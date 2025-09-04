On This Page
BlueField Modes of Operation
This document describes the modes of operation available for NVIDIA® BlueField® networking platforms (DPUs or SuperNICs).
BlueField devices feature the following modes of operation:
Mode of Operation
External Host Trust Level
Description
Default on SKUs
Can be Configured to All Other Modes?
NIC Mode
Host-trusted
The Arm cores of BlueField are inactive, and the device functions as an NVIDIA® ConnectX® network adapter.
SuperNIC SKUs default mode
Yes 1
DPU Mode
Host-trusted
The Arm cores of BlueField are active, and the embedded Arm system runs services that manage the NIC resources and data path.
DPU SKUs default mode
Yes
Zero Trust (restricted)
The Arm cores of BlueField are active, and the embedded Arm system runs services to manage the NIC resources and data path while enforcing restrictions on the external host (host isolation).
-
Yes
BFx H20 converged accelerator is limited to NIC Mode only. ⤶
NIC Mode
In NIC Mode, BlueField operates as a ConnectX network adapter for the external host. For BlueField-3, the Arm cores are inactive, while for BlueField-2, the Arm cores are active but non-functional.
Operating in NIC Mode on BlueField-3 reduces power consumption, improves network performance, and minimizes the host memory footprint.
BlueField-3 SuperNIC SKUs are shipped in NIC Mode by default.
Multi-host is not supported when BlueField is operating in NIC Mode.
DPU Mode
In this operation mode, Arm cores active, known also as embedded CPU function ownership (ECPF) mode, is the default mode for the BlueField DPU family of SKUs.
In DPU Mode, the NIC resources and functionality are owned and controlled by the embedded Arm subsystem. All network communication to the host flows through a virtual switch control plane hosted on the Arm cores that manages all networking traffic coming and going from the host.
While working in this mode, the BlueField is the trusted function managed by the data center and host administrator for provisioning, management and orchestration (eg. load network drivers, reset an interface, bring an interface up and down, update the firmware, change the mode of operation on BlueField, etc).
BlueField-2 DPU and BlueField-3 DPU SKUs are shipped in DPU Mode by default.
Socket Direct is not supported when BlueField is operating in DPU Mode.
DPU Mode Architecture
In DPU Mode, the BlueField DPU provides the host system with access to network functions, while the host's capabilities are restricted and managed by the Arm processor within the BlueField.
Traffic Management and Paths
The Embedded Control and Processing Framework (ECPF) controls the NIC's embedded switch (eswitch). All network traffic between the host interface and the network initially passes through the BlueField’s Arm processor via Representors. This path, where traffic is processed by the Arm processor, is referred to as the "slow path".
To improve performance, the Arm processor can define rules in the eswitch through the ECPF, allowing packets to bypass the Arm processor and be processed directly by the eswitch. This is known as the "fast path", which reduces latency and increases throughput by offloading traffic processing from the Arm to the eswitch.
A virtual switch running on the Arm processor may integrate both slow path and fast path functionalities by processing and classifying only the first packet of a new flow. For subsequent packets in the flow, the virtual switch defines eswitch rules, enabling fast path processing for the remainder of the traffic.
Initialization Process
At startup, network access to the host is initially blocked. This restriction remains until the virtual switch running on the Arm processor loads the default out-of-box rules to manage the ECPF on the BlueField. Once these rules are loaded, network traffic to the host is automatically enabled.
The driver on the host system can only be loaded after the driver on the BlueField has been loaded and has completed NIC configuration. Additionally, all Interface Configuration Memory (ICM) is allocated by the ECPF and resides in the BlueField's memory.
InfiniBand in DPU Mode
In DPU Mode, when operating with an InfiniBand network, OpenSM must be executed from the BlueField Arm side rather than the host side. Similarly, InfiniBand management tools such as
sminfo,
ibdev2netdev, and
ibnetdiscover can only be used from the BlueField Arm side and are not accessible from the host side.
DPU Mode in Zero Trust
Zero Trust, also known as Restricted Mode, is a specialized variation of DPU Mode that enhances security by preventing the host system administrator from accessing BlueField from the host side. Once Zero Trust mode is enabled, the BlueField must be fully controlled by the data center administrator via the Arm cores or the BMC connection, rather than through the host.
This mode enforces security and isolation by restricting the host from performing operations that could compromise BlueField. The following operations can be restricted individually in Zero Trust mode:
Port ownership – The host cannot assign itself as the port owner
Hardware counters – The host is denied access to hardware counters
Tracer functionality – The tracer functionality is blocked
RShim interface – The RShim interface is disabled
Firmware flash – firmware flashing from the host is restricted
Zero Trust mode ensures a robust security boundary between the host and BlueField, making it an ideal configuration for environments requiring strict control and isolation.
Transitioning between operation modes can be achieved through various configuration interfaces as presented in the following table.
Some configuration interfaces may be locked out when operating in Zero Trust (Restricted) Mode.
Interface
From
To
Configuration option available by default for this interface?
Configuration option can be locked-out 2 for this interface?
