Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

blinkenlights

Active Member
May 24, 2019
160
75
28
7450 has lower bandwidth than 6610 but the newer software, lower power, and higher power PoE ports are pretty nice in certain applications. I agree with you that you need to find one that has the modules already otherwise it isn't worth it.
@fohdeesha and I discussed this privately a while ago. Either platform (Broadcom or Marvell) will meet the needs of most everyone with 1/10 GbE devices. If you are really bumping into performance limitations on either one, there are better options available like Arista.

When I rebuilt my home network, my main considerations were: number/type of ports and ongoing software support (bug and security fixes). Ongoing support made ICX7xxx an easy choice; don't forget that the ICX6xxx switches were designated EOL/EOS in mid-2018 and the last update of the 8030 codetrain was in 2020. For ports, either 7250 or 7450 fit the bill. I started out with an abused ICX7250 that apparently lived in a hot IDF closet in Florida, but quickly replaced it with two 7450s.. the modularity (spare parts) made more sense for when the 7450 eventually goes EOL.
 

jbrukardt

Member
Feb 4, 2016
73
34
18
88
it seems the "beef king" 6610s are dirt cheap now, like 50 bucks on average on ebay. Other than being EOLed and a bit power hungry is there a catch im missing?
 

jbrukardt

Member
Feb 4, 2016
73
34
18
88
How do you tell what models have POE+. The model #s are the same, are all models capable and it just depends on the power supply?
 

blinkenlights

Active Member
May 24, 2019
160
75
28
How do you tell what models have POE+. The model #s are the same, are all models capable and it just depends on the power supply?
You're not missing anything. If you are comfortable with the age of the switch and don't need/want any new features of the 809x or 9xxx codetrains, get yourself a nice switch. In fact, get two.. when I priced out buying individual spare parts (PSU, fan, port modules) it was just as expensive to buy a fully kitted out switch.

On the POE+ question, those models have a "P" at the end - see page 6 of the datasheet: https://www.dataswitchworks.com/datasheets/switches/brocade-icx-6610-ds.pdf
 
  • Like
Reactions: donedeal19

jbrukardt

Member
Feb 4, 2016
73
34
18
88
awesome, thanks! The 6610 is definitely a bit old codewise, but way newer than what ive got (avaya 4548gt-pwr) and the multitude of 10gbit availability will be nice
 

clcorbin

Member
Feb 15, 2014
35
6
8
it seems the "beef king" 6610s are dirt cheap now, like 50 bucks on average on ebay. Other than being EOLed and a bit power hungry is there a catch im missing?
I use two of them stacked, one in the garage and one in my "hobby room" closet. The only extra downside to these switches has to be the noise. They are a bit noisy on low fan speed, but the instant they hit 75C (and that is pretty easy...), the fans will spool up to 18,000rpm+ and they sound like a jet getting ready to take off (ok, slight exaggeration). Then, 10 to 15 seconds later, they drop back down for a bit.

How bad this is all depends on where you are placing them and how sensitive to noise you are. These sort of things don't bother me TOO much, but I will say, I have purchased a nice piece of 1/8" plexiglass to make a new cover and allow me to place the 120mm fans on top of the hot spots. I'll also build a pulse generator/fan monitor out of attiny45 8 pin MCU to give me a nice fan header and to keep the switch happy. I'll probably leave the fans in the power supplies alone (I want to keep them cool and on low speed, they are not too bad) but pull the 4 fans out of the two fan trays and feed in the signal from the pulse generator to them.

Overall, I am very happy with the upgrade from my Aruba S3500 stack. The Brocade is definitely a LOT more capable and flexible hardware. Not to mention the 16 10Gb ports on each of them...
 

clcorbin

Member
Feb 15, 2014
35
6
8
Break out port issue. I've configured the switch to use the two 40G ports for stacking and the other two QSFP ports as breakout ports. Stacking works great. I've setup 2/2/2 to 2/2/3 as tagged ports and each one connects to one of two servers. Same with ports 2/2/7 to 2/2/8. They connect perfectly at 10Gb and the two activity lights for the ports are all on and working perfectly.

The other four (ok, 2 times 2) break out ports are setup as untagged on a specific VLAN for management (overkill, but I have the ports, so...). And they do NOT work at all. To verify the ESXI side of things (and to have management access), I have configured one of the front 10Gb ports on the same VLAN and connected it to the primary server in place of the breakout cable. It connects and runs perfectly fine.

