User Defined Keys
User defined keys (UDKs) allow defining custom byte keys—that is, groups of bytes that can be matched to a predefined point in the packet (an extraction point, e.g. the start of a MAC header, or an IP header)—which is useful when wanting to make a match with a part of the packet which does not have a dedicated key.
The maximum number of UDKs is 4.
An extraction point may be defined for each packet type in a UDK. For each extraction point, an offset (from the beginning of the extraction) is defined.
To be able to modify a UDK after attaching it to an ACL rule, it is first necessary to un-match the UDK from the ACL, and then change the match mode of the UDK to none using the command “no udk match mode”.
Defining a UDK affects the throughput for packets equal or smaller than 128 bytes.
To set UDK with ACL on a specific field:
Define new user defined key called ipv4_udk. Run:
switch
(config) # udk ipv4_udkswitch
(config udk ipv4_udk) # exitSet user defined key ipv4_udk to match on IPV4 header in offset 4 bytes from start of header. Run:
switch
(config) # udk ipv4_udk extraction point mode l3 packet type ipv4 extraction point start-of-header offset4
Set the len (in bytes) of the field to match on. Run:
switch
(config) # udk ipv4_udk len2
Set the user defined key to work with access list. Run:
switch
(config) # udk ipv4_udk match mode aclDefine new access list table called my_acl_table. Run:
switch
(config) # ipv4-udk access-list my_acl_tableSet new rule on the access list table with the previously defined user defined key to match 0x1234. Run:
switch
(config) # ipv4-udk access-list my_acl_table permit ip any any udk ipv4_udk0x1234
Bind the access list table to an ethernet interface. Run:
switch
(config) #interface
ethernet1
/1
ipv4-udk port access-group my_acl_table
udk
udk <udk-name> no udk <udk-name> Creates user defined key. The no form of the command deletes user defined key. |
||
|
udk-name |
String |
Default |
N/A |
|
Configuration Mode |
config |
|
History |
3.6.5000 |
|
Example |
switch (config)# udk udk_name |
|
Related Commands |
||
Notes |
Defining UDK affects the throughput for packets equal or smaller than 128 bytes. |
match mode
match mode <match-mode> no match mode Configures user defined key match mode. The no form of the command resets this parameter to its default. |
||
Syntax Description |
match-mode |
Possible values:
|
Default |
None |
|
Configuration Mode |
config udk |
|
History |
3.6.5000 |
|
Example |
switch (config udk udk_name)# match mode all |
|
Related Commands |
udk <udk-name> |
|
Notes |
extraction point
extraction point mode <mode> [packet type <type> [extraction point <point> [offset <offset>]]] Configures user-defined key extraction point mode. |
||
Syntax Description |
mode |
Possible values:
|
packet type |
Sets user defined key packet type. Possible values:
|
|
extraction point |
Sets user defined key extraction point. Possible values for:
|
|
offset |
Sets user defined key extraction point offset Range: 0-126 (even values) |
|
Default |
Mode: l3 Default extraction point per packet type: L2: start-of-header ARP; IPv4; IPv6: start-of-header UDP: start-of-payload Offset: 0 |
|
Configuration Mode |
config udk |
|
History |
3.6.5000 |
|
Example |
switch (config udk udk_name)# extraction point mode l3 packet type ipv4 extraction point start-of-header offset 2 |
|
Related Commands |
udk <udk-name> |
|
Notes |
len
len <length> Configures user-defined key length. |
||
Syntax Description |
length |
Range: 1-4 |
Default |
4 |
|
Configuration Mode |
config udk |
|
History |
3.6.5000 |
|
Example |
switch (config udk udk_name)# len 4 |
|
Related Commands |
udk <udk-name> |
|
Notes |
show udk
show udk [<udk-name>] Displays summary for user-defined keys. |
||
Syntax Description |
udk-name |
Displays information about specific UDK |
Default |
N/A |
|
Configuration Mode |
Any command mode |
|
History |
3.6.5000 |
|
Example |
switch (config)# show udk UDK name: udk_name |
|
Related Commands |
udk <udk-name> |
|
Notes |