User defined keys (UDKs) allow defining custom byte keys—that is, groups of bytes that can be matched to a predefined point in the packet (an extraction point, e.g. the start of a MAC header, or an IP header)—which is useful when wanting to make a match with a part of the packet which does not have a dedicated key.
The maximum number of UDKs is 4.
An extraction point may be defined for each packet type in a UDK. For each extraction point, an offset (from the beginning of the extraction) is defined.
To be able to modify a UDK after attaching it to an ACL rule, it is first necessary to un-match the UDK from the ACL, and then change the match mode of the UDK to none using the command “no udk match mode”.
Defining a UDK affects the throughput for packets equal or smaller than 128 bytes.
Configuring UDK
To set UDK with ACL on a specific field:
-
Define new user defined key called ipv4_udk. Run:
switch (config) # udk ipv4_udk switch (config udk ipv4_udk) # exit
-
Set user defined key ipv4_udk to match on IPV4 header in offset 4 bytes from start of header. Run:
switch (config) # udk ipv4_udk extraction point mode l3 packet type ipv4 extraction point start-of-header offset 4
-
Set the len (in bytes) of the field to match on. Run:
switch (config) # udk ipv4_udk len 2
-
Set the user defined key to work with access list. Run:
switch (config) # udk ipv4_udk match mode acl
-
Define new access list table called my_acl_table. Run:
switch (config) # ipv4-udk access-list my_acl_table
-
Set new rule on the access list table with the previously defined user defined key to match 0x1234. Run:
switch (config) # ipv4-udk access-list my_acl_table permit ip any any udk ipv4_udk 0x1234
-
Bind the access list table to an ethernet interface. Run:
switch (config) # interface ethernet 1/1 ipv4-udk port access-group my_acl_table
UDK Commands
udk
|
|
udk <udk-name>
Creates user defined key.
|
|
Syntax Description
|
udk-name |
String |
|
Default |
N/A |
|
|
Configuration Mode |
config |
|
|
History |
3.6.5000 |
|
|
Example |
switch (config)# udk udk_nameswitch (config udk udk_name)# |
|
|
Related Commands |
|
|
|
Notes |
Defining UDK affects the throughput for packets equal or smaller than 128 bytes. |
|
match mode
|
|
match mode <match-mode>
Configures user defined key match mode.
|
|
|
Syntax Description |
match-mode |
Possible values:
|
|
Default |
None |
|
|
Configuration Mode |
config udk |
|
|
History |
3.6.5000 |
|
|
Example |
switch (config udk udk_name)# match mode all |
|
|
Related Commands |
udk <udk-name> |
|
|
Notes |
|
|
extraction point
|
|
extraction point mode <mode> [packet type <type> [extraction point <point> [offset <offset>]]] Configures user-defined key extraction point mode. |
|
|
Syntax Description |
mode |
Possible values:
|
|
packet type |
Sets user defined key packet type. Possible values:
|
|
|
extraction point |
Sets user defined key extraction point. Possible values for:
|
|
|
offset |
Sets user defined key extraction point offset
|
|
|
Default |
Mode: l3
|
|
|
Configuration Mode |
config udk |
|
|
History |
3.6.5000 |
|
|
Example |
switch (config udk udk_name)# extraction point mode l3 packet type ipv4 extraction point start-of-header offset 2 |
|
|
Related Commands |
udk <udk-name> |
|
|
Notes |
|
|
len
|
|
len <length> Configures user-defined key length. |
|
|
Syntax Description |
length |
Range: 1-4 |
|
Default |
4 |
|
|
Configuration Mode |
config udk |
|
|
History |
3.6.5000 |
|
|
Example |
switch (config udk udk_name)# len 4 |
|
|
Related Commands |
udk <udk-name> |
|
|
Notes |
|
|
show udk
|
|
show udk [<udk-name>] Displays summary for user-defined keys. |
|
|
Syntax Description |
udk-name |
Displays information about specific UDK |
|
Default |
N/A |
|
|
Configuration Mode |
Any command mode |
|
|
History |
3.6.5000 |
|
|
Example |
switch (config)# show udk UDK name: udk_nameMatch mode: noneLength: 4Extraction mode: l3IPv4 extraction point: start-of-headerIPv4 offset: 22IPv6 extraction point: start-of-headerIPv6 offset: 0ARP extraction point: start-of-headerARP offset: 0 |
|
|
Related Commands |
udk <udk-name> |
|
|
Notes |
|
|
Last updated: