Changes and New Feature History

NVIDIA ConnectX-6 Dx Adapter Cards Firmware Release Notes v22.39.2048 LTS

This section includes history of changes and new feature of 3 major releases back. For older releases history, please refer to the relevant firmware versions.




Expansion ROM

Added a caching mechanism to improved expansion ROM performance and to avoid any slow boot occurrences when loading the expansion ROM driver.

Live Migration Support for Image Size above 4GB

Added support for image size above 4GB when performing a live migration by splitting the image to chunks.

Crypto Algorithms

Extended the role-based authentication to cover all crypto algorithms. Now the TLS. IPsec. MACsec. GCM, mem2mem, and NISP work when nv_crypto_conf.crypto_policy = CRYPTO_POLICY_FIPS_LEVEL_2, meaning all cryptographic engines can also work in wrapped mode and not only in plaintext mode.

Programmable Congestion Control

Programmable Congestion Control is now the default CC mechanism. ZTR_RTTCC is the default CC algorithm when ECE is enabled and the CC algorithm negotiation succeeds, otherwise PCC DCQCN will be used.

Reserved mkey

Added new support for reserved mkey index range. When enabled, a range of mkey indexes is reserved for mkey by name use.

Bug Fixes

See Bug Fixes in this Firmware Version section.




QKEY Mitigation in the Kernel

QKEY creation with the MSB set is available now for non-privileged users as well.

To allow non-privileged users to create QKEY with MSB set, the below new module parameter was added to ib_uverbs module:

  • Module Parameter: enforce_qkey_check

  • Description: Force QKEY MSB check for non-privileged user on UD QP creation

  • Default: 0 (disabled)

Note: In this release, this module parameter is disabled by default to ensure backward compatibility and give customers the opportunity to update their applications accordingly. In the upcoming release, it will be enabled by default, and later on deprecated.




INT Packets

Added support for forwarding INT packets to the user application for monitoring purposes by matching the BTH acknowledge request bit (bth_a).

IPsec CPS Bulk Allocation

Improved the IPsec CPS by using bulk allocation.

For cases in which log_obj_range == 0, single IPSEC object will be allocated and initialized as before keeping backward compatibility.

For better performance, it is recommended to work with IPsec bulk allocation and to initialize IPsec ASO context not via the firmware but via the hardware using ASO WQE.

QKEY Mitigation in the Kernel

Non-privileged users are now blocked by default from setting controlled/privileged QKEYs (QKEY with MSB set).

Bug Fixes

See Bug Fixes in this Firmware Version section.




Mergeable Buffer

Added mergeable buffer support (VIRTIO_NET_F_MRG_RXBUF in virtio spec) for VDPA kernel mode to improve performance in case of large MTU such as 9K. The feature is disabled by default and must be manually enabled while creating or modifying the virtio device.

Note: For best performance, it is NOT recommended to enable the feature if the VDPA MTU is set to the default value (1500).

Monitoring Cloud Guest RoCE Statistics on Cloud Provider

This new capability enables the VM to track and limit its Vport's activity. This is done using the new q_counters counter which enables aggregation of other Vport's from PF GVMI.

Linux Bridge Offload

Added a flow rule that enables offloading of multicast traffic by broadcasting it to multi-Flow-Table in FDB.

PCC Algorithms

Enables a smooth and statically switch between PCC algorithms. In addition, the user can now switch between PCC algorithms while running traffic.

PCC Firmware Trace

Added support for running PCC firmware trace without saving and sending the DB strings to the tool with the following changes:

  • Added new string section to the user PCC image creation tool

  • Added the new PCC DB strings to MTRC access registers output

  • On the tool's part: added support to reading the string.db using the MTRC access registers

Hardware Steering: Bulk Allocation

Added support for 32 actions in the header modify pattern using bulk allocation.

InfiniBand Congestion Control - RTT Response Service Level

The software can explicitly set the SL of an RTT response packet, instead of it being taken from the RTT request packet's SL.

The RTT response packet SL may be set/queried via the CONGESTION_CONTROL_HCA_NP_PARAMETER MAD.

Bug Fixes

See Bug Fixes in this Firmware Version section.





Enabled provisioning of the OEM public key that is used for OEM NVconfig file signature verification.

Bug Fixes

See Bug Fixes in this Firmware Version section.

© Copyright 2023, NVIDIA. Last updated on Dec 11, 2023.