maybe I missed this discussion... what's wrong with PVLANs on the ICX?
The ICX simply put, does not do PVLANs by the actual definition. Words have meanings no matter how much Brocade tried to redefine them.
PVLANs are, and have always been, a VLAN within a VLAN. Specifically to get around the limit of 4095 VLANs. i.e. on an actual PVLAN capable switch, VLAN 2000 is actually a PVLAN that encapsulates VLAN 100-110 so as to not interfere with real VLAN 100.
Isolated VLANs are not PVLANs!! THEY ARE NON-SWITCHING VLANS! NOT THE SAME.
So the actual architecture looks like this:
Code:
+------- Switching/Routing Plane <--> VLAN100-VLAN110
VLAN100 VLAN2000(VLAN100-110)
+-------+------- Switching Plane
VLAN100 VLAN2000(VLAN100-110)
+------- Switching/Routing Plane <--> VLAN100-VLAN110
Yes it's hard to show in ASCII. So have a much more useful image from Juniper.
PVLANs are, by definition, VLAN trunks that encapsulate VLANs. ICX straight up cannot do this. (This should surprise nobody who has looked at the encapsulation or isolation capabilities of any Brocade product.
Especially DCX.) So my ONLY choice is to use tagging. In futile hopes of reducing migraines (and avoid loops) the Junipers aren't doing any ISLs or vchassis either.
And the devices behind the Junipers literally cannot connect to
any ICX due to known defects/lack-of-support with the Ethernet silicon. Juniper is a "divorced" architecture. Juniper is individual Ethernet MAC+PHY to build a fabric, and the 7 series is a fully integrated fabric+Ethernet package using BCM Ethernet. And even getting these devices to talk to the Juniper was a whole
thing. It's straight up impossible with any ICX. You'll find this with a whole lot of older devices that they will not talk to stuff like the ICX 7 series and only spotty with the 6 series, particularly 100bT devices or anything that needs more rational MTU/MSS.