Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

ljvb

Member
Nov 8, 2015
97
32
18
46
I bought a set, if I get it before the previous poster can test it, I'll give it a shot.
 

ljvb

Member
Nov 8, 2015
97
32
18
46
they'll all work fine, but for proper SR4 optics I prefer the avago's which can be had brand new slightly cheaper Avago 40GB QSFP+ AFBR-79EQPZ Transceiver Parallel Ethernet InfiniBand 850nm 40G 654323094729 | eBay
I picked up two of these (and a 10G dual port pci card, and the 40G to 10G breakout cable someone posted above).

Does the following post still apply to the two Avago modules I picked up for the cabling?
https://forums.servethehome.com/ind...icx6450-icx6610-etc.21107/page-23#post-201367
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,470
2,628
113
31
fohdeesha.com
that post only applies if you're connecting two 40gbE modules together with key up to key down MPO or MTP fiber (which is most of the runs available to purchase). If you;'re using 40gb > 10gb breakout cables it's not necessary.

As for the avago AOC linked on the last page, it works perfectly, was using that exact model for a 4x 10gbE LACP to an lb6m for a little bit
 

ljvb

Member
Nov 8, 2015
97
32
18
46
that post only applies if you're connecting two 40gbE modules together with key up to key down MPO or MTP fiber (which is most of the runs available to purchase). If you;'re using 40gb > 10gb breakout cables it's not necessary.

As for the avago AOC linked on the last page, it works perfectly, was using that exact model for a 4x 10gbE LACP to an lb6m for a little bit
I'm just going to use them to stack two 6610s. The breakout cable I got is just to use one of the 40G ports to connect to my VM and Storage servers (I bought two 593742-001 HP NC523SFP PCIe2.0x8 (2)10GbE SFP+ NIC | eBay)
 

nezach

Active Member
Oct 14, 2012
206
117
43
So this is probably something very simple, but I cannot figure it out.

I have a VLAN 99 with only a single untagged interface 1/1/2 as a member. Interface 1/1/2 is unplugged and is setup for input output monitoring to port 1/1/24. Port 1/1/24 is a single untagged member of VLAN 50. I have laptop connected to 1/1/24 and monitoring traffic with Wireshark.

My assumption is that I should not be seeing any traffic at all in Wireshark, but I am seeing multicast traffic MDNS/SSDP, also ARP and LLDP queries. Some of the multicast traffic is coming from VLANs 20 and 50. How can this be happening?
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,470
2,628
113
31
fohdeesha.com
hard to say without seeing your config. depending on how you set up port mirrors, they bypass vlans and mirror everything, or just certain vlans. also most of that sounds like things generated by the OS itself on the laptop you're using to monitor
 

nezach

Active Member
Oct 14, 2012
206
117
43
Here is relevant config. I don't have any multicast config on the switch, so everything is default. I disabled all other interfaces on laptop as well as IPv6 and IPv4 on the interface I am using to monitor. Wouldn't mirror port just show what comes in/out the monitor port, plus everything is on a separate VLAN, so should be on different broadcast domain.

Code:
vlan 90 by port
 untagged ethe 1/1/24
!
vlan 99 name wan1 by port
 untagged ethe 1/1/2
!
mirror-port ethernet 1/1/24
!
interface ethernet 1/1/2
 mon ethe 1/1/24 both
 

nezach

Active Member
Oct 14, 2012
206
117
43
I removed all mirror/monitor related config, left port 1/1/24 in a separate VLAN, reloaded the switch and there was no traffic showing up in Wireshark (on 1/1/24), just as expected. Then as soon as I entered command "mirror-port ethernet 1/1/24" I started seeing multicast traffic, notice I did not even configure monitor port. Entering "no mirror-port ethernet 1/1/24" removes it from the running config, but the traffic does not stop flowing. I also started seeing some TCP re-transmissions along the multicast traffic.

