Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[iotapi322]

That'd depend on the modem, here's the SB8200 config, looks like it's LACP.

You'd want to tag your 10g port as well, something like
vlan 10
tag eth 1/3/1

That would get your WAN link online for PFsense. It looks like your LAN is untagged, are you intending to have the WAN/LAN share the same 10g port?

Yes, that's the plan... so the ix0 interface should do all the LAN port stuff and ix0.10 should do all the WAN stuff.

SSH@switchpoe(config)#show vlan
Total PORT-VLAN entries: 2
Maximum PORT-VLAN entries: 64

Legend: [Stk=Stack-Id, S=Slot]

PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree Off
 Untagged Ports: (U1/M1)   1   2   3   4   5   6   7   8   9  10  11  12
 Untagged Ports: (U1/M1)  13  14  15  16  17  18  19  20  21  22  23  24
 Untagged Ports: (U1/M1)  25  26  27  28  29  30  31  32  33  34  35  36
 Untagged Ports: (U1/M1)  37  38  39  40  41  42  43  44  45  46
 Untagged Ports: (U1/M2)   1   2   3
   Tagged Ports: None
   Uplink Ports: None
 DualMode Ports: (U1/M2)   4
 Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 10, Name CM_WAN, Priority level0, Spanning tree Off
 Untagged Ports: (U1/M1)  47  48
   Tagged Ports: (U1/M2)   4
   Uplink Ports: None
 DualMode Ports: None
 Mac-Vlan Ports: None
     Monitoring: Disabled

 

[gsrfan01]

so the ix0 interface should do all the LAN port stuff and ix0.10 should do all the WAN stuff.

I had the dual-mode config typed out but noticed you have that already. They looks like it should probably be working.

 

[iotapi322]

Ok I Finally got it working....
A lot of fickle stuff going on here. I DID in fact have to use dynamic lag not static and I had to reboot the modem and restart pfsense lots of times. Also had a lot of problems getting DNS working for some crazy reason... very strange. I haven't turned on any buffer bloat settings. I've been using IPFIRE as my firewall router, but i'm going to play around with pfsense to see if they fixed their QoS controls.

 

[gsrfan01]

Ok I Finally got it working....
A lot of fickle stuff going on here. I DID in fact have to use dynamic lag not static and I had to reboot the modem and restart pfsense lots of times. Also had a lot of problems getting DNS working for some crazy reason... very strange. I haven't turned on any buffer bloat settings. I've been using IPFIRE as my firewall router, but i'm going to play around with pfsense to see if they fixed their QoS controls.

Rebooting a bunch makes sense, I know my modem won't hand out an IP to another MAC address without a reboot.

For what it's worth, I think OPNsense is a bit better virtualized and you can get various tools like XCP-NG's and VMware's as packages. Might be worth looking into if you're not sold on PFsense.

The DNS bit is strange, can't say I've seen that before.

 

[pktrab]

This is probably a stupid question, but will the ICX6450 do BGP v4 & v6, and sustain a full table?

 

[gsrfan01]

This is probably a stupid question, but will the ICX6450 do BGP v4 & v6, and sustain a full table?

Based on the breakdown of the switches, it looks like you need the ICX6610 to do BGP.

 

[ljvb]

Yep, use a spare VLAN without a router interface defined on it, use it as the native/untagged VLAN (if your ethernet handoff doesn't require a tagged VLAN, I don't know the details of the FiOS offer) on a port connected to the ISP and as a tagged VLAN on the router-on-a-stick

thats exactly what I did. It worked when I used my local network to pull an IP. But won’t pull from Verizon when I connect it directly to that port on the same vlan. I’ll have to see if VZ is still binding to specific Mac addresses. I used to have to force the MAC address to be the same as whatever initially pulled an IP. I’m also not sure if that will translate across the vlan. (Will VZ see the Mac of the switch port or the machine trying to pull that IP it’s why I wanted to bridge two ports. )

 

[ljvb]

I should probably note that I am also using sr-iov and setup 5 VFs per 10G nic interface.

 

[infoMatt]

This is probably a stupid question, but will the ICX6450 do BGP v4 & v6, and sustain a full table?

No BGP on the 6450.

