NVIDIA ConnectX-7 Adapter Cards Firmware Release Notes v28.35.2000 LTS
NVIDIA ConnectX-5 Adapter Cards Firmware Release Notes v16.35.3502 LTS

Changes and New Feature History

Feature/Change

Description

28.35.1012

UDP

Added support for copy modify header steering action to/from the UDP field.

Range based Lookup

Added support for range based lookup. This new capability is available using the following new PRM command:

GENERATE WQE which receives GTA WQE, the command supports "match on range" and num_hash_definer=[1,2] and num_match_ste=[1,2].

For further information, refer to section "RTC Object Format" in the PRM.

RoCE based VM Migration

Added support for RoCE based VM migration.

Resource Dump

Added the following resource dump segments:

  • SEG_HW_STE_FULL that includes dump to STE and all its dependencies

  • SEG_FW_STE_FULL that include dump to FW_STE and to HW_STE_FULL in range

Striding WQE - Headroom and Tail-room

As the software requires additional space before and after a packet is scattered for its processing for stridden RQ, the hardware will allocate the required room while scattering packets to spare a copy.

Connections per Second (CPS)

Improved security offload's Connections per Second (CPS) rate using the general object DEK (PSP TLS etc).

VF Migration Flow

Added support for pre-copy commands in VF migration flow in order to reduce the migration downtime.

VF Migration Flow

Optimized performance to support full VF migration flow.

VirtIO vDPA Performance Virtualization

Increased the VirtIO hardware offload message rate to 20/20 MPPS for 256 virtual devices by optimizing the datapath application code.

PTP: Accuracy Scheduling

Added support for all PTP/accuracy scheduling.

RoCE: Adaptive Timer

Enabled ADP timer to allow the user to configure RC or DC qp_timeout values lower than 16.

QoS Priority Trust Default State

QoS priority trust default state can now be changed using the new nvconfig below:

  • QOS_TRUST_STATE_P1

  • QOS_TRUST_STATE_P2

The values that can be used to set the default state are:

  • TRUST_PORT

  • TRUST_PCP

  • TRUST_DSCP

  • TRUST_DSCP_PCP

Bug Fixes

See Bug Fixessection.

28.34.4000

Bug Fixes

See Bug Fixessection.

28.34.1002

MACsec Full Offload

Enabled MACsec full offload for NIC tables (aware mode). UnTil now full offload was available only for FDB tables.

LLDP Properties Implementation on RDE

Added LLDPEnable, LLDPTransmit and LLDPReceive properties to the RDE Port schema implementation.

Programmable CC, PPCC, MAD, IBCC

Added support for PPCC register with bulk operations, MAD for algorithm configuration and tunable parameters.

Programmable Congestion Control (PCC)

Optimized both of the DPA's infrastructure and algorithm to be Programmable CC based.

Programmable Counters

Added support for programmable counters for PCC via PPCC register and MAD.

Bug Fixes

See Bug Fixessection.

28.33.4030

Firmware Based Attestation Flow

Attestation is a cryptographic reporting of the security configuration of a device, used by a platform to establish trust in the device. The device’s security configuration includes (but is not limited to) its identity, the code it is running and the states of security related mechanisms and assets.

This new capability enables BMC to attest the device over SPDM protocol. The feature works for secure NICs with production certificates installed. SPDM protocol is defined in DMTF DSP0274 v1.1.0.

Currently the following SPDM commands are supported:

  • GET_VERSION

  • GET_CAPABILITIES

  • NEGOTIATE_ALGORITHMS

  • GET_DIGESTS

  • GET_CERTIFICATE

Since CHALLENGE and GET_MEASUREMENTS are not functional yet, when they are called, the NIC will respond with RESPONSE_NOT_READY.

Cables

Added support for 100G & 200G optical cables (InfiniBand & Ethernet).

Please note this support comes with a limitation when connecting ConnectX-7 to a ConnectX-6 Dx or an NVIDIA Spectrum-3 as described in Known Issues 3070409.

Bug Fixes

See Bug Fixessection.

28.33.2028

General

This is the initial firmware release of NVIDIA® ConnectX®-7 adapter cards.

ConnectX-7 has the same feature set as ConnectX-6 adapter card.For the list of the ConnectX-6 firmware features, please see ConnectX-6 Firmware Release Notes.

The features described here are new features in addition to the ConnectX-6 set.

200Gb/s Throughput on Crypto Capable Devices

Enabled 200Gb/s out-of-the-box throughput on crypto capable devices.

Note: If any crypto offloads is in use, 200Gb/s throughput can be achieved only after the next firmware reset

VF Migration

Added support for VF migration. The hypervisor can now suspend its VF, meaning from that point the VF cannot perform action such as send/receive traffic or run any command. In this firmware version only the suspend resume mode is supported (on the same VM).