Documentation does not say anything about "default" traffic flowing to mirror port, and the fact that "no..." command does not reverse the change has me really bewildered.
 

ljvb

Member
Nov 8, 2015
97
32
18
46
Here is relevant config. I don't have any multicast config on the switch, so everything is default. I disabled all other interfaces on laptop as well as IPv6 and IPv4 on the interface I am using to monitor. Wouldn't mirror port just show what comes in/out the monitor port, plus everything is on a separate VLAN, so should be on different broadcast domain.

Code:
vlan 90 by port
 untagged ethe 1/1/24
!
vlan 99 name wan1 by port
 untagged ethe 1/1/2
!
mirror-port ethernet 1/1/24
!
interface ethernet 1/1/2
 mon ethe 1/1/24 both
What is your wireshark bpf filter? Windows has a tendency to be noisy. I have not played with the brocades and port mirroring, but on cisco, the mirrored port sees whatever goes across the port being mirrored, which includes noisy windows. If you want to play with pcap and monitoring ports, I recommend you use linux or freebsd and tcpdump.
 

nezach

Active Member
Oct 14, 2012
206
117
43
What is your wireshark bpf filter? Windows has a tendency to be noisy. I have not played with the brocades and port mirroring, but on cisco, the mirrored port sees whatever goes across the port being mirrored, which includes noisy windows. If you want to play with pcap and monitoring ports, I recommend you use linux or freebsd and tcpdump.
I was running Wireshark on Win box first, but then switched to Linux and results were the same. I am pretty sure it is something on the switch, I just don't know if it is expected behavior or not. The reason I am saying this is because:
  1. monitored port is on an isolated empty vlan
  2. mirror port is on isolated vlan with only Wireshark box connected to it
  3. I am not seeing any traffic until I issue command "mirror-port ethernet 1/1/24"
  4. I am seeing traffic from multiple totally unrelated VLANs that have nothing to do with mirror or monitor ports
  5. All traffic that I am seeing is multicast traffic + some TCP re transmits
I was trying to use mirroring for troubleshooting an issue, but I was able to resolve that issue, so this is not really an issue for me anymore. It would still be nice to figure out why it is happening.
 

ljvb

Member
Nov 8, 2015
97
32
18
46
I was running Wireshark on Win box first, but then switched to Linux and results were the same. I am pretty sure it is something on the switch, I just don't know if it is expected behavior or not. The reason I am saying this is because:
  1. monitored port is on an isolated empty vlan
  2. mirror port is on isolated vlan with only Wireshark box connected to it
  3. I am not seeing any traffic until I issue command "mirror-port ethernet 1/1/24"
  4. I am seeing traffic from multiple totally unrelated VLANs that have nothing to do with mirror or monitor ports
  5. All traffic that I am seeing is multicast traffic + some TCP re transmits
I was trying to use mirroring for troubleshooting an issue, but I was able to resolve that issue, so this is not really an issue for me anymore. It would still be nice to figure out why it is happening.
I'm taking a total guess here.. I literally just picked up two 6610's and configured basic networking this past week. So I have no idea how it is working. I work IT Security, and have significant experience with IDS/IPS and port mirroring.

Again, a guess.. did you setup VE's for each vlan? coul the multicast traffic be coming across the virtual gateways?
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,470
2,628
113
31
fohdeesha.com
will be AFK for the next 2 weeks, crunch time for big local LAN party we run. will answer all these when I return. Last time I used mirroring it worked as expected, at least after moving to linux and properly disabling networking. post your switch config, you might have something putting traffic into that vlan
 
Last edited:

fohdeesha

Kaini Industries
Nov 20, 2016
2,470
2,628
113
31
fohdeesha.com
for v8 running on the icx series

Code:
enable
conf t
lag TO-LB6M dynamic
ports ethernet 1/3/1 e 1/3/2
primary-port 1/3/1
deploy
exit
write mem

#view status
show lag
for v7 running on the LB6M

Code:
enable
conf t
interface ethernet 1 ethernet 2
link-aggregate conf key 10000
link-aggregate active
exit
write mem

#view status
show link-aggregate
starting to wonder why I bothered putting the clear, well written manuals (that include exactly what I wrote above) in the firmware zips