User Defined Keys
User defined keys (UDKs) allow defining custom byte keys—that is, groups of bytes that can be matched to a predefined point in the packet (an extraction point, e.g. the start of a MAC header, or an IP header)—which is useful when wanting to make a match with a part of the packet which does not have a dedicated key.
The maximum number of UDKs is 4.
An extraction point may be defined for each packet type in a UDK. For each extraction point, an offset (from the beginning of the extraction) is defined.
To be able to modify a UDK after attaching it to an ACL rule, it is first necessary to un-match the UDK from the ACL, and then change the match mode of the UDK to none using the command “no udk match mode”.
Defining a UDK affects the throughput for packets equal or smaller than 128 bytes.
To set UDK with ACL on a specific field:
Define new user defined key called ipv4_udk. Run:
switch
(config) # udk ipv4_udkswitch
(config udk ipv4_udk) # exitSet user defined key ipv4_udk to match on IPV4 header in offset 4 bytes from start of header. Run:
switch
(config) # udk ipv4_udk extraction point mode l3 packet type ipv4 extraction point start-of-header offset4
Set the len (in bytes) of the field to match on. Run:
switch
(config) # udk ipv4_udk len2
Set the user defined key to work with access list. Run:
switch
(config) # udk ipv4_udk match mode aclDefine new access list table called my_acl_table. Run:
switch
(config) # ipv4-udk access-list my_acl_tableSet new rule on the access list table with the previously defined user defined key to match 0x1234. Run:
switch
(config) # ipv4-udk access-list my_acl_table permit ip any any udk ipv4_udk0x1234
Bind the access list table to an ethernet interface. Run:
switch
(config) #interface
ethernet1
/1
ipv4-udk port access-group my_acl_table
udk
udk <udk-name> Creates user defined key. | ||
udk-name | String | |
Default | N/A | |
Configuration Mode | config | |
History | 3.6.5000 | |
Example | switch (config)# udk udk_name | |
Related Commands | ||
Notes | Defining UDK affects the throughput for packets equal or smaller than 128 bytes. |
match mode
match mode <match-mode> Configures user defined key match mode. | ||
Syntax Description | match-mode | Possible values:
|
Default | None | |
Configuration Mode | config udk | |
History | 3.6.5000 | |
Example | switch (config udk udk_name)# match mode all | |
Related Commands | udk <udk-name> | |
Notes |
extraction point
extraction point mode <mode> [packet type <type> [extraction point <point> [offset <offset>]]] Configures user-defined key extraction point mode. | ||
Syntax Description | mode | Possible values:
|
packet type | Sets user defined key packet type. Possible values:
| |
extraction point | Sets user defined key extraction point. Possible values for:
| |
offset | Sets user defined key extraction point offset | |
Default | Mode: l3 | |
Configuration Mode | config udk | |
History | 3.6.5000 | |
Example | switch (config udk udk_name)# extraction point mode l3 packet type ipv4 extraction point start-of-header offset 2 | |
Related Commands | udk <udk-name> | |
Notes |
len
len <length> Configures user-defined key length. | ||
Syntax Description | length | Range: 1-4 |
Default | 4 | |
Configuration Mode | config udk | |
History | 3.6.5000 | |
Example | switch (config udk udk_name)# len 4 | |
Related Commands | udk <udk-name> | |
Notes |
show udk
show udk [<udk-name>] Displays summary for user-defined keys. | ||
Syntax Description | udk-name | Displays information about specific UDK |
Default | N/A | |
Configuration Mode | Any command mode | |
History | 3.6.5000 | |
Example | switch (config)# show udk UDK name: udk_name | |
Related Commands | udk <udk-name> | |
Notes |