Ruckus/Brocade ICX 7150 Help

[muhfugen]

I recently obtained a Ruckus (formerly Brocade) ICX 7150-C12 switch. As my background is mostly with Cisco/Juniper i'm not too familiar with the FastIron OS on these and was wondering if someone could help explain the following behavior. With both SPS08095dufi.bin and SPS09010ufi.bin layer 2 firmware everything works fine, but when I load the SPR layer 3 firmware of the same version, I experience ~50% packet loss.

The switch's ethernet 1/1/12 port is connected to a Fortigate 50E on port lan1, and when I connect an endpoint to the switch and try pinging the firewall, it loses half the packets almost as if a link is flapping. 12-15 pings from the endpoint to the firewall will get responses, then about 10-12 pings will not get responses, and this will happen in a loop constantly. I've tried resetting the config to defaults and it still happens, and switching the firmware from layer 3 to layer 2 will resolve this issue. Does anyone have any idea of whats going wrong here?

ICX7150-C12 Router#sh run
Current configuration:
ver 08.0.95dT213
stack unit 1
module 1 icx7150-c12-poe-port-management-module
module 2 icx7150-2-copper-port-2g-module
module 3 icx7150-2-sfp-plus-port-20g-module
stack-port 1/3/1
stack-port 1/3/2
global-stp
vlan 1 name DEFAULT-VLAN by port
spanning-tree
aaa authentication web-server default local
aaa authentication login default local
enable aaa console
ip dns server-address 8.8.8.8(dynamic)
ip route 0.0.0.0/0 192.168.1.1 distance 254 dynamic
no telnet server
username admin password .....
manager registrar
manager port-list 987
interface ethernet 1/1/12
ip address 192.168.1.101 255.255.255.0 dynamic
end

 

[LodeRunner]

Do you get same behavior when uplink to firewall is a different port? 1/1-12 are your PoE ports, you could use 1/2/1-2 for gigabit uplinks.

And to clarify: when running SPR firmware you have this issue, but booting SPS firmware you do not?

 

[muhfugen]

I've tried it with the Fortigate connected to ethernet 1/1/1 and 1/1/12, and it happened both times. Since then i've setup a LAG on 1/2/1 and 1/2/2 and I suppose I could try tomorrow rebooting in to the SPR firmware to see if it still happens, but I would expect it would.

Yes this only occurs with the SPR firmware, if I boot in to SPS it works as expected.

 

[LodeRunner]

I see it's on 8.0.95d, there is a newer version of 8095, you might try flashing it and see if that corrects the issue; check the first post of the big ICS thread.

Otherwise, I confess I've not seen that behavior and I have several 7150-C12Ps in my network.

@fohdeesha you ever encounter odd behavior in SPR that SPS rectifies?

 

[muhfugen]

It was running 8.0.95d because this was and still is the recommended release (Ruckus ICX 7150 Campus Switches | Products | Ruckus Wireless Support), presumably similar to Cisco's "gold star" releases, so I wanted to try that to rule out a potential bug in the very latest firmware. I'm currently running it on 9.0.10a which is the latest 9 release and came out just a couple days ago, and the issue is the same.

I just tried rebooting in to the 9.0.10a SPR release and the issue remains the same. Looking at the LAG between it and the Fortigate, everything looks fine to me, so I dont think the link is going down. Here is the output of "sh int lag 1" while the packet loss is occuring. Please note the Fortigate is setup properly for a LAG so STP shouldnt be an issue, and that this also occured while there was only a single link between the switch and Fortigate.

Lag lg1 is up, line protocol is up
  Configured speed Auto, actual 2G, configured duplex fdx, actual fdx
  Untagged member of L2 VLAN 1, port state is Forward
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled,  Openflow Hybrid mode is Disabled, Flow Type is Layer2
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  VLAN-Mapping is disabled
Flexlink: Disabled
  Member of active trunk ports 1/2/1,1/2/2,lg1, Lag Interface is lg1
  Member of configured trunk ports 1/2/1,1/2/2,lg1, Lag Interface is lg1
  No port name
  300 second input rate: 33264 bits/sec, 10 packets/sec, 0.00% utilization
  300 second output rate: 33096 bits/sec, 21 packets/sec, 0.00% utilization
  3551 packets input, 1266932 bytes, 0 no buffer
  Received 589 broadcasts, 79 multicasts, 2883 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  7285 packets output, 1307065 bytes, 0 underruns
  Transmitted 739 broadcasts, 564 multicasts, 5982 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

And the current running config:

