fohdeesha.com
from our old notes:

Code:
FastIron or ICX
doesn't utilize config.bcm but instead has the config embedded in the
binary, I've at least found the code responsible at 0x0036CE24 and
will be able to parse out a config.bcm for SONiC. Fan, Temp, and PSU
should be straightforward since the kernel already contains a NCT7802Y
driver and it would just be a matter of probing the 3x PCA9557, 2x
DS100DF41 and also the CPLD.

I've also found the u-boot env check at 0x00014818 and the vars are:

nopolicer
debugoncrash
nocoredump
nofiapp
memdebug
mgmtdebug
mgmtpromisc
remotedebug
noautostart
nomod
nosoftwatchdog
enabletelnet
skiperror
storeforward
sildebug
disablefpga
disableautouboot
no_cpldauto_upd
disable-pkttest
enable-pkttest
en-pkttest-log
enable-tnls-reboot
enable-gpio-debug
enable-i2c-debug

They can shed a lot of info, for ex. sildebug enables all the nitty
gritty printouts for the FastIron binary itself
 
  • Like
Reactions: tommybackeast

OKGolombRuler

New Member
Mar 13, 2020
15
6
3
@fohdeesha - Licensing question. I see "Premium", "Advanced", and "Premium to Advanced", but after searching this forum ("premium AND advanced") and some modestly-enthusiastic googling, all I've been able to figure as the *potential* difference between licensing levels is
"
• BGP4, BGP4+(IPv6)
• GRE
• IPv6 over IPv4 tunnels
• VRF (IPv4 and IPv6)
" which seem to be in the 'advanced' but not(?) the premium.

Can you confirm my understanding, or expand on what functionality your free licenses do/not enable?
 

RoachedCoach

Member
Feb 4, 2020
29
34
13
Could you post some pics?

Also, where did you source these from? I found the Mechatronics only at digikey and the Sunon at Mouser - not both at one. Then again, I do have some parts I have to get some Mouser anyways... :)
I've got it racked up so don't want to pull it back out for pics, but to the rest of your questions:

I purchased the Sunon from Mouser and the Mechatronics from Digikey - just as you said. Agreed - it's lame they aren't both at one...but it beats getting knock-offs.

So far as mounting the Sunon, just place it on top of the existing heat sink and put some screws in the pre-drilled holes on the Sunon wide enough to grab onto the heatsink. There's probably cleaner ways to do it but it's very secure. For the 48P you may need to angle the fan slightly to avoid the Molex on the PoE board, but it'll fit.
 
  • Like
Reactions: eduncan911

Fallen Kell

Member
Mar 10, 2020
45
14
8
no, and it shouldn't be that loud, I can't hear mine over an R720. do the fan spins way down after boot, and what revision are the power supplies?
Both power supplies are rev A.

On another note, anyone know where I can find compatible rack mount ears for this switch?
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,491
2,668
113
31
fohdeesha.com
@fohdeesha - Licensing question. I see "Premium", "Advanced", and "Premium to Advanced", but after searching this forum ("premium AND advanced") and some modestly-enthusiastic googling, all I've been able to figure as the *potential* difference between licensing levels is
"
• BGP4, BGP4+(IPv6)
• GRE
• IPv6 over IPv4 tunnels
• VRF (IPv4 and IPv6)
" which seem to be in the 'advanced' but not(?) the premium.

Can you confirm my understanding, or expand on what functionality your free licenses do/not enable?
several years ago the premium and advanced license were merged into one - either license fully unlocks ALL the layer 3 features. It doesn't even matter though, as the OP says PM me for full licenses
 

Bjorn Smith

Well-Known Member
Sep 3, 2019
502
266
63
48
r00t.dk
Just did a FAN mod on my new Brocade ICX 6450-24P - at what point should I revert the mod and put the original fans back?

I put in Noctua NF A4x20 Flex (12v)

What is a realistic "good enough" temperature to be running at 24/7?

