NVIDIA Onyx User Manual v3.10.4006
NVIDIA Onyx User Manual v3.10.4006

User Defined Keys

User defined keys (UDKs) allow defining custom byte keys—that is, groups of bytes that can be matched to a predefined point in the packet (an extraction point, e.g. the start of a MAC header, or an IP header)—which is useful when wanting to make a match with a part of the packet which does not have a dedicated key.

Warning

The maximum number of UDKs is 4.

An extraction point may be defined for each packet type in a UDK. For each extraction point, an offset (from the beginning of the extraction) is defined.

To be able to modify a UDK after attaching it to an ACL rule, it is first necessary to un-match the UDK from the ACL, and then change the match mode of the UDK to none using the command “no udk match mode”.

Warning

Defining a UDK affects the throughput for packets equal or smaller than 128 bytes.

To set UDK with ACL on a specific field:

  1. Define new user defined key called ipv4_udk. Run:

    Copy
    Copied!
                

    switch (config) # udk ipv4_udk switch (config udk ipv4_udk) # exit

  2. Set user defined key ipv4_udk to match on IPV4 header in offset 4 bytes from start of header. Run:

    Copy
    Copied!
                

    switch (config) # udk ipv4_udk extraction point mode l3 packet type ipv4 extraction point start-of-header offset 4

  3. Set the len (in bytes) of the field to match on. Run:

    Copy
    Copied!
                

    switch (config) # udk ipv4_udk len 2

  4. Set the user defined key to work with access list. Run:

    Copy
    Copied!
                

    switch (config) # udk ipv4_udk match mode acl

  5. Define new access list table called my_acl_table. Run:

    Copy
    Copied!
                

    switch (config) # ipv4-udk access-list my_acl_table

  6. Set new rule on the access list table with the previously defined user defined key to match 0x1234. Run:

    Copy
    Copied!
                

    switch (config) # ipv4-udk access-list my_acl_table permit ip any any udk ipv4_udk 0x1234

  7. Bind the access list table to an ethernet interface. Run:

    Copy
    Copied!
                

    switch (config) # interface ethernet 1/1 ipv4-udk port access-group my_acl_table

udk

udk <udk-name>

no udk <udk-name>

Creates user defined key.

The no form of the command deletes user defined key.

Syntax Description

udk-name

String

Default

N/A

Configuration Mode

config

History

3.6.5000

Example

switch (config)# udk udk_name

switch (config udk udk_name)#

Related Commands

Notes

Defining UDK affects the throughput for packets equal or smaller than 128 bytes.


match mode

match mode <match-mode>

no match mode

Configures user defined key match mode.

The no form of the command resets this parameter to its default.

Syntax Description

match-mode

Possible values:

  • acl

  • all

  • ecmp

Default

None

Configuration Mode

config udk

History

3.6.5000

Example

switch (config udk udk_name)# match mode all

Related Commands

udk <udk-name>

Notes


extraction point

extraction point mode <mode> [packet type <type> [extraction point <point> [offset <offset>]]]

Configures user-defined key extraction point mode.

Syntax Description

mode

Possible values:

  • l2

  • l3

  • l4

packet type

Sets user defined key packet type. Possible values:

  • For L2: l2

  • For L3: arp; ipv4; ipv6

  • For L4: udp

extraction point

Sets user defined key extraction point. Possible values for:

  • l2: l2-ether-type; start-of-header

  • arp: start-of-header

  • ipv4; ipv6: start-of-header; start-of-payload

  • udp: start-of-payload

offset

Sets user defined key extraction point offset

Range: 0-126 (even values)

Default

Mode: l3

Default extraction point per packet type:

L2: start-of-header

ARP; IPv4; IPv6: start-of-header

UDP: start-of-payload

Offset: 0

Configuration Mode

config udk

History

3.6.5000

Example

switch (config udk udk_name)# extraction point mode l3 packet type ipv4 extraction point start-of-header offset 2

Related Commands

udk <udk-name>

Notes


len

len <length>

Configures user-defined key length.

Syntax Description

length

Range: 1-4

Default

4

Configuration Mode

config udk

History

3.6.5000

Example

switch (config udk udk_name)# len 4

Related Commands

udk <udk-name>

Notes


show udk

show udk [<udk-name>]

Displays summary for user-defined keys.

Syntax Description

udk-name

Displays information about specific UDK

Default

N/A

Configuration Mode

Any command mode

History

3.6.5000

Example

switch (config)# show udk
UDK name: udk_name

Match mode: none

Length: 4

Extraction mode: l3

IPv4 extraction point: start-of-header

IPv4 offset: 22

IPv6 extraction point: start-of-header

IPv6 offset: 0

ARP extraction point: start-of-header

ARP offset: 0

Related Commands

udk <udk-name>

Notes


© Copyright 2023, NVIDIA. Last updated on Mar 5, 2024.