Current configuration:
ver 09.0.10T211
stack unit 1
  module 1 icx7150-c12-poe-port-management-module
  module 2 icx7150-2-copper-port-2g-module
  module 3 icx7150-2-sfp-plus-port-20g-module
  stack-port ethernet 1/3/1
  stack-port ethernet 1/3/2
lag "Fortigate 50E" dynamic id 1
ports ethe 1/2/1 to 1/2/2
port-name LAN1 ethernet 1/2/1
port-name LAN2 ethernet 1/2/2
lag "Dell PowerEdge T340" dynamic id 2
ports ethe 1/1/3 to 1/1/4
port-name "Ethernet 1" ethernet 1/1/3
port-name "Ethernet 2" ethernet 1/1/4
vlan 1 name DEFAULT-VLAN by port
boot sys fl sec
jumbo
hostname "Ruckus ICX 7150-C12"
ip dns server-address 8.8.8.8 8.8.4.4
ip address 192.168.255.106 255.255.255.0 dynamic
ip tftp blocksize 8192
ip default-gateway 192.168.255.1 dynamic
cdp run
interface management 1
interface ethernet 1/1/1
port-name "Extreme Networks Aerohive AP650"
interface ethernet 1/1/2
port-name "Raspberry Pi"
interface ethernet 1/1/5
port-name "Dell PowerEdge T340 iDRAC"
username admin password .....
aaa authentication login default local
aaa authentication web-server default local
aaa authentication snmp-server default local
no telnet server
snmp-server community 2 $U2kyXj1k ro
snmp-server location Office
manager disable
cli timeout 0
enable skip-page-display
end

 

[Didomir]

It was running 8.0.95d because this was and still is the recommended release (Ruckus ICX 7150 Campus Switches | Products | Ruckus Wireless Support), presumably similar to Cisco's "gold star" releases, so I wanted to try that to rule out a potential bug in the very latest firmware. I'm currently running it on 9.0.10a which is the latest 9 release and came out just a couple days ago, and the issue is the same.

I just tried rebooting in to the 9.0.10a SPR release and the issue remains the same. Looking at the LAG between it and the Fortigate, everything looks fine to me, so I dont think the link is going down. Here is the output of "sh int lag 1" while the packet loss is occuring. Please note the Fortigate is setup properly for a LAG so STP shouldnt be an issue, and that this also occured while there was only a single link between the switch and Fortigate.

Lag lg1 is up, line protocol is up
  Configured speed Auto, actual 2G, configured duplex fdx, actual fdx
  Untagged member of L2 VLAN 1, port state is Forward
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled,  Openflow Hybrid mode is Disabled, Flow Type is Layer2
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  VLAN-Mapping is disabled
Flexlink: Disabled
  Member of active trunk ports 1/2/1,1/2/2,lg1, Lag Interface is lg1
  Member of configured trunk ports 1/2/1,1/2/2,lg1, Lag Interface is lg1
  No port name
  300 second input rate: 33264 bits/sec, 10 packets/sec, 0.00% utilization
  300 second output rate: 33096 bits/sec, 21 packets/sec, 0.00% utilization
  3551 packets input, 1266932 bytes, 0 no buffer
  Received 589 broadcasts, 79 multicasts, 2883 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  7285 packets output, 1307065 bytes, 0 underruns
  Transmitted 739 broadcasts, 564 multicasts, 5982 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

And the current running config:

Current configuration:
ver 09.0.10T211
stack unit 1
  module 1 icx7150-c12-poe-port-management-module
  module 2 icx7150-2-copper-port-2g-module
  module 3 icx7150-2-sfp-plus-port-20g-module
  stack-port ethernet 1/3/1
  stack-port ethernet 1/3/2
lag "Fortigate 50E" dynamic id 1
ports ethe 1/2/1 to 1/2/2
port-name LAN1 ethernet 1/2/1
port-name LAN2 ethernet 1/2/2
lag "Dell PowerEdge T340" dynamic id 2
ports ethe 1/1/3 to 1/1/4
port-name "Ethernet 1" ethernet 1/1/3
port-name "Ethernet 2" ethernet 1/1/4
vlan 1 name DEFAULT-VLAN by port
boot sys fl sec
jumbo
hostname "Ruckus ICX 7150-C12"
ip dns server-address 8.8.8.8 8.8.4.4
ip address 192.168.255.106 255.255.255.0 dynamic
ip tftp blocksize 8192
ip default-gateway 192.168.255.1 dynamic
cdp run
interface management 1
interface ethernet 1/1/1
port-name "Extreme Networks Aerohive AP650"
interface ethernet 1/1/2
port-name "Raspberry Pi"
interface ethernet 1/1/5
port-name "Dell PowerEdge T340 iDRAC"
username admin password .....
aaa authentication login default local
aaa authentication web-server default local
aaa authentication snmp-server default local
no telnet server
snmp-server community 2 $U2kyXj1k ro
snmp-server location Office
manager disable
cli timeout 0
enable skip-page-display
end

Hello,
I do have a similar setup, FG60E (6.4.8)/ICX7150-C12P (08.0.95f) with LAG.

There might be some differences in VLANs and other setup, but here is part of my config for your reference:

ICX:

SSH@ICX7150-C12 Router#show conf
!
Startup-config data location is flash memory
!
Startup configuration:
!
ver 08.0.95fT213
!
stack unit 1
module 1 icx7150-c12-poe-port-management-module
module 2 icx7150-2-copper-port-2g-module
module 3 icx7150-2-sfp-plus-port-20g-module
!
!
global-stp
!
lag FG dynamic id 1
lacp-timeout short
ports ethe 1/2/1 to 1/2/2
!

FG60E:
edit "LACP"
set vdom "root"
set ip 192.168.99.1 255.255.255.0
set allowaccess ping ssh
set type aggregate
set member "internal6" "internal7"
set lldp-reception enable
set lldp-transmission enable
set role lan
set snmp-index 17
set lacp-mode passive
set lacp-speed fast
next