MADs

Added a new MAD of class SMP that has the attributes hierarchy_Info as defined in the IB Specification and is used to query the hierarchy information stored on the node and the physical port.

VF Migration

Added support for VF migration.

DCS Offload

[Beta] A single DCI can be connected to only one target at the time and cannot start new connection until the previous work request is completed. To avoid delays that occur when the initiator process needs to transfer data to multiple targets at the same time, a new offload process (DCS) is introduced to handle and spread the work request on many DCIs according to destinations.
The DCS offload reduces the load from the CPU and improves performance.

Note: In this firmware version, the following actions are not supported:

  • Signature Handover Operations

  • Requestor retransmission on signature mkeys

  • rts2rts – In rare cases can move the QP to an undefined state

Strided KLM

Added support for large strided KLM (KLM is an MKEY asses mode which allows MKEYs usage with different window size).

NV Configurations via the Relevant Reset Flow

Added pci_rescan_needed field to the MFRL access register to indicate whether a PCI rescan is needed based on the NV configurations issued by the software.
Note: If the Keep Link Up NV configuration is changed, phyless reset will be blocked.

ICM Pages

Added a new register (vhca_icm_ctrl access_reg) to enable querying and limiting the ICM pages in use.

Livefish Mode

Enables the user to burn firmware via MTUSB when in livefish mode.

Media Access Control Security Offload

Media Access Control Security Offload allows the NIC to accelerate Macsec operation. Macsec offload handles packets inline - as they go through the NIC.

For inbound packets, the host receives plaintext packets (for instance MAC|ETH|IP|TCP) while on the network these packets are encrypted + authenticated and encapsulated within an SecTag header and vice versa for outbound packets.

NetworkPort Schema Replacement

Replaced the deprecated NetworkPort schema with Port schema in NIC RDE implementation.

Steering Definer

Added support for creating a steering definer with a dword selector using create_match_definer_object and the "SELECT" format.

XRQ QP Errors Enhancements

Enhanced the XRQ QP error information provided to the user in case QP goes into an error state. In such case, QUERY_QP will provide information on the syndrome type and which side caused
the error.

HW Steering: WQE Insertion Rules

[Beta] Added HW Steering support for the following:

  • set, add and copy inline STC action

  • set and copy actions for several fields using modify_pattern object and inline stc modify action

  • FDB mode in HW steering using FDB_RX and FDB_TX flow table types

  • ASO flow meter action via STC

  • flow counter query using ASO WQE

  • allocation of large bulks for the objects: STE, ASO flow meter and modify argument

  • jumbo match RTC

  • count action in STC

ibstat

Updated the ibstat status reported when the phy link is down. Now QUERY_VPORT_STATE.max_tx_speed of UPLINK will not be reported as 0 anymore.

Congestion Control

Enabled APU based programmable congestion control capability with multiple algorithm.

ZTRCC

Added support for advanced ZTR_RTTCC algorithm based on the Programmable CC platform to achieve better congestion control without dependency on the switch ECN marking.

SMPs

Disabled the option to send SMPs from unauthorized hosts.

SW Steering Cache

Modified the TX or RX cache invalidation behavior. TX or RX cache invalidation now does not occur automatically but only when the software performs the sync operation using the using sync_steering command.

Mega Allocations in Bulk Allocator Mechanism

Modified the maximum bulk size per single allocation from "log_table_size - log_num_unisizes", to allocate any range size, to remove limitations that HWS objects such as counters and modify arguments might encounter.

SNAPI: Comm-Channel

Added support for SNAPI (comm-channel) connection while running on raw ETH link.

Changing all the Crypto Features to Wrapped or Cleartext

Crypto features can be in either wrapped or unwrapped mode. Meaning, the key can be wrapped or in plaintext when running the CREATE_DEK PRM command. To comply with the requirements specified in FIPS publication, all the created DEKs must be wrapped.

This feature adds new NV_CONFIG per device to control this mode, and enables the user to change all the crypto features to wrapped or cleartext.

ICM Direct Access by the Software to write/modify the DEK Objects

[Beta] This new capability enables the software to directly access ICM and write/modify the DEK objects. Such change improves the DEK object update rate by re-using DEK object instead of creating a new one.

In addition, added the following:

  • New for DEK object: bulk allocation, modify_dek cmd, and new mode - sw_wrapped.

  • New general object INT_KEK

Page Tracking During VM Migration

To allow page tracking during VM migration, this new capability enables the user to mark all the modified pages and report them to the software, in order to copy the memory without stopping the VM, and only copy a small amount of pages (the ones that were modified in the last iteration) after stopping the VM.

© Copyright 2023, NVIDIA. Last updated on May 23, 2023.