Thanks for your work @fohdeesha !
After a long delay, I just restarted my project. Following your documentation was clear with no problems. I'm ready to go install now.
I'm very grateful for your work.
Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
After a long delay, I just restarted my project. Following your documentation was clear with no problems. I'm ready to go install now.
I'm very grateful for your work.
I have requested ICX7750 u-boot source code from Ruckus... Let's see.
EDIT: The support isn't willing to help. Escalating to the legal team now.
EDIT: The support isn't willing to help. Escalating to the legal team now.
Last edited:
Let's see how you go. I got nowhere without a support contract. They didn't respond to any contact unless it was initiated from a support ticket.
Ruckus do seem receptive to requests from customers, so if someone here has a 7750 under support and made the request for you then I'm guessing they'd add it to their queue and publish some source on sourceforge in a few months.
My experience, with the XClaim and ZD1200 source drops, is that they're overly aggressive with scrubbing their IP from the published source. It looks like their modus operandi is to remove all source files with a Ruckus copyright and then patch up the remaining source so it still builds. Of course this isn't how the GPL works. So even after they publish you'll probably have a few months of pointing out missing functionality and waiting for a revised drop which adds some of this back.
yeah, but I'm willing to escalate this, possibly to the uboot authors themselves.
I don't care about their support contract shitshow, GPL is GPL
[cheering from the sidelines]
Hi all,
Not sure how this happened by I'm getting the following message when I ssh into my switch:
client_input_hostkeys: received duplicated ssh-rsa host key
I've delete the entries for the switch in my .ssh/known_hosts files and have tried deleting and reissuing the keys on the switch using the below commands but it hasn't stopped the message I'm seeing above. Any ideas?
Not sure how this happened by I'm getting the following message when I ssh into my switch:
client_input_hostkeys: received duplicated ssh-rsa host key
I've delete the entries for the switch in my .ssh/known_hosts files and have tried deleting and reissuing the keys on the switch using the below commands but it hasn't stopped the message I'm seeing above. Any ideas?
Code:
crypto key zeroize
crypto key generate rsa modulus 2048Thanks! I wasn't sure what the mechanism was and the licensing bits at the start of the thread didn't mention specifically, so I thought i would ask. Thank you again and happy new year!
I'm embarking on my first adventure into the world of multi-GB networking and have a few questions regarding interconects for my new equipment.
Please excuse my ignorance.
I recently ordered a 6610-24p-e and a couple 649281-B21 HP cards that I plan to flash to the -fcbt firmware.
1 card will be in my opnsense box and 1 in my main server. Other systems will get 10gb x560 cards.
I believe so far that I will be able to use the 40g qsfp+ ports on the 6610 to connect to the cx3 cards.
Will the following work for interconnection?
Brocade transceivers:
Lot of 4 Brocade 57-1000267-01 XBR-000232 4 x 16GB QSFP SW 100M | eBay
Would I also need Mellanox transceivers?
Dell Mellanox 2MJ5F 40Gbps Ethernet QSFP 850nm Transceiver 02MJ5F #96629# | eBay
Are these 2 transceivers compatible?
Do I need OMx lc-lc fiber or mpt/mpo?
If these aren't good choices can someone please suggest better options?
Thanks in advance,
Atomicwerks
Please excuse my ignorance.
I recently ordered a 6610-24p-e and a couple 649281-B21 HP cards that I plan to flash to the -fcbt firmware.
1 card will be in my opnsense box and 1 in my main server. Other systems will get 10gb x560 cards.
I believe so far that I will be able to use the 40g qsfp+ ports on the 6610 to connect to the cx3 cards.
Will the following work for interconnection?
Brocade transceivers:
Lot of 4 Brocade 57-1000267-01 XBR-000232 4 x 16GB QSFP SW 100M | eBay
Would I also need Mellanox transceivers?
Dell Mellanox 2MJ5F 40Gbps Ethernet QSFP 850nm Transceiver 02MJ5F #96629# | eBay
Are these 2 transceivers compatible?
Do I need OMx lc-lc fiber or mpt/mpo?
If these aren't good choices can someone please suggest better options?
Thanks in advance,
Atomicwerks
bottom of the first post talks about mpt/mpo.
you dont mention distance needed.
DAC and AOC may be simpler solutions if the cable path and distance work.
Personally i've made the decision to just pull single mode in my house. more flexibility on speed in the future.
xver's cost a bit more but i'm not buying that many and saves hassle.
Ok, so if I understand this right, the mpo is needed to breakout the 40g into 4x 10g. Please correct me if I'm wrong.
In my case, I won't be using the breakouts for the time being as i won't even be able to fill the front 8.
You mention DAC or AOC. I looked into them a bit and DAC would work for my 40g connections since it's all in the same cabinet so runs are short.
Do you have a recommendation for dac cables that work with both the brocade and cx3 cards?
If I went with SM OS2 lc-lc would the transceivers I listed work for that?
soo pretty sure that youre xvers are multi-mode mpt/mpo .
also that brocade one makes me think FC based on speed dunno if that translates to ethernet.
