User Defined Keys
User defined keys (UDKs) allow defining custom byte keys—that is, groups of bytes that can be matched to a predefined point in the packet (an extraction point, e.g. the start of a MAC header, or an IP header)—which is useful when wanting to make a match with a part of the packet which does not have a dedicated key.
The maximum number of UDKs is 4.
An extraction point may be defined for each packet type in a UDK. For each extraction point, an offset (from the beginning of the extraction) is defined.
To be able to modify a UDK after attaching it to an ACL rule, it is first necessary to un-match the UDK from the ACL, and then change the match mode of the UDK to none using the command “no udk match mode”.
Defining a UDK affects the throughput for packets equal or smaller than 128 bytes.
To set UDK with ACL on a specific field:
- Define new user defined key called ipv4_udk. Run: - switch(config) # udk ipv4_udk- switch(config udk ipv4_udk) # exit
- Set user defined key ipv4_udk to match on IPV4 header in offset 4 bytes from start of header. Run: - switch(config) # udk ipv4_udk extraction point mode l3 packet type ipv4 extraction point start-of-header offset- 4
- Set the len (in bytes) of the field to match on. Run: - switch(config) # udk ipv4_udk len- 2
- Set the user defined key to work with access list. Run: - switch(config) # udk ipv4_udk match mode acl
- Define new access list table called my_acl_table. Run: - switch(config) # ipv4-udk access-list my_acl_table
- Set new rule on the access list table with the previously defined user defined key to match 0x1234. Run: - switch(config) # ipv4-udk access-list my_acl_table permit ip any any udk ipv4_udk- 0x1234
- Bind the access list table to an ethernet interface. Run: - switch(config) #- interfaceethernet- 1/- 1ipv4-udk port access-group my_acl_table
udk
| udk <udk-name> Creates user defined key. | ||
| udk-name | String | |
| Default | N/A | |
| Configuration Mode | config | |
| History | 3.6.5000 | |
| Example | switch (config)# udk udk_name | |
| Related Commands | ||
| Notes | Defining UDK affects the throughput for packets equal or smaller than 128 bytes. | |
match mode
| match mode <match-mode> Configures user defined key match mode. | ||
| Syntax Description | match-mode | Possible values: 
 | 
| Default | None | |
| Configuration Mode | config udk | |
| History | 3.6.5000 | |
| Example | switch (config udk udk_name)# match mode all | |
| Related Commands | udk <udk-name> | |
| Notes | ||
extraction point
| extraction point mode <mode> [packet type <type> [extraction point <point> [offset <offset>]]] Configures user-defined key extraction point mode. | ||
| Syntax Description | mode | Possible values: 
 | 
| packet type | Sets user defined key packet type. Possible values: 
 | |
| extraction point | Sets user defined key extraction point. Possible values for: 
 | |
| offset | Sets user defined key extraction point offset | |
| Default | Mode: l3 | |
| Configuration Mode | config udk | |
| History | 3.6.5000 | |
| Example | switch (config udk udk_name)# extraction point mode l3 packet type ipv4 extraction point start-of-header offset 2 | |
| Related Commands | udk <udk-name> | |
| Notes | ||
len
| len <length> Configures user-defined key length. | ||
| Syntax Description | length | Range: 1-4 | 
| Default | 4 | |
| Configuration Mode | config udk | |
| History | 3.6.5000 | |
| Example | switch (config udk udk_name)# len 4 | |
| Related Commands | udk <udk-name> | |
| Notes | ||
show udk
| show udk [<udk-name>] Displays summary for user-defined keys. | ||
| Syntax Description | udk-name | Displays information about specific UDK | 
| Default | N/A | |
| Configuration Mode | Any command mode | |
| History | 3.6.5000 | |
| Example | switch (config)# show udk UDK name: udk_name | |
| Related Commands | udk <udk-name> | |
| Notes | ||