External Host command line
DPU Mode
NIC Mode
Yes
Yes
NIC Mode
DPU Mode
Yes
Yes
DPU Mode
DPU Mode with Zero Trust
No
Always blocked
DPU Mode with Zero Trust
DPU Mode
No
Always blocked
DPU Mode with Zero Trust
NIC Mode
Not supported
N/A
Host UEFI Menu
DPU Mode
NIC Mode
Yes
Yes
NIC Mode
DPU Mode
Yes
Yes
DPU Mode
DPU Mode with Zero Trust
No
Always blocked
DPU Mode with Zero Trust
DPU Mode
No
Always blocked
DPU Mode with Zero Trust
NIC Mode
Not supported
N/A
Arm OS command line
DPU Mode
NIC Mode
Yes
No
NIC Mode
DPU Mode
N/A
N/A
DPU Mode
DPU Mode with Zero Trust
Yes
No
DPU Mode with Zero Trust
DPU Mode
Yes
No
DPU Mode with Zero Trust
NIC Mode
Not supported
N/A
Arm UEFI Menu
DPU Mode
NIC Mode
Yes
No
NIC Mode
DPU Mode
Yes
No
DPU Mode
DPU Mode with Zero Trust
No 3
No
DPU Mode with Zero Trust
DPU Mode
No 3
No
DPU Mode with Zero Trust
NIC Mode
Not supported
N/A
DPU-BMC Redfish
DPU Mode
NIC Mode
Yes
No
NIC Mode
DPU Mode
Yes
No
DPU Mode
DPU Mode with Zero Trust
No 3
No
DPU Mode with Zero Trust
DPU Mode
No 3
No
DPU Mode with Zero Trust
NIC Mode
Not supported
N/A
Platform-BMC NC-SI OEM commands
DPU Mode
NIC Mode
Yes
No
NIC Mode
DPU Mode
Yes
No
DPU Mode
DPU Mode with Zero Trust
No 3
No
DPU Mode with Zero Trust
DPU Mode
No 3
No
DPU Mode with Zero Trust
NIC Mode
Not supported
N/A
Identifying Which Mode BlueField is Currently Operating In
Interface
Command
Response
Using external host command line
Output format:
Using external host UEFI (HII) menu
Navigate to specific device and select
Using Arm UEFI (GUI) menu
Access the Arm UEFI menu by pressing the Esc button twi
ce on the console and n
avigate to
The
Using DPU BMC Redfish
Read
Using platform BMC NC-SI OEM commands
Get Command = 0x13, Parameter = 0x33
Response format:
Response field:
Changing Mode
For the configuration to take effect, Arm and NIC components must undergo a reset. Power cycle is recommended.
Using External Host Command Line
From Mode
To Mode
Command
DPU Mode
NIC Mode
For BlueField-3:
For BlueField-2:
NIC Mode
DPU Mode
For BlueField-3:
For BlueField-2:
DPU Mode
DPU Mode with Zero Trust
N/A
DPU Mode with Zero Trust
DPU Mode
N/A
DPU Mode with Zero Trust
NIC Mode
Not supported. Move from DPU Mode with Zero Trust to DPU Mode first, and then from DPU Mode to NIC Mode.
Warning
Using External Host UEFI Menu
From Mode
To Mode
Command
DPU Mode
NIC Mode
Select
To enable NIC Mode, set
NIC Mode
DPU Mode
Select
To enable DPU Mode, set
DPU Mode
DPU Mode with Zero Trust
N/A
DPU Mode with Zero Trust
DPU Mode
N/A
DPU Mode with Zero Trust
NIC Mode
Not supported. Move from DPU Mode with Zero Trust to DPU Mode first, and then from DPU Mode to NIC Mode.
Warning
Using Arm OS Command Line
From Mode
To Mode
Command
DPU Mode
NIC Mode
For BlueField-3:
For BlueField-2:
NIC Mode
DPU Mode
Not Applicable (Arm OS is not available)
DPU Mode
DPU Mode with Zero Trust
DPU Mode with Zero Trust
DPU Mode
DPU Mode with Zero Trust
NIC Mode
Not supported. Move from DPU Mode with Zero Trust to DPU Mode first, and then from DPU Mode to NIC Mode.
Warning
Using Arm UEFI Menu
From Mode
To Mode
Command
DPU Mode
NIC Mode
NIC Mode
DPU Mode
DPU Mode
DPU Mode with Zero Trust
Roadmap
DPU Mode with Zero Trust
DPU Mode
Roadmap
DPU Mode with Zero Trust
NIC Mode
Not supported. Move from DPU Mode with Zero Trust to DPU Mode first, and then from DPU Mode to NIC Mode.
Warning
Using DPU-BMC Redfish
From Mode
To Mode
Command
DPU Mode
NIC Mode
To apply configuration, two consecutive Arm reboots are required.
NIC Mode
DPU Mode
To apply configuration, two consecutive Arm reboots are required.
DPU Mode
DPU Mode with Zero Trust
Roadmap
DPU Mode with Zero Trust
DPU Mode
Roadmap
DPU Mode with Zero Trust
NIC Mode
Not supported. Move from DPU Mode with Zero Trust to DPU Mode first, and then from DPU Mode to NIC Mode.
Warning
Using Platform-BMC NC-SI OEM Commands
From Mode
To Mode
Command
DPU Mode
NIC Mode
Command = 0x12, Parameter = 0x33
For NIC Mode, set the offload engine bit to 0x1.
NIC Mode
DPU Mode
Command = 0x12, Parameter = 0x33
For DPU Mode, set the offload engine bit to 0x0.
DPU Mode
DPU Mode with Zero Trust
Roadmap
DPU Mode with Zero Trust
DPU Mode
Roadmap
DPU Mode with Zero Trust
NIC Mode
Not supported. Move from DPU Mode with Zero Trust to DPU Mode first, and then from DPU Mode to NIC Mode.
Warning
Separated Host Mode is obsolete for BlueField DPU/SuperNIC SKUs and should not be used, even if it remains visible in some configuration menus or options.
Separated Host Mode is available only for BlueField controller SKUs, where the BlueField Arm OS is the sole CPU/OS in the chassis.