User Defined Keys

NVIDIA Onyx User Manual v3.10.4006

User defined keys (UDKs) allow defining custom byte keys—that is, groups of bytes that can be matched to a predefined point in the packet (an extraction point, e.g. the start of a MAC header, or an IP header)—which is useful when wanting to make a match with a part of the packet which does not have a dedicated key.

Warning

The maximum number of UDKs is 4.

An extraction point may be defined for each packet type in a UDK. For each extraction point, an offset (from the beginning of the extraction) is defined.

To be able to modify a UDK after attaching it to an ACL rule, it is first necessary to un-match the UDK from the ACL, and then change the match mode of the UDK to none using the command “no udk match mode”.

Warning

Defining a UDK affects the throughput for packets equal or smaller than 128 bytes.

To set UDK with ACL on a specific field:

  1. Define new user defined key called ipv4_udk. Run:

    Copy
    Copied!
                

    switch (config) # udk ipv4_udk switch (config udk ipv4_udk) # exit

  2. Set user defined key ipv4_udk to match on IPV4 header in offset 4 bytes from start of header. Run:

    Copy
    Copied!
                

    switch (config) # udk ipv4_udk extraction point mode l3 packet type ipv4 extraction point start-of-header offset 4

  3. Set the len (in bytes) of the field to match on. Run:

    Copy
    Copied!
                

    switch (config) # udk ipv4_udk len 2

  4. Set the user defined key to work with access list. Run:

    Copy
    Copied!
                

    switch (config) # udk ipv4_udk match mode acl

  5. Define new access list table called my_acl_table. Run:

    Copy
    Copied!
                

    switch (config) # ipv4-udk access-list my_acl_table

  6. Set new rule on the access list table with the previously defined user defined key to match 0x1234. Run:

    Copy
    Copied!
                

    switch (config) # ipv4-udk access-list my_acl_table permit ip any any udk ipv4_udk 0x1234

  7. Bind the access list table to an ethernet interface. Run:

    Copy
    Copied!
                

    switch (config) # interface ethernet 1/1 ipv4-udk port access-group my_acl_table

udk

udk <udk-name>

no udk <udk-name>

Creates user defined key.

The no form of the command deletes user defined key.

Syntax Description

udk-name

String

Default

N/A

Configuration Mode

config

History

3.6.5000

Example

switch (config)# udk udk_name

switch (config udk udk_name)#

Related Commands

Notes

Defining UDK affects the throughput for packets equal or smaller than 128 bytes.


match mode

match mode <match-mode>

no match mode

Configures user defined key match mode.

The no form of the command resets this parameter to its default.

Syntax Description

match-mode

Possible values:

  • acl

  • all

  • ecmp

Default

None

Configuration Mode

config udk

History

3.6.5000

Example

switch (config udk udk_name)# match mode all

Related Commands

udk <udk-name>

Notes


extraction point

extraction point mode <mode> [packet type <type> [extraction point <point> [offset <offset>]]]

Configures user-defined key extraction point mode.

Syntax Description

mode

Possible values:

  • l2

  • l3

  • l4

packet type

Sets user defined key packet type. Possible values:

  • For L2: l2

  • For L3: arp; ipv4; ipv6

  • For L4: udp

extraction point

Sets user defined key extraction point. Possible values for:

  • l2: l2-ether-type; start-of-header

  • arp: start-of-header

  • ipv4; ipv6: start-of-header; start-of-payload

  • udp: start-of-payload

offset

Sets user defined key extraction point offset

Range: 0-126 (even values)

Default

Mode: l3

Default extraction point per packet type:

L2: start-of-header

ARP; IPv4; IPv6: start-of-header

UDP: start-of-payload

Offset: 0

Configuration Mode

config udk

History

3.6.5000

Example

switch (config udk udk_name)# extraction point mode l3 packet type ipv4 extraction point start-of-header offset 2

Related Commands

udk <udk-name>

Notes


len

len <length>

Configures user-defined key length.

Syntax Description

length

Range: 1-4

Default

4

Configuration Mode

config udk

History

3.6.5000

Example

switch (config udk udk_name)# len 4

Related Commands

udk <udk-name>

Notes


show udk

show udk [<udk-name>]

Displays summary for user-defined keys.

Syntax Description

udk-name

Displays information about specific UDK

Default

N/A

Configuration Mode

Any command mode

History

3.6.5000

Example

switch (config)# show udk
UDK name: udk_name

Match mode: none

Length: 4

Extraction mode: l3

IPv4 extraction point: start-of-header

IPv4 offset: 22

IPv6 extraction point: start-of-header

IPv6 offset: 0

ARP extraction point: start-of-header

ARP offset: 0

Related Commands

udk <udk-name>

Notes


© Copyright 2023, NVIDIA. Last updated on Mar 5, 2024.