This is output from "sh chassis" - after having been idle for around 2 hours at my desk (temperatur seems to have stabilized here)

Code:
SSH@brocade>show chassis
The stack unit 1 chassis info:

Power supply 1 (NA - AC - PoE) present, status ok
Power supply 2 not present

Fan 1 ok, speed (auto): [[1]]<->2
Fan 2 ok, speed (auto): [[1]]<->2

Fan controlled temperature: 55.0 deg-C

Fan speed switching temperature thresholds:
                Speed 1: NM<----->64       deg-C
                Speed 2:       59<-----> 88 deg-C (shutdown)

Sensor B Temperature Readings:
        Current temperature : 49.0 deg-C
Sensor A Temperature Readings:
        Current temperature : 55.0 deg-C
        Warning level.......: 78.0 deg-C
        Shutdown level......: 88.0 deg-C
BTW:

Will this console cable work with the switch?

USB TO RJ45 Serial Console Cable Express Net USB Cable for Cisco Routers FTDI UK 602168380156 | eBay
 
Last edited:

umass1966

New Member
Nov 2, 2019
8
8
3
can you help with this issue.

Thanks to serve the home and this thread in particular i have moved from a Netgear R78oo router and a bunch of netgear unmanaged switches to a Juniper SRX300 firewall, Ruckus ICX7150-c12p Switch and Ruckus R710 AP.

My current physical configuration is cable modem ( Cisco DCP3008. It is in bridge mode. ) to SRX300 via ethernet cable. then srx300 to Ruckus switch via another ethernet cable. Then all devices ( wired ) including Ruckus AP attached to Ruckus Switch . DHCP is done by SRX300.

From a best practices and security point of view is there a better way of physical configuration ? All advice much appreciated. Thanks.
 

kapone

Well-Known Member
May 23, 2015
1,056
627
113
can you help with this issue.

Thanks to serve the home and this thread in particular i have moved from a Netgear R78oo router and a bunch of netgear unmanaged switches to a Juniper SRX300 firewall, Ruckus ICX7150-c12p Switch and Ruckus R710 AP.

My current physical configuration is cable modem ( Cisco DCP3008. It is in bridge mode. ) to SRX300 via ethernet cable. then srx300 to Ruckus switch via another ethernet cable. Then all devices ( wired ) including Ruckus AP attached to Ruckus Switch . DHCP is done by SRX300.

From a best practices and security point of view is there a better way of physical configuration ? All advice much appreciated. Thanks.
Best practice for what? Home networking? Self hosting? High availability? Ease of maintenance?

Security from which perspective? The average script kiddie or a state actor? Internal security? External security? Device isolation?

Just hooking up a few parts together is child's play. What comes before (planning and design) and after (automation/monitoring/alerts) is what differentiates a well-designed network from a poorly designed one. The equipment is a very small part of that.
 

GhettoSuperstar

New Member
Mar 12, 2020
5
0
1
Replace all 3 rear fans with the Mechatronics MR4020X12B1-RSR fan. They will read just fine in CLI. Then add a Sunon MF60101V3-1000U-A99 fan to the ASIC heat sink (you'll still have around 1/3" to spare in the case, plenty). Wire it in with Fan 3. All the fans are reduced load vs stock so they won't draw too much and the Sunon only has power and ground, so doesn't affect the read on Fan 3.
Thanks for providing an update. I am like you with the exception that I have to sleep next to my rack. Quick Question: How did you get the MR4020X12B1-RSR and Digikey shows them out of stock. I understand I need three wire, but I only see the two wire in stock.
 

umass1966

New Member
Nov 2, 2019
8
8
3
Best practice for what? Home networking? Self hosting? High availability? Ease of maintenance?

Security from which perspective? The average script kiddie or a state actor? Internal security? External security? Device isolation?

Just hooking up a few parts together is child's play. What comes before (planning and design) and after (automation/monitoring/alerts) is what differentiates a well-designed network from a poorly designed one. The equipment is a very small part of that.
Thanks for your response. To answer some of the questions.
Best practice for home networking. Will not self host. High availability and ease of maintenance are not important to me.
Security perspective average script kiddie. only external security. no device isolation
 

OKGolombRuler

New Member
Mar 13, 2020
15
6
3
several years ago the premium and advanced license were merged into one - either license fully unlocks ALL the layer 3 features. It doesn't even matter though, as the OP says PM me for full licenses
Yep, and I will; just thought you offered premium not advanced and wanted to make sure I knew what I was buying. :) Thanks for the quick response! Look for me in your inbox in a couple weeks, my 6610 order is placed!
 

