NVIDIA ConnectX-6 DE Adapter Cards Firmware Release Notes v22.42.1000
NVIDIA ConnectX-6 DE Adapter Cards Firmware Release Notes v22.42.1000

Changes and New Feature History

Note

This section includes history of changes and new feature of 3 major releases back. For older releases history, please refer to the relevant firmware versions.

Feature/Change

Description

22.41.1000

Unify Rx/Tx Table Domains in FDB

The new unified_fdb subdomain simplifies the FDB model by eliminating the need to duplicate rules for RX and TX tables. This domain is directionless, meaning no RX/TX specific actions are allowed. Firmware now handlea packet transitions IN and OUT of the unified domain, allowing for a more streamlined packet flow management.

Software can now transition between unified_fdb and FDB_RX/FDB_TX domains as long as the packet maintains the same direction, without the risk of dropping the packet when crossing between RX and TX.

TRNG FIPS Compliance

Implemented Deterministic Random Bit Generator (DRBG) algorithm on top of firmware TRNG (the source for raw data input) in accordance with NIST SP800-90A.

vDPA Live Migration

Added support for vDPA virtual queue state change from suspend to ready, and discrete mkey for descriptor. vDPA Live Migration uses these two new capabilities to reduce downtime since vq can go back to ready state for traffic and descriptor-only-mkey can help reduce mkey mapping time.

64M Active Connections

Added the ability to generate up to 2^30 STE objects through the general object creation command.

NVConfig

Added a new NVConfig option to copy AR bit from the BTH header to the DHCP header.

Steering

Added the option provide field's offset and length in Steering add_action option.

Steering Match

Added support for steering match on packet l4_type through FTG/FTE.

Flex Parser Merge Mechanism

Extended Flex Parser merge mechanism to support hardware capabilities.

Flex Parser

Enabled the option to disable the native parser when the parse graph node is configured with the same conditions.

Flex Parser

Added support for father/son headers parsing.

LRO

Added support for tunnel_offload in LRO.

Bug Fixes

See Bug Fixes in this Firmware Version section.

Feature/Change

Description

22.40.1000

Socket Direct Single netdev Mapped to Two PCIe Devices

Enabled Single Netdev mapping to two PCIe devices (Socket Direct).

Now multiple devices (PFs) of the same port can be combined under a single netdev instance. Traffic is passed through different devices belonging to different NUMA sockets, thus saving cross-NUMA traffic and allowing apps running on the same netdev from different NUMAs to still feel a sense of proximity to the device and achieve improved performance.

The netdev is destroyed once any of the PFs is removed. A proper configuration would utilize the correct close NUMA when working on a certain app/CPU.

Currently, this capability is limited to PFs only, and up to two devices (sockets). To enable the feature, one must configure the same Socket Direct group (non zero) for both PFs through mlxconfig SD_GROUP.

ACL

Added support for egress ACL to the uplink by adding a new bit to the Set Flow Table Entry: allow_fdb_uplink_hairpin.

Bug Fixes

See Bug Fixes in this Firmware Version section.

Feature/Change

Description

22.39.2048

Bug Fixes

See Bug Fixes in this Firmware Version section.

Feature/Change

Description

22.39.1002

Expansion ROM

Added a caching mechanism to improved expansion ROM performance and to avoid any slow boot occurrences when loading the expansion ROM driver.

Live Migration Support for Image Size above 4GB

Added support for image size above 4GB when performing a live migration by splitting the image to chunks.

Crypto Algorithms

Extended the role-based authentication to cover all crypto algorithms. Now the TLS. IPsec. MACsec. GCM, mem2mem, and NISP work when nv_crypto_conf.crypto_policy = CRYPTO_POLICY_FIPS_LEVEL_2, meaning all cryptographic engines can also work in wrapped mode and not only in plaintext mode.

Programmable Congestion Control

Programmable Congestion Control is now the default CC mechanism. ZTR_RTTCC is the default CC algorithm when ECE is enabled and the CC algorithm negotiation succeeds, otherwise PCC DCQCN will be used.

Reserved mkey

Added new support for reserved mkey index range. When enabled, a range of mkey indexes is reserved for mkey by name use.

Bug Fixes

See Bug Fixes in this Firmware Version section.

Feature/Change

Description

22.38.1900

QKEY Mitigation in the Kernel

QKEY creation with the MSB set is available now for non-privileged users as well.

To allow non-privileged users to create QKEY with MSB set, the below new module parameter was added to ib_uverbs module:

  • Module Parameter: enforce_qkey_check

  • Description: Force QKEY MSB check for non-privileged user on UD QP creation

  • Default: 0 (disabled)

Note: In this release, this module parameter is disabled by default to ensure backward compatibility and give customers the opportunity to update their applications accordingly. In the upcoming release, it will be enabled by default, and later on deprecated.

Feature/Change

Description

22.38.1002

INT Packets

Added support for forwarding INT packets to the user application for monitoring purposes by matching the BTH acknowledge request bit (bth_a).

IPsec CPS Bulk Allocation

Improved the IPsec CPS by using bulk allocation.

For cases in which log_obj_range == 0, single IPSEC object will be allocated and initialized as before keeping backward compatibility.

For better performance, it is recommended to work with IPsec bulk allocation and to initialize IPsec ASO context not via the firmware but via the hardware using ASO WQE.

QKEY Mitigation in the Kernel

Non-privileged users are now blocked by default from setting controlled/privileged QKEYs (QKEY with MSB set).

Bug Fixes

See Bug Fixes in this Firmware Version section.

© Copyright 2024, NVIDIA. Last updated on Aug 14, 2024.