Archive for the ‘brocade’ Category

Brocade ICX/VDX firmware update cheatsheet

Wednesday, July 11th, 2018

Kind of a cheatsheet for updating firmware on Brocade’s ICX (nowadays Ruckus Networks) and VDX (nowadays Extreme Networks) switches.

-=ICX=-

– Make sure to check the release notes to ensure that your model is supported. For example, with ICX6xxx switches (which are EOL though) 08.0.30 branch is the highest you can go. 08.0.60 or 08.0.80 don’t support ICX6xxx.

  1. copy scp flash 10.10.11.146 /home/brcdsup/fastiron/08030/ICX64S08030s.bin primary

– If you immediately get ‘Connecting to remote host… Connection Closed’ error, then check whether your SSH server config includes legacy options (to be added into sshd_config file):

  1. KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
  2. Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr

-=VDX=-

– Version upgrades such as 6.0 to 7.0, or 7.0 to 7.1 are considered as major upgrades hence destructive. Be prepared for ~30 minutes of outage + ~10 minutes for fabric recovery (with data traffic being forwarded).

  1. firmware download logical-chassis scp directory /home/brcdsup/nos/nos7.1.0b host 10.10.11.146 user brcdsup password xxx rbridge-id all coldboot

Tags:, , , , ,
Posted in brocade, networking, tech | No Comments »

How to configure vLAG on a Brocade VDX 6740T-1G switch to work with SafeNet Network HSM

Tuesday, January 26th, 2016

Caution! I deleted my previous post on how to configure vLAG on Brocade VDX 6740T-1G switch to work with SafeNet Network HSM because actually it didn’t work as it should. If you get a cached version somewhere please disregard it.

I have no idea how I managed to get bonding to operate in round-robin mode on SafeNet Network HSM:

  1. [hsm-node-1] lunash:>network interface bonding show
  2.  
  3. ———————————————————–
  4. Ethernet Channel Bonding Driver: v3.4.0-2 (October 7, 2008)
  5.  
  6. Bonding Mode: load balancing (round-robin)

Because once the appliance was rebooted the bonding mode has changed to active-backup and the whole story with LAGs became irrelevant. The primary interface started flapping again and the only way to stabilize connectivity to HSM was to disable the slave interface.

  1. [hsm-node-1] lunash:>network interface bonding show
  2.  
  3. ———————————————————–
  4. Ethernet Channel Bonding Driver: v3.4.0-2 (October 7, 2008)
  5.  
  6. Bonding Mode: fault-tolerance (active-backup)

So, back to the original subject of the post: how do you configure a LAG on Brocade switch to work with SafeNet Network HSM? The answer is — you don’t. In fault-tolerance bonding mode, when one interface is active and another one is backup (read passive), you don’t create any LAGs on the switch. All you have to do is to bring both interfaces to switchport mode access mode and ensure that VLAN and speed settings are identical. Here is how our switch config looks like:

  1. !
  2. interface TenGigabitEthernet 12/0/2
  3.  speed 1000
  4.  description -=HSM-NODE-1:ETH0=-
  5.  switchport
  6.  switchport mode access
  7.  switchport access vlan 12
  8.  spanning-tree shutdown
  9.  no fabric isl enable
  10.  no fabric trunk enable
  11.  no shutdown
  12. !
  13. interface TenGigabitEthernet 13/0/2
  14.  speed 1000
  15.  description -=HSM-NODE-1:ETH1=-
  16.  switchport
  17.  switchport mode access
  18.  switchport access vlan 12
  19.  spanning-tree shutdown
  20.  no fabric isl enable
  21.  no fabric trunk enable
  22.  no shutdown
  23. !

Now, you certainly lose link aggregation and load balancing functionalities, because only one interface will be passing traffic at a time. The slave interface comes into play only if the primary interface is down. We’re still good though when it comes to redundancy — you can disconnect the cable from ETH0 without any impact on connectivity.

On a HSM side, you don’t have many options so you follow the standard procedure: assign the IP address to the bond (network interface bonding config -ip x.x.x.x -netmask y.y.y.y -gateway z.z.z.z) and bring it up (network interface bonding enable).

To check the status:

