A maximum of two independent key tests per frame can be performed.
Single access
If only one key test per frame is defined, Access=Single is used in the KeyType command.
- A maximum of 320 bits are allowed.
- The 320-bit data can consist of 4 blocks: Two 128-bit fields and two 32-bit fields as
shown in the following figure.
- For an exact key match (a value without a mask in KeyLists), the length of the fields can be a maximum of 192 bits.
- For a wild card match (a value with masks in KeyLists), the length of the fields can be a maximum of 320 bits.
// Define fields for key match. Define IPv6SrcField = Field(Layer3Header[8]/128) Define IPv6DstField = Field(Layer3Header[24]/128) Define InnerIPv4Src = Field(InnerLayer3Header[12]/32) Define InnerIpv4Dst = Field(InnerLayer3Header[16]/32) // Define a filter for GTP-U IPv6 traffic containing inner IPv4. Define isIPv6_containing_IPv4 = Filter(TunnelType==GTPv1-U \\ and Layer3Protocol==IPv6 and InnerLayer3Protocol==IPv4) // Define a KeySet identifier. Define A_list = Macro("3") KeyType[name=KT_4tuple; ColorInfo=True; Access=Single] = {128, 128, 32, 32} KeyDef[name=OuterIPv6_innerIPv4; KeyType=KT_4tuple] = (IPv6SrcField, IPv6DstField, InnerIPv4Src, InnerIpv4Dst) Assign[StreamId=0; Descriptor=DYN2] = isIPv6_containing_IPv4 and Key(OuterIPv6_innerIPv4)==A_list KeyList[KeySet = A_list ; Color=100; KeyType=KT_4tuple] = \\ ( {[ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000]:[d7a0:4e95:0:0:0:0:af:0000]}, \\ {[ffff:ffff:ffff:ffff:ffff:ffff:ffff:0000]:[91:92:0:0:0:0:93:94]}, \\ {[ff.ff.ff.00]:[192.168.0.2]}, {[ff.ff.ff.00]:[10.100.1.2]} )Access=Single can be omitted as it is set by default.
Full access and partial access
// Define fields for inner source/destination IPv6 addresses. Define InnerIPv6SrcField = Field(InnerLayer3Header[8]/128) Define InnerIPv6DstField = Field(InnerLayer3Header[24]/128) // Define a filter for GTP-U traffic with inner IPV6. Define isInnerIPv6 = Filter(TunnelType==GTPv1-U and InnerLayer3Protocol==IPv6) KeyType[Name=KT_IPv6; ColorInfo=True; Access=Full] = {128} KeyDef[Name=InnerSrcIPv6; KeyType=KT_IPv6] = (InnerIPv6SrcField) KeyDef[Name=InnerDstIPv6; KeyType=KT_IPv6] = (InnerIPv6DstField) Assign[StreamId=0; Descriptor=DYN2] = isInnerIPv6 AND (Key(InnerSrcIPv6)==3 AND Key(InnerDstIPv6)==4) KeyList[KeySet=3; KeyType=KT_IPv6; Color=23] = ([1234:abcd:0:0:0:0:0:c0ed]) KeyList[KeySet=4; KeyType=KT_IPv6; Color=24] = ([d7a0:4e95:0:0:0:0:af:0000])This NTPL example sets a filter to capture GTP-U traffic which contains IPv6 in the inner layer. One key test is done on the inner source IPv6 address field, and another key test is done on the inner destination IPv6 address field. Two KeyDefs (InnerSrcIPv6 and InnerDstIPv6) are configured to perform two key tests.
- A maximum of 320 bits for two key tests are allowed.
- The 320-bit data consist of 4 blocks: Two 128-bit fields and two 32-bit fields of a
frame as follows.
- If the same KeyType is used for both key tests, a maximum of 160
bits can be selected. Access=Full must be set. This figure shows an
example of Access=Full.
- If two different KeyTypes are used, one KeyType
can be a maximum of 320 bits, and another KeyType can be a maximum of
160 bits. Some fields for two KeyDefs can be duplicated.
Access=Partial must be set. This figure shows an example of
Access=Partial.
- For an exact key match (a value without a mask in the KeyList commands), the length of the fields can be a maximum of 192 bits for one key test and a maximum of 160 bits for another key test.
- For a wild card match (a value with masks in the KeyList commands), the length of the fields for one key test + the length of the fields for another key test can be a maximum of 384 bits.