Here is the port configuration for the non working breakout port (2/2/4) and working front port (2/3/5):
Code:
blah(config)#sh int eth 2/2/4
  10GigabitEthernet 2/2/4 is down, line protocol is down
  Port down for 7 day(s) 17 hour(s) 50 minute(s) 29 second(s)
  Hardware is   10GigabitEthernet , address is blah (bia blah)
  Configured speed 10Gbit, actual unknown, configured duplex fdx, actual unknown
  Configured mdi mode AUTO, actual unknown
  Member of L2 VLAN ID blah, port is untagged, port state is BLOCKING
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled, Openflow Hybrid mode is Disabled,  Flow Control is config enabled, oper enabled, negotiation disabled
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  Not member of any active trunks
  Not member of any configured trunks
  Port name is blah
  MTU 1500 bytes, encapsulation ethernet
  300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
  300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
  0 packets input, 0 bytes, 0 no buffer
  Received 0 broadcasts, 0 multicasts, 0 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  100183 packets output, 16651186 bytes, 0 underruns
  Transmitted 69827 broadcasts, 28642 multicasts, 1714 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0               97212                   0
    1                   0                   0
    2                   0                   0
    3                   0                   0
    4                   0                   0
    5                2971                   0
    6                   0                   0
    7                   0                   0
blah(config)#sh int eth 2/3/5
10GigabitEthernet2/3/5 is up, line protocol is up
  Port up for 18 minute(s) 25 second(s)
  Hardware is 10GigabitEthernet, address is blah (bia blah)
  Interface type is 10Gig SFP+
  Configured speed 10Gbit, actual 10Gbit, configured duplex fdx, actual fdx
  Member of L2 VLAN ID blah, port is untagged, port state is FORWARDING
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled, Openflow Hybrid mode is Disabled,  Flow Control is enabled
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  Not member of any active trunks
  Not member of any configured trunks
  Port name is blah
  MTU 1500 bytes, encapsulation ethernet
  300 second input rate: 58576 bits/sec, 8 packets/sec, 0.00% utilization
  300 second output rate: 24432 bits/sec, 10 packets/sec, 0.00% utilization
  5230063 packets input, 4533116887 bytes, 0 no buffer
  Received 228 broadcasts, 22742 multicasts, 5207093 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  6132363 packets output, 1738716258 bytes, 0 underruns
  Transmitted 1425193 broadcasts, 1397917 multicasts, 3309253 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0             5234343                   0
    1                   0                   0
    2                   0                   0
    3              859073                   0
    4                  40                   0
    5               17163                   0
    6               21744                   0
    7                   0                   0
The stack configuration from show run:
Code:
stack unit 1
  module 1 icx6610-48p-poe-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
  no legacy-inline-power
  stack-port 1/2/1 1/2/6
stack unit 2
  module 1 icx6610-48p-poe-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
  no legacy-inline-power
  priority 200
  stack-port 2/2/1 2/2/6
stack enable
stack mac blah
!
Finally, show interface brief unit 2:
Code:
2/2/1      Up      Forward Full 40G   None  No  N/A  0   
2/2/2      Up      Forward Full 10G   None  Yes N/A  0 
2/2/3      Up      Forward Full 10G   None  Yes N/A  0 
2/2/4      Down    None    None None  None  No  blah   0 
2/2/5      Down    None    None None  None  No  blah   0 
2/2/6      Up      Forward Full 40G   None  No  N/A  0 
2/2/7      Up      Forward Full 10G   None  Yes N/A  0 
2/2/8      Up      Forward Full 10G   None  Yes N/A  0 
2/2/9      Down    None    None None  None  No  blah   0 
2/2/10     Down    None    None None  None  No  blah   0 
<snip>
2/3/5      Up      Forward Full 10G   None  No  blah   0
Once more, I suspect it is something simple and obvious that I am missing. My gut says it has to be in the breakout port configuration, but they APPEAR to be the same as the working front 10Gb port, so I'm doubting my gut right now. Is there an issue with trying to run some of the breakout ports tagged and others untagged?

Any help would be greatly appreciated, even if you have to start the reply with "Hey knucklehead, did you notice ...!"

Regards,

clcorbin
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,551
2,748
113
31
fohdeesha.com
Break out port issue. I've configured the switch to use the two 40G ports for stacking and the other two QSFP ports as breakout ports. Stacking works great. I've setup 2/2/2 to 2/2/3 as tagged ports and each one connects to one of two servers. Same with ports 2/2/7 to 2/2/8. They connect perfectly at 10Gb and the two activity lights for the ports are all on and working perfectly.

The other four (ok, 2 times 2) break out ports are setup as untagged on a specific VLAN for management (overkill, but I have the ports, so...). And they do NOT work at all. To verify the ESXI side of things (and to have management access), I have configured one of the front 10Gb ports on the same VLAN and connected it to the primary server in place of the breakout cable. It connects and runs perfectly fine.