  1. [hsm-node-1] lunash:>network interface bonding show
  2.  
  3. ———————————————————–
  4. Ethernet Channel Bonding Driver: v3.4.0-2 (October 7, 2008)
  5.  
  6. Bonding Mode: fault-tolerance (active-backup)
  7. Primary Slave: eth0 (primary_reselect failure)
  8. Currently Active Slave: eth1
  9. MII Status: up
  10. MII Polling Interval (ms): 100
  11. Up Delay (ms): 2000
  12. Down Delay (ms): 0
  13.  
  14. Slave Interface: eth0
  15. MII Status: up
  16. Speed: 1000 Mbps
  17. Duplex: full
  18. Link Failure Count: 0
  19. Permanent HW addr: 00:15:c4:n7:13:06
  20.  
  21. Slave Interface: eth1
  22. MII Status: up
  23. Speed: 1000 Mbps
  24. Duplex: full
  25. Link Failure Count: 0
  26. Permanent HW addr: 00:15:c4:n7:6a:34
  27. ———————————————————–
  28. ———————————————————–
  29. Status for eth0:
  30.         Link detected: yes
  31.  
  32. Status for eth1:
  33.         Link detected: yes
  34. ———————————————————–
  35.  
  36. Command Result : 0 (Success)
  1. [hsm-node-1] lunash:>status interface
  2.  
  3. bond0     Link encap:Ethernet  HWaddr 00:15:C4:N7:13:06
  4.           inet addr:192.168.100.42  Bcast:192.168.100.255  Mask:255.255.255.0
  5.           UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
  6.           RX packets:13479 errors:0 dropped:0 overruns:0 frame:0
  7.           TX packets:3183 errors:0 dropped:0 overruns:0 carrier:0
  8.           collisions:0 txqueuelen:0
  9.           RX bytes:1059045 (1.0 MiB)  TX bytes:446623 (436.1 KiB)
  10.  
  11. eth0      Link encap:Ethernet  HWaddr 00:15:C4:N7:13:06
  12.           UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
  13.           RX packets:12670 errors:0 dropped:0 overruns:0 frame:0
  14.           TX packets:2082 errors:0 dropped:0 overruns:0 carrier:0
  15.           collisions:0 txqueuelen:1000
  16.           RX bytes:996811 (973.4 KiB)  TX bytes:300205 (293.1 KiB)
  17.           Interrupt:58 Memory:fb4c0000-fb4e0000
  18.  
  19. eth1      Link encap:Ethernet  HWaddr 00:15:C4:N7:6A:34
  20.           UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
  21.           RX packets:809 errors:0 dropped:0 overruns:0 frame:0
  22.           TX packets:1101 errors:0 dropped:0 overruns:0 carrier:0
  23.           collisions:0 txqueuelen:1000
  24.           RX bytes:62234 (60.7 KiB)  TX bytes:146418 (142.9 KiB)
  25.           Interrupt:169 Memory:fb6e0000-fb700000
  26.  
  27. Command Result : 0 (Success)

Tags:, , , , , , , , , , , ,
Posted in brocade, networking, safenet, tech | No Comments »

How to configure SNMP on a Brocade VDX 6740T-1G switch

Monday, January 25th, 2016

Below is a snippet of the config that worked for me to allow SNMP v1 polling of a Brocade VDX 6740T-1G switch. Nothing fancy, I just wanted to enable read-only, SNMP v1 access to the switch to start capturing the load of the interfaces. Note that the NOS version is 6.0.2.

  1. snmp-server contact "Your network crew"
  2. snmp-server location "DC A"
  3. snmp-server sys-descr "Brocade VDX 6740T-1G"
  4. snmp-server community XXXXX groupname monitor
  5. snmp-server view monitor 1.3.6 included
  6. snmp-server group monitor v1 read monitor

The first three lines are not interesting. The forth and the last one will enable SNMP v1 read-only access. Note that you have to specify a groupname. You can name it whatever you like but it has to be consistent.

Finally, without ‘snmp-server view monitor 1.3.6 included’ line you will be able to poll the switch but no data will be returned. Perhaps it could be useful if you have multiple teams and you want to separate who can monitor what, but since I don’t need it I allowed access to the whole MIB.

Tags:, , , ,
Posted in brocade, networking, tech | No Comments »

How to add a license to a Brocade VDX6740T-1G switch

Sunday, January 24th, 2016

In order to license a particular feature on a Brocade VDX 6740T-1G switch you’ll need:

  • transaction key (22 characters long string received from your Brocade supplier, which is bound to a particular feature, for example BR-VDX6740T-1G-16X10G-COD (to add 16x10GB Capacity on Demand feature) or BR-VDX6740-2X40G-POD (to unlock two remaining QSFP ports));

  • access to the Brocade portal (Software Licensing section);

  • license ID of the switch where the license is going to be attached to.

To get a license ID, log in to the switch and run:

  1. show license id rbridge-id 12
  2.  
  3. ===================================================
  4.   12                    XX:XX:XX:XX:XX:XX:XX:XX

Since all my VDXs are in a VCS Logical Chassis mode, I have to specify the rbridge-id of the member.

Login to the Brocade portal, go to Software Licensing and enter the transaction key. On the next page you’ll be prompted for an email address and the license ID.

Once generated, you’ll receive a XML file with the long string between licKey tags.

Copy it (omit licKey tags) and execute on the switch:

  1. license add rbridge-id 12 licStr "XX XXXXXXXX#"

Make sure to place the license inside quotes, since normally there is a space in the license key.

To check whether the license was deployed run:

  1. show license rbridge-id 12
  2.  
  3. rbridge-id: 12
  4. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  5.        10G Port Upgrade license
  6.        Feature name:PORT_10G_UPGRADE
  7.        License is valid
  8.        Capacity: 16

Tags:, , , ,
Posted in brocade, networking, tech | No Comments »

Configuring static lag on Brocade ICX switches to be used with Check Point bond

Monday, April 14th, 2014

As we’re slowly (but surely) moving towards replacing our Cisco gear with Brocade I’m going to publish a set of articles related to ICX 6610 configuration. Bear with me since I’m still learning it. By the way, if you spot any mistakes please let me know.

In comparison with the Cisco 3745 the Brocade’s ICX 6610 wins by miles, both in terms of performance and price (big time!), so here we go.

The first article will be related to the configuration of LAG (Link Aggregation Group) on ICX 6610 to be used with Check Point’s bond interfaces. The idea is to aggregate two or more physical links into a virtual one, so in case there is an issue with one of the links (faulty cable or NIC) the connection is still operational. To summarize, on Brocade you configure LAGs and on Check Point you configure bonds. Initially, when I first started working on it, my main goal was all about redundancy and I didn’t really care about load distribution. At the end it came out that the traditional active/backup setup cannot be implemented with the bond where both legs are terminated on the same switch, so I ended up with the active/active implementation. It’s a mix of load balancing + redundancy so should be fine.

(more…)

Tags:, , , ,
Posted in brocade, checkpoint, tech | No Comments »