In any case they look like multi-mode not sm.
if you want transceivers and sm patches you need to look for ones that specify lc connector and should have LR in the name or description and wavelength will likely be 1310.
FWIW and from a simplicity standpoint.
you might also consider 40gbe to 10gbe QSFP TO SFP+ DAC or AOC breakouts for in-rack 10gbe before using up your front SFP+ cages which are a bit more flexible for media types and you wont be messing with mpt/mpo cables. DAC breakouts seem to be running $25-$45USD for short distances. AOC for longer distances seem to be 60 and up. The dac breakouts are very cost effective for 10gbe in-rack runs.
reminder. you have 2 40gbe qsfp and 2 40gbe to 4 X 10gbe breakouts - these configurations cannot be changed.
@fohdeesha
FWIW, I started digging around in the UFI file format from Ruckus, specifically because I wanted to extract the packages
The first 84 bytes of a Ruckus Firmware image are some kind of header. From this header you can reconstruct another table, which has a number of packages with a specific size each and an offset where this table is located.
For SPR08095mufi.bin for example, this is
Although it doesn't make sense to read size_per_package from the header, as it's hardcoded as 42 in the rest of the Ruckus code...
size_per_package is the size of each entry in the package table in bytes.
Each entry has:
2 bytes of whatever - maybe a version? (acc 2)
32 bytes for the package file name, should be zero terminated, so 31 characters + '0' byte (acc 34)
4 bytes for the offset of the package in the file after the table - this is a BIG ENDIAN coded uint32 (don't ask me why it's big endian) (acc 38)
4 bytes for the filesize of the package - - this is a BIG ENDIAN coded uint32 (don't ask me why it's big endian) (acc 42)
For SPR08095mufi.bin, this gives:
I can share the code which directly extracts the files if you want. Allows you to extract current, most up to date bootloaders and stuff like that.
Just tested the extractor - Successfully extracts spz10118.bin from SPR08090mcufi.bin (tested by comparing MD5 hash of extracted file and known good file from archive)
FWIW, I started digging around in the UFI file format from Ruckus, specifically because I wanted to extract the packages
The first 84 bytes of a Ruckus Firmware image are some kind of header. From this header you can reconstruct another table, which has a number of packages with a specific size each and an offset where this table is located.
For SPR08095mufi.bin for example, this is
Code:
size_per_package: 42
num_packages: 13
pkg_table_start_offset: 512
pkg_table_size: size_per_package * num_packages = 546size_per_package is the size of each entry in the package table in bytes.
Each entry has:
2 bytes of whatever - maybe a version? (acc 2)
32 bytes for the package file name, should be zero terminated, so 31 characters + '0' byte (acc 34)
4 bytes for the offset of the package in the file after the table - this is a BIG ENDIAN coded uint32 (don't ask me why it's big endian) (acc 38)
4 bytes for the filesize of the package - - this is a BIG ENDIAN coded uint32 (don't ask me why it's big endian) (acc 42)
For SPR08095mufi.bin, this gives:
Code:
size_per_package: 42
num_packages: 13
pkg_table_start_offset: 512
pkg_table_size: 546
index = 0
entry_offset_in_pkg_table = 0
pkg_file_offset_after_table = 0
total_file_offset = 1058
fileName = SPR08095m.bin
fileSize = 33554432
index = 1
entry_offset_in_pkg_table = 42
pkg_file_offset_after_table = 33554432
total_file_offset = 33555490
fileName = SPR08095m.sig
fileSize = 256
index = 2
entry_offset_in_pkg_table = 84
pkg_file_offset_after_table = 33554688
total_file_offset = 33555746
fileName = spz10126.bin
fileSize = 786944
index = 3
entry_offset_in_pkg_table = 126
pkg_file_offset_after_table = 34341632
total_file_offset = 34342690
fileName = mnz10126.bin
fileSize = 786944
index = 4
entry_offset_in_pkg_table = 168
pkg_file_offset_after_table = 35128576
total_file_offset = 35129634
fileName = Python-2.7.13.tar.gz
fileSize = 7329468
index = 5
entry_offset_in_pkg_table = 210
pkg_file_offset_after_table = 42458044
total_file_offset = 42459102
fileName = httpPkg.tar.gz
fileSize = 4944796
index = 6
entry_offset_in_pkg_table = 252
pkg_file_offset_after_table = 47402840
total_file_offset = 47403898
fileName = dhcp-4.2.5-P1.tar.gz
fileSize = 739706
index = 7
entry_offset_in_pkg_table = 294
pkg_file_offset_after_table = 48142546
total_file_offset = 48143604
fileName = perf-4.4.tar.gz
fileSize = 503799
index = 8
entry_offset_in_pkg_table = 336
pkg_file_offset_after_table = 48646345
total_file_offset = 48647403
fileName = protobuf-c-1.3.1.tar.gz
fileSize = 174130
index = 9
entry_offset_in_pkg_table = 378
pkg_file_offset_after_table = 48820475
total_file_offset = 48821533
fileName = python2-protobuf-3.7.0-1-aarch6
fileSize = 551692
index = 10
entry_offset_in_pkg_table = 420
pkg_file_offset_after_table = 49372167
total_file_offset = 49373225
fileName = python2-six-1.12.0-1-any.pkg.ta
fileSize = 19732
index = 11
entry_offset_in_pkg_table = 462
pkg_file_offset_after_table = 49391899
total_file_offset = 49392957
fileName = FileMgrPkg.tar.gz
fileSize = 3782445
index = 12
entry_offset_in_pkg_table = 504
pkg_file_offset_after_table = 53174344
total_file_offset = 53175402
fileName = logmgrPkg.tar.gz
fileSize = 7612128Just tested the extractor - Successfully extracts spz10118.bin from SPR08090mcufi.bin (tested by comparing MD5 hash of extracted file and known good file from archive)
Last edited:
Hi everyone, I'm trying to replace my existing managed but dumb switch with an ICX to set up a LAG to extend the bandwidth of my firewall from 1GbE to 4GbE.