RoachedCoach

Member
Feb 4, 2020
29
34
13
Thanks for providing an update. I am like you with the exception that I have to sleep next to my rack. Quick Question: How did you get the MR4020X12B1-RSR and Digikey shows them out of stock. I understand I need three wire, but I only see the two wire in stock.
Ah, they were in stock when I purchased a few weeks ago. Ugh. Yes, you def want the 3 wire.

Hopefully they come back in stock again soon.

You would be able to sleep next to this
 
  • Like
Reactions: GhettoSuperstar

kapone

Well-Known Member
May 23, 2015
1,056
627
113
Thanks for your response. To answer some of the questions.
Best practice for home networking. Will not self host. High availability and ease of maintenance are not important to me.
Security perspective average script kiddie. only external security. no device isolation
There's more than one way to setup a good home network with the equipment you've mentioned, but there's nothing wrong with how you've done it.

As long as you have good firewall rules, you should be fine.
 
  • Like
Reactions: fohdeesha

umass1966

New Member
Nov 2, 2019
8
8
3
There's more than one way to setup a good home network with the equipment you've mentioned, but there's nothing wrong with how you've done it.

As long as you have good firewall rules, you should be fine.
In my configuration i attached the AP to the Ruckus Switch ( Because of POE ). Does it make more sense to attach to the SRX300 firewall directly ( i have a POE injector )

Is it better to do DHCP in the SRX300 then the Ruckus switch.

Thanks
 

kapone

Well-Known Member
May 23, 2015
1,056
627
113
In my configuration i attached the AP to the Ruckus Switch ( Because of POE ). Does it make more sense to attach to the SRX300 firewall directly ( i have a POE injector )

Is it better to do DHCP in the SRX300 then the Ruckus switch.

Thanks
And hence my point about "planning and design". There's no better or worse. It's a question of what works for you.

- Do you need to do firewalling between internal networks?
- Are you comfortable with the brocade command line?
- Do you have devices that may not play nice with the Brocade's DHCP?
- etc etc.

That's the planning and design phase.
 
  • Like
Reactions: tommybackeast

umass1966

New Member
Nov 2, 2019
8
8
3
And hence my point about "planning and design". There's no better or worse. It's a question of what works for you.

- Do you need to do firewalling between internal networks?
- Are you comfortable with the brocade command line?
- Do you have devices that may not play nice with the Brocade's DHCP?
- etc etc.

That's the planning and design phase.
Thanks. I have got some thinking to do
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,491
2,668
113
31
fohdeesha.com
Just did a FAN mod on my new Brocade ICX 6450-24P - at what point should I revert the mod and put the original fans back?

I put in Noctua NF A4x20 Flex (12v)

What is a realistic "good enough" temperature to be running at 24/7?

This is output from "sh chassis" - after having been idle for around 2 hours at my desk (temperatur seems to have stabilized here)

Code:
SSH@brocade>show chassis
The stack unit 1 chassis info:

Power supply 1 (NA - AC - PoE) present, status ok
Power supply 2 not present

Fan 1 ok, speed (auto): [[1]]<->2
Fan 2 ok, speed (auto): [[1]]<->2

Fan controlled temperature: 55.0 deg-C

Fan speed switching temperature thresholds:
                Speed 1: NM<----->64       deg-C
                Speed 2:       59<-----> 88 deg-C (shutdown)

Sensor B Temperature Readings:
        Current temperature : 49.0 deg-C
Sensor A Temperature Readings:
        Current temperature : 55.0 deg-C
        Warning level.......: 78.0 deg-C
        Shutdown level......: 88.0 deg-C
BTW:

Will this console cable work with the switch?

USB TO RJ45 Serial Console Cable Express Net USB Cable for Cisco Routers FTDI UK 602168380156 | eBay
that cable will work and that is running plenty cool, if it heats up it will just spin the fans up to speed 2 to compensate, but it's not even near that temp yet
 
  • Like
Reactions: Bjorn Smith