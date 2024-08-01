On This Page
User Defined Keys
User defined keys (UDKs) allow defining custom byte keys—that is, groups of bytes that can be matched to a predefined point in the packet (an extraction point, e.g. the start of a MAC header, or an IP header)—which is useful when wanting to make a match with a part of the packet which does not have a dedicated key.
The maximum number of UDKs is 4.
An extraction point may be defined for each packet type in a UDK. For each extraction point, an offset (from the beginning of the extraction) is defined.
To be able to modify a UDK after attaching it to an ACL rule, it is first necessary to un-match the UDK from the ACL, and then change the match mode of the UDK to none using the command “no udk match mode”.
Defining a UDK affects the throughput for packets equal or smaller than 128 bytes.
To set UDK with ACL on a specific field:
Define new user defined key called ipv4_udk. Run:
switch(config) # udk ipv4_udk
switch(config udk ipv4_udk) # exit
Set user defined key ipv4_udk to match on IPV4 header in offset 4 bytes from start of header. Run:
switch(config) # udk ipv4_udk extraction point mode l3 packet type ipv4 extraction point start-of-header offset
4
Set the len (in bytes) of the field to match on. Run:
switch(config) # udk ipv4_udk len
2
Set the user defined key to work with access list. Run:
switch(config) # udk ipv4_udk match mode acl
Define new access list table called my_acl_table. Run:
switch(config) # ipv4-udk access-list my_acl_table
Set new rule on the access list table with the previously defined user defined key to match 0x1234. Run:
switch(config) # ipv4-udk access-list my_acl_table permit ip any any udk ipv4_udk
0x1234
Bind the access list table to an ethernet interface. Run:
switch(config) #
interfaceethernet
1/
1ipv4-udk port access-group my_acl_table
udk
udk <udk-name>
no udk <udk-name>
Creates user defined key.
The no form of the command deletes user defined key.
udk-name
String
Default
N/A
Configuration Mode
config
History
3.6.5000
Example
switch (config)# udk udk_name
Related Commands
Notes
Defining UDK affects the throughput for packets equal or smaller than 128 bytes.
match mode
match mode <match-mode>
no match mode
Configures user defined key match mode.
The no form of the command resets this parameter to its default.
Syntax Description
match-mode
|
Possible values:
Default
None
Configuration Mode
config udk
History
3.6.5000
Example
switch (config udk udk_name)# match mode all
Related Commands
udk <udk-name>
Notes
extraction point
extraction point mode <mode> [packet type <type> [extraction point <point> [offset <offset>]]]
Configures user-defined key extraction point mode.
Syntax Description
mode
|
Possible values:
packet type
|
Sets user defined key packet type. Possible values:
extraction point
Sets user defined key extraction point. Possible values for:
|
offset
|
Sets user defined key extraction point offset
Range: 0-126 (even values)
Default
Mode: l3
Default extraction point per packet type:
L2: start-of-header
ARP; IPv4; IPv6: start-of-header
UDP: start-of-payload
Offset: 0
Configuration Mode
config udk
History
3.6.5000
Example
switch (config udk udk_name)# extraction point mode l3 packet type ipv4 extraction point start-of-header offset 2
Related Commands
udk <udk-name>
Notes
len
len <length>
Configures user-defined key length.
Syntax Description
length
|
Range: 1-4
Default
4
Configuration Mode
config udk
History
3.6.5000
Example
switch (config udk udk_name)# len 4
Related Commands
udk <udk-name>
Notes
show udk
show udk [<udk-name>]
Displays summary for user-defined keys.
Syntax Description
udk-name
|
Displays information about specific UDK
Default
N/A
Configuration Mode
Any command mode
History
3.6.5000
Example
switch (config)# show udk
UDK name: udk_name
Related Commands
udk <udk-name>
Notes