Here is the port configuration for the non working breakout port (2/2/4) and working front port (2/3/5):
Code:
blah(config)#sh int eth 2/2/4
  10GigabitEthernet 2/2/4 is down, line protocol is down
  Port down for 7 day(s) 17 hour(s) 50 minute(s) 29 second(s)
  Hardware is   10GigabitEthernet , address is blah (bia blah)
  Configured speed 10Gbit, actual unknown, configured duplex fdx, actual unknown
  Configured mdi mode AUTO, actual unknown
  Member of L2 VLAN ID blah, port is untagged, port state is BLOCKING
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled, Openflow Hybrid mode is Disabled,  Flow Control is config enabled, oper enabled, negotiation disabled
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  Not member of any active trunks
  Not member of any configured trunks
  Port name is blah
  MTU 1500 bytes, encapsulation ethernet
  300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
  300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
  0 packets input, 0 bytes, 0 no buffer
  Received 0 broadcasts, 0 multicasts, 0 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  100183 packets output, 16651186 bytes, 0 underruns
  Transmitted 69827 broadcasts, 28642 multicasts, 1714 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0               97212                   0
    1                   0                   0
    2                   0                   0
    3                   0                   0
    4                   0                   0
    5                2971                   0
    6                   0                   0
    7                   0                   0
blah(config)#sh int eth 2/3/5
10GigabitEthernet2/3/5 is up, line protocol is up
  Port up for 18 minute(s) 25 second(s)
  Hardware is 10GigabitEthernet, address is blah (bia blah)
  Interface type is 10Gig SFP+
  Configured speed 10Gbit, actual 10Gbit, configured duplex fdx, actual fdx
  Member of L2 VLAN ID blah, port is untagged, port state is FORWARDING
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled, Openflow Hybrid mode is Disabled,  Flow Control is enabled
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  Not member of any active trunks
  Not member of any configured trunks
  Port name is blah
  MTU 1500 bytes, encapsulation ethernet
  300 second input rate: 58576 bits/sec, 8 packets/sec, 0.00% utilization
  300 second output rate: 24432 bits/sec, 10 packets/sec, 0.00% utilization
  5230063 packets input, 4533116887 bytes, 0 no buffer
  Received 228 broadcasts, 22742 multicasts, 5207093 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  6132363 packets output, 1738716258 bytes, 0 underruns
  Transmitted 1425193 broadcasts, 1397917 multicasts, 3309253 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0             5234343                   0
    1                   0                   0
    2                   0                   0
    3              859073                   0
    4                  40                   0
    5               17163                   0
    6               21744                   0
    7                   0                   0
The stack configuration from show run:
Code:
stack unit 1
  module 1 icx6610-48p-poe-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
  no legacy-inline-power
  stack-port 1/2/1 1/2/6
stack unit 2
  module 1 icx6610-48p-poe-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
  no legacy-inline-power
  priority 200
  stack-port 2/2/1 2/2/6
stack enable
stack mac blah
!
Finally, show interface brief unit 2:
Code:
2/2/1      Up      Forward Full 40G   None  No  N/A  0  
2/2/2      Up      Forward Full 10G   None  Yes N/A  0
2/2/3      Up      Forward Full 10G   None  Yes N/A  0
2/2/4      Down    None    None None  None  No  blah   0
2/2/5      Down    None    None None  None  No  blah   0
2/2/6      Up      Forward Full 40G   None  No  N/A  0
2/2/7      Up      Forward Full 10G   None  Yes N/A  0
2/2/8      Up      Forward Full 10G   None  Yes N/A  0
2/2/9      Down    None    None None  None  No  blah   0
2/2/10     Down    None    None None  None  No  blah   0
<snip>
2/3/5      Up      Forward Full 10G   None  No  blah   0
Once more, I suspect it is something simple and obvious that I am missing. My gut says it has to be in the breakout port configuration, but they APPEAR to be the same as the working front 10Gb port, so I'm doubting my gut right now. Is there an issue with trying to run some of the breakout ports tagged and others untagged?

Any help would be greatly appreciated, even if you have to start the reply with "Hey knucklehead, did you notice ...!"

Regards,

clcorbin
reboot the stack (both switches) once the breakout cable is connected on both ends (to the icx's and to your hypervisor hardware). hopefully it will come up after the switch reboot
 

clcorbin

Member
Feb 15, 2014
35
6
8
reboot the stack (both switches) once the breakout cable is connected on both ends (to the icx's and to your hypervisor hardware). hopefully it will come up after the switch reboot
I will give that a try this evening before bed. Thanks!
 

Wolfcastle

Member
Jan 3, 2022
46
22
8
I use two of them stacked, one in the garage and one in my "hobby room" closet. The only extra downside to these switches has to be the noise. They are a bit noisy on low fan speed, but the instant they hit 75C (and that is pretty easy...), the fans will spool up to 18,000rpm+ and they sound like a jet getting ready to take off (ok, slight exaggeration). Then, 10 to 15 seconds later, they drop back down for a bit.

