Changes and New Feature History

NVIDIA ConnectX-5 Adapter Cards Firmware Release Notes v16.35.3502 LTS

Feature/Change

Description

28.34.1002

MACsec Full Offload

Enabled MACsec full offload for NIC tables (aware mode). UnTil now full offload was available only for FDB tables.

LLDP Properties Implementation on RDE

Added LLDPEnable, LLDPTransmit and LLDPReceive properties to the RDE Port schema implementation.

Programmable CC, PPCC, MAD, IBCC

Added support for PPCC register with bulk operations, MAD for algorithm configuration and tunable parameters.

Programmable Congestion Control (PCC)

Optimized both of the DPA's infrastructure and algorithm to be Programmable CC based.

Programmable Counters

Added support for programmable counters for PCC via PPCC register and MAD.

Bug Fixes

See Bug Fixessection.

28.33.4030

Firmware Based Attestation Flow

Attestation is a cryptographic reporting of the security configuration of a device, used by a platform to establish trust in the device. The device’s security configuration includes (but is not limited to) its identity, the code it is running and the states of security related mechanisms and assets.

This new capability enables BMC to attest the device over SPDM protocol. The feature works for secure NICs with production certificates installed. SPDM protocol is defined in DMTF DSP0274 v1.1.0.

Currently the following SPDM commands are supported:

  • GET_VERSION

  • GET_CAPABILITIES

  • NEGOTIATE_ALGORITHMS

  • GET_DIGESTS

  • GET_CERTIFICATE

Since CHALLENGE and GET_MEASUREMENTS are not functional yet, when they are called, the NIC will respond with RESPONSE_NOT_READY.

Cables

Added support for 100G & 200G optical cables (InfiniBand & Ethernet).

Please note this support comes with a limitation when connecting ConnectX-7 to a ConnectX-6 Dx or an NVIDIA Spectrum-3 as described in Known Issues 3070409.

Bug Fixes

See Bug Fixessection.

28.33.2028

General

This is the initial firmware release of NVIDIA® ConnectX®-7 adapter cards.

ConnectX-7 has the same feature set as ConnectX-6 adapter card.For the list of the ConnectX-6 firmware features, please see ConnectX-6 Firmware Release Notes.

The features described here are new features in addition to the ConnectX-6 set.

200Gb/s Throughput on Crypto Capable Devices

Enabled 200Gb/s out-of-the-box throughput on crypto capable devices.

Note: If any crypto offloads is in use, 200Gb/s throughput can be achieved only after the next firmware reset

VF Migration

Added support for VF migration. The hypervisor can now suspend its VF, meaning from that point the VF cannot perform action such as send/receive traffic or run any command. In this firmware version only the suspend resume mode is supported (on the same VM).

MADs

Added a new MAD of class SMP that has the attributes hierarchy_Info as defined in the IB Specification and is used to query the hierarchy information stored on the node and the physical port.

VF Migration

Added support for VF migration.

DCS Offload

[Beta] A single DCI can be connected to only one target at the time and cannot start new connection until the previous work request is completed. To avoid delays that occur when the initiator process needs to transfer data to multiple targets at the same time, a new offload process (DCS) is introduced to handle and spread the work request on many DCIs according to destinations.
The DCS offload reduces the load from the CPU and improves performance.

Note: In this firmware version, the following actions are not supported:

  • Signature Handover Operations

  • Requestor retransmission on signature mkeys

  • rts2rts – In rare cases can move the QP to an undefined state

Strided KLM

Added support for large strided KLM (KLM is an MKEY asses mode which allows MKEYs usage with different window size).

NV Configurations via the Relevant Reset Flow

Added pci_rescan_needed field to the MFRL access register to indicate whether a PCI rescan is needed based on the NV configurations issued by the software.
Note: If the Keep Link Up NV configuration is changed, phyless reset will be blocked.

ICM Pages

Added a new register (vhca_icm_ctrl access_reg) to enable querying and limiting the ICM pages in use.

Livefish Mode

Enables the user to burn firmware via MTUSB when in livefish mode.

Media Access Control Security Offload

Media Access Control Security Offload allows the NIC to accelerate Macsec operation. Macsec offload handles packets inline - as they go through the NIC.

For inbound packets, the host receives plaintext packets (for instance MAC|ETH|IP|TCP) while on the network these packets are encrypted + authenticated and encapsulated within an SecTag header and vice versa for outbound packets.

NetworkPort Schema Replacement

Replaced the deprecated NetworkPort schema with Port schema in NIC RDE implementation.

Steering Definer

Added support for creating a steering definer with a dword selector using create_match_definer_object and the "SELECT" format.

XRQ QP Errors Enhancements

Enhanced the XRQ QP error information provided to the user in case QP goes into an error state. In such case, QUERY_QP will provide information on the syndrome type and which side caused
the error.

HW Steering: WQE Insertion Rules

[Beta] Added HW Steering support for the following:

  • set, add and copy inline STC action

  • set and copy actions for several fields using modify_pattern object and inline stc modify action

  • FDB mode in HW steering using FDB_RX and FDB_TX flow table types

  • ASO flow meter action via STC

  • flow counter query using ASO WQE

  • allocation of large bulks for the objects: STE, ASO flow meter and modify argument

  • jumbo match RTC

  • count action in STC

ibstat

Updated the ibstat status reported when the phy link is down. Now QUERY_VPORT_STATE.max_tx_speed of UPLINK will not be reported as 0 anymore.

Congestion Control

Enabled APU based programmable congestion control capability with multiple algorithm.

ZTRCC

Added support for advanced ZTR_RTTCC algorithm based on the Programmable CC platform to achieve better congestion control without dependency on the switch ECN marking.

SMPs

Disabled the option to send SMPs from unauthorized hosts.

SW Steering Cache

Modified the TX or RX cache invalidation behavior. TX or RX cache invalidation now does not occur automatically but only when the software performs the sync operation using the using sync_steering command.

Mega Allocations in Bulk Allocator Mechanism

Modified the maximum bulk size per single allocation from "log_table_size - log_num_unisizes", to allocate any range size, to remove limitations that HWS objects such as counters and modify arguments might encounter.

SNAPI: Comm-Channel

Added support for SNAPI (comm-channel) connection while running on raw ETH link.

Changing all the Crypto Features to Wrapped or Cleartext

Crypto features can be in either wrapped or unwrapped mode. Meaning, the key can be wrapped or in plaintext when running the CREATE_DEK PRM command. To comply with the requirements specified in FIPS publication, all the created DEKs must be wrapped.

This feature adds new NV_CONFIG per device to control this mode, and enables the user to change all the crypto features to wrapped or cleartext.

ICM Direct Access by the Software to write/modify the DEK Objects

[Beta] This new capability enables the software to directly access ICM and write/modify the DEK objects. Such change improves the DEK object update rate by re-using DEK object instead of creating a new one.

In addition, added the following:

  • New for DEK object: bulk allocation, modify_dek cmd, and new mode - sw_wrapped.

  • New general object INT_KEK

Page Tracking During VM Migration

To allow page tracking during VM migration, this new capability enables the user to mark all the modified pages and report them to the software, in order to copy the memory without stopping the VM, and only copy a small amount of pages (the ones that were modified in the last iteration) after stopping the VM.

© Copyright 2023, NVIDIA. Last updated on May 23, 2023.