 

[fohdeesha]

a full table on a 90 dollar switch lmao can you imagine how easy my life would be

 

[fohdeesha]

thats exactly what I did. It worked when I used my local network to pull an IP. But won’t pull from Verizon when I connect it directly to that port on the same vlan. I’ll have to see if VZ is still binding to specific Mac addresses. I used to have to force the MAC address to be the same as whatever initially pulled an IP. I’m also not sure if that will translate across the vlan. (Will VZ see the Mac of the switch port or the machine trying to pull that IP it’s why I wanted to bridge two ports. )

the switch doesn't have any MAC address for verizon to see if you've made it a separate vlan with no VE/IP interfaces in it, and you have discovery protocols like lldp/fdp/cdp turned off

 

[Pestx]

Hello, I have a GPON SFP and I'd like to connect to it via its internal IP, for testing purposes (how to backup partition, flash it, etc.)
Problem is that I don't have anything (equipment to connect the fiber) to plug in it for the moment. On old Cisco switchs I remember that there was a no keepalive command that forced the port to get up even if nothing was connected to it.
Is there a way to do the same on Icx platform ? I tried to find on my own but my research was a failure

 

[infoMatt]

Hello, I have a GPON SFP and I'd like to connect to it via its internal IP, for testing purposes (how to backup partition, flash it, etc.)
Problem is that I don't have anything (equipment) to plug in it for the moment. On old Cisco switchs I remember that there was a no keepalive command that forced the port to get up even if nothing was connected to it.
Is there a way to do the same on Icx platform ? I tried to find on my own but my research was a failure

Can you specify the ONT model number?
The ones I've seen are basically an OpenWRT-stick packaged inside a SFP module, so as long as it's plugged in it has an interface up; the management interface runs on the native VLAN and the broadband connection is available on one (or more) tagged VLAN.

But I think that for messing up with the internal OS you might need a JTAG or similar connection, that can provide also power for the embedded electronics.

 

[Pestx]

It's a Nokia/Alcatel G-010S-A. When I plug it in my ICX it stays down.
SSH@leswitch#show run interface ethernet 1/3/4
SSH@leswitch#

no conf on port just untag Vlan, and port stays down:

SSH@leswitch#show interfaces ethernet 1/3/4   
10GigabitEthernet1/3/4 is down, line protocol is down
  Port down for 227 day(s) 6 hour(s) 41 minute(s) 30 second(s)
  Hardware is 10GigabitEthernet, address is 609c.9f44.68dc (bia 609c.9f44.6902)
  Interface type is 1Gig LX SFP
  Configured speed 1Gbit, actual unknown, configured duplex fdx, actual unknown
  Member of L2 VLAN ID 1, port is untagged, port state is BLOCKING

So SFP is recognized.

I though it would be up/down, but it stays down/down. Did the ones you saw behave like this ?

 

[infoMatt]

Did the ones you saw behave like this ?

Have you plugged in the fiber? Otherwise, it might be normal that the interface is kept down.

EDIT: it might need some quirks: hwti/G-010S-A

For the SFP to be detected, and/or for the host to give it power, the pin 6 might need to be shorted to the ground.
See Nokia G-010S-A Pin 6 Issue.

 

[Pestx]

I have no equipment to plug the fiber in (yet), that's why I wanted to try to force it up. Apparently on some device, you can connect to it, even with no fiber plugged in it. I'll look at the link you provided and try to eventually solder it if needed. Thank you.

Edit: I tried with another old switch and it works without any fiber. I think this ONU needs to be soldered to work with the ICX.

 

[ncarlson42]

Is there a way to use the breakout ports on the 6610 to connect a qsfp+ to qsfp+ connection but get 4x10gb instead of 40gb like the other two ports? I have seen qsfp+ cables that say they are for 4x10gb but have qsfp+ on both ends. Excuse me for being new to qsfp+ but I am having a hard time finding if that cable will in fact work for me?

 

[NablaSquaredG]

Yes, I also asked this question a couple of pages before, see here:

https://forums.servethehome.com/index.php?threads/brocade-icx-series-cheap-powerful-10gbe-40gbe-switching.21107/page-272#post-302362

Only caveat: Both sides need to support 4x10G breakout mode

 

[NateS]

Does anyone know if the 6610 can do 2.5/5gbe when paired with an NbaseT-capable SFP+ module? It sounds like a lot of the newer 10GBaseT modules support that (i.e. some of the ones listed here: https://www.servethehome.com/sfp-to-10gbase-t-adapter-module-buyers-guide/), but I can't seem to find a definitive answer if the switch needs to support it too, or if any switch capable of using the module will work.

 

[bbqdt]

Does anyone know if the 6610 can do 2.5/5gbe when paired with an NbaseT-capable SFP+ module? It sounds like a lot of the newer 10GBaseT modules support that (i.e. some of the ones listed here: https://www.servethehome.com/sfp-to-10gbase-t-adapter-module-buyers-guide/), but I can't seem to find a definitive answer if the switch needs to support it too, or if any switch capable of using the module will work.

https://forums.servethehome.com/index.php?threads/gbase-t-transceivers-performance-with-nbase-t-marvell-88x3300-v-s-aquantia-aqs-107.30004/