How bad this is all depends on where you are placing them and how sensitive to noise you are. These sort of things don't bother me TOO much, but I will say, I have purchased a nice piece of 1/8" plexiglass to make a new cover and allow me to place the 120mm fans on top of the hot spots. I'll also build a pulse generator/fan monitor out of attiny45 8 pin MCU to give me a nice fan header and to keep the switch happy. I'll probably leave the fans in the power supplies alone (I want to keep them cool and on low speed, they are not too bad) but pull the 4 fans out of the two fan trays and feed in the signal from the pulse generator to them.

Overall, I am very happy with the upgrade from my Aruba S3500 stack. The Brocade is definitely a LOT more capable and flexible hardware. Not to mention the 16 10Gb ports on each of them...
If you want some pointers on the fan mod, take a look at my earlier post in this thread, the whole mod is painless to do. My 6610 and my 7450 (see other thread) are both happily running for months now. My PC is louder than my switches now.
 
  • Like
Reactions: clcorbin

frogtech

Well-Known Member
Jan 4, 2016
1,433
242
63
34
Because...?
My guess would be because it's another vector for potential attack not because there's anything inherently insecure about it (or less insecure than usual for HTTPS)

Of course, I'm saying that without being aware of any prior information that would suggest ruckus web interface has a vulnerability in it
 
Last edited:

clcorbin

Member
Feb 15, 2014
35
6
8
reboot the stack (both switches) once the breakout cable is connected on both ends (to the icx's and to your hypervisor hardware). hopefully it will come up after the switch reboot
As always, you are the man! I was able to reboot the stack this afternoon and everything is working like a champ now.
 
  • Like
Reactions: fohdeesha

ms264556

Member
Sep 13, 2021
78
55
18
I can't decide if this guy is what the Irish would call "touched", or if he's maliciously trying to force CommScope to sic lawyers onto Fohdeesha...

 
  • Like
Reactions: Vesalius

ptaylor

New Member
Apr 8, 2022
10
0
1
I can't decide if this guy is what the Irish would call "touched", or if he's maliciously trying to force CommScope to sic lawyers onto Fohdeesha...

Sorry - I didn't mean to upset anyone.

I'm neither "touched" or trying to be malicious.

Someone PM'ed me there, so I've edited my message to remove the Fohdeesha link, not even referencing anything vague like "finding it on the Internet", since it's not exactly hard to find this if you take a few minutes to look.

It's my understanding that Ruckus doesn't care what you do with their Unleashed stuff - you don't need any further licenses to use it, software updates are free, and since they own Brocade (and there is interoperability to some degree between their unleashed controller and Brocade switches) I legitimately wondered if they were equally fine with these licenses being distributed this way. This might be seen as theft by some companies, but more enlightened ones might see it as a way to get future generations of network engineers familiar with their brand and their hardware by using it at home, especially since it's EOL'ed.
 

Vesalius

Active Member
Nov 25, 2019
215
155
43
I can't decide if this guy is what the Irish would call "touched", or if he's maliciously trying to force CommScope to sic lawyers onto Fohdeesha...

Sent him a PM on that forum assuming it was done out of ignorance and not malice, but we will see if he deletes.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,551
2,748
113
31
fohdeesha.com
Sorry - I didn't mean to upset anyone.

I'm neither "touched" or trying to be malicious.

Someone PM'ed me there, so I've edited my message to remove the Fohdeesha link, not even referencing anything vague like "finding it on the Internet", since it's not exactly hard to find this if you take a few minutes to look.

It's my understanding that Ruckus doesn't care what you do with their Unleashed stuff - you don't need any further licenses to use it, software updates are free, and since they own Brocade (and there is interoperability to some degree between their unleashed controller and Brocade switches) I legitimately wondered if they were equally fine with these licenses being distributed this way. This might be seen as theft by some companies, but more enlightened ones might see it as a way to get future generations of network engineers familiar with their brand and their hardware by using it at home, especially since it's EOL'ed.
The licenses in this guide are for the EoL models that no longer have licenses you can purchase even if you wanted to - ruckus stopped selling these switches and associated licenses when they went EoL, leaving them to become e-waste. Moreover, on the newer non-eol icx7xxx series, they've made the licenses freely usable with honor based licenses you can install by just running "license install"
 

ptaylor

New Member
Apr 8, 2022
10
0
1
The licenses in this guide are for the EoL models that no longer have licenses you can purchase even if you wanted to - ruckus stopped selling these switches and associated licenses when they went EoL, leaving them to become e-waste. Moreover, on the newer non-eol icx7xxx series, they've made the licenses freely usable with honor based licenses you can install by just running "license install"
Sounds like they are probably okay with it then. I've written software and even for-sale PDFs in the past. As such, I try to make sure things I use are licensed properly, as I would want people to do with my software & other publishing.