However, when I connect the firewall LAN interface (or confirmed working LAG ports) on the switch, devices don't seem to be picking up IP addresses from the pfSense firewall (10.10.10.1).
Needless to say I'm new to advanced switch configs. Am I missing something really obvious here? Below is my switch config.
However, when I connect the firewall LAN interface (or confirmed working LAG ports) on the switch, devices don't seem to be picking up IP addresses from the pfSense firewall (10.10.10.1).
Needless to say I'm new to advanced switch configs. Am I missing something really obvious here? Below is my switch config.
Code:
!
Startup-config data location is flash memory
!
Startup configuration:
!
ver 08.0.95hT213
!
stack unit 1
module 1 icx7150-c12-poe-port-management-module
module 2 icx7150-2-copper-port-2g-module
module 3 icx7150-2-sfp-plus-port-20g-module
!
lag pfSense dynamic id 1
lacp-timeout long
ports ethe 1/1/9 to 1/1/12
!
!
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
!
vlan 20 name IOT_VLAN20 by port
tagged lag 1
!
vlan 30 name VPN_VLAN30 by port
tagged lag 1
!
vlan 40 name CLRNET_VLAN40 by port
tagged lag 1
!
aaa authentication web-server default local
aaa authentication login default local
enable aaa console
hostname roadrunner
ip dns server-address 1.1.1.1
no ip forward-protocol udp
no ip load-sharing
no ip rarp
ip route 0.0.0.0/0 10.10.10.1
ip router-id 10.10.10.10
no ip source-route
!
logging host 10.10.10.11 udp-port 6514
no telnet server
username super password .....
!
snmp-server community ..... ro
snmp-server community ..... ro
!
clock summer-time
!
ntp
disable serve
server 10.10.10.1
!
web-management https
!
manager registrar
!
manager port-list 987
!
interface ethernet 1/3/1
speed-duplex 1000-full
!
interface ve 1
ip address 10.10.10.10 255.255.255.0
!
!
ip ssh idle-time 0
!
endI'm not particularly competent at reading these things, but it looks like you don't have your LAG within vlan 1. So the ICX router doesn't know where 10.10.10.1 is from VE 1.
I believe you want to add "deploy" to your LAG configuration.
I believe you want to add either "tagged lag 1" or "untagged lag 1" (or "un/tagged eth 1/1/9 to 1/1/12") to your vlan 1.
Alternately, you want the ICX to only do L2 and you're trying to do all the routing on the pfSense, in which case you need to add those ports to vlans 20, 30, 40.
I believe you want to add "deploy" to your LAG configuration.
I believe you want to add either "tagged lag 1" or "untagged lag 1" (or "un/tagged eth 1/1/9 to 1/1/12") to your vlan 1.
Alternately, you want the ICX to only do L2 and you're trying to do all the routing on the pfSense, in which case you need to add those ports to vlans 20, 30, 40.
Hi thanks. I was under the impression all ports were by default untagged vlan 1. This seems to be the case when I tried it including lg1. No luck unfortunately.
on my 6610, I have to enable dual-mode to allow both tagged and untagged ports.
hey, most of this is covered here the header with package count and offsets is the standard FIT image type/standard Extracting Firmware - Fohdeesha Docs although I haven't had time to add UFI specific stuff
No, this can't be standard FIT, because the header I parse is located BEFORE the FIT (D0 0D FE ED), in the region which you strip away (hence the necessity to strip the start of the image)
The UFI format is a mixture of FIT + proprietary extensions, this is why there's a special binary called "process_packages" which is responsible for installing the packages, for SPR0809mcufi.bin it's
Code:
dhcp-4.2.5-P1.tar.gz
httpPkg.tar.gz
protobuf-c-1.3.1.tar.gz
python2-protobuf-3.7.0-1-aarch6
FileMgrPkg.tar.gz
logmgrPkg.tar.gz
perf-4.4.tar.gz
Python-2.7.13.tar.gz
python2-six-1.12.0-1-any.pkg.ta
Last edited:
Dual mode is no longer a thing. It seems they removed it since FastIron 80.0.80. I think the VLANs setup is correct and the problem lies more with DHCP somehow. I found something about IP helper but that only seems to be available for Ports, not LAGs.