// Define a filter to capture IPv4 carrying TCP. Define isIPv4_TCP = Filter(Layer3Protocol==IPv4 and Layer4Protocol==TCP) KeyType[Name=KT_IP; Access=Partial; Bank=0] = {32} KeyType[Name=KT_Port; Access=Partial; Bank=1] = {16} KeyDef[Name=SrcIPv4; KeyType=KT_IP] = (Layer3Header[12]/32) KeyDef[Name=SrcPort; KeyType=KT_Port] = (Layer4Header[0]/16) // Match IPv4 in keyset 3 and TCP port in key set 4. Assign[StreamId=0] = isIPv4_TCP AND (Key(SrcIPv4)==3 OR Key(SrcPort)==4) KeyList[KeyType=KT_IP; KeySet=3] = ( [192.168.0.2] ),( {[ff.ff.ff.00]:[192.168.1.2]} ) KeyList[KeyType=KT_Port; KeySet=4] = ( 80 )Bank=0 must be configured in one KeyType command, and Bank=1 must be configured in another KeyType command when Access=Partial is used. The CAM consists of two banks, and the Bank parameter determines which bank to be used for storing values of the corresponding KeyType. See CAM and TCAM for more information on the CAM and the TCAM.
Any keyword
// Define IPv6 source and destination fields. Define IPv6SrcField = Field(Layer3Header[8]/128) Define IPv6DstField = Field(Layer3Header[24]/128) // Define a IPv6 protocol filter. Define isIPv6 = Filter(Layer3Protocol==IPv6) // Define a hash mode for upstream traffic. Define HashUp = Hash(HashWord0_3=IPv6SrcField) // Define another hash mode for downstream traffic. Define HashDown = Hash(HashWord0_3=IPv6DstField) KeyType[name=KT; ColorInfo=True] = {128} KeyDef[name=SrcIPv6; KeyType=KT] = (IPv6SrcField) KeyDef[name=DstIPv6; KeyType=KT] = (IPv6DstField) Assign[StreamId=(0..31); Hash=HashUp; Descriptor=DYN2] = isIPv6 AND (Key(SrcIPv6)==8) Assign[StreamId=(0..31); Hash=HashDown; Descriptor=DYN2] = isIPv6 AND (Key(DstIPv6)==8) KeyList[KeySet = 8; Color=100; KeyType=KT] = ([d7a0:4e95:0:0:0:0:af:0000]), \\ ([91:92:0:0:0:0:93:94])
The first Assign command will not have any effect. This means that key tests will be performed on the destination IPv6 address field only. As a result, IPv6 frames with the given IPv6 addresses on the source address field will not be delivered to the host. To solve this issue, the Assign commands can be configured as follows.
Define IPv6SrcField = Field(Layer3Header[8]/128) Define IPv6DstField = Field(Layer3Header[24]/128) Define isIPv6 = Filter(Layer3Protocol == IPv6) Define HashUp = Hash(HashWord0_3=IPv6SrcField) Define HashDown = Hash(HashWord0_3=IPv6DstField) KeyType[name=KT; ColorInfo=True; Access=Full] = {128} KeyDef[name=SrcIPv6; KeyType=KT] = (IPv6SrcField) KeyDef[name=DstIPv6; KeyType=KT] = (IPv6DstField) Assign[StreamId=(0..31); Hash=HashUp; Descriptor=DYN2] = isIPv6 AND (Key(SrcIPv6)==8 AND Key(DstIPv6)==ANY) Assign[StreamId=(0..31); Hash=HashDown; Descriptor=DYN2] = isIPv6 AND (Key(SrcIPv6)==ANY AND Key(DstIPv6)==8) KeyList[KeySet = 8; Color=100; KeyType=KT] = ([d7a0:4e95:0:0:0:0:af:0000]), ([91:92:0:0:0:0:93:94])
Additional key test with the ANY keyword is added to each Assign command which is always evaluated to true. This is done to perform the key tests on both SrcIPv6 and DstIPv6 for each frame. Therefore, both destination and source IPv6 address fields will be searched. As a result, frames with given IP addresses either on the source IPv6 address field or on the destination IPv6 address field will be delivered to the host.
Define IPv6SrcField = Field(Layer3Header[8]/128) Define IPv6DstField = Field(Layer3Header[24]/128) Define isIPv6 = Filter(Layer3Protocol == IPv6) HashMode=Hash2TupleSorted KeyType[name=KT; ColorInfo=True; Access=Full] = {128} KeyDef[name=SrcIPv6; KeyType=KT] = (IPv6SrcField) KeyDef[name=DstIPv6; KeyType=KT] = (IPv6DstField) Assign[StreamId=(0..31); Descriptor=DYN2] = isIPv6 AND (Key(SrcIPv6)==8 OR Key(DstIPv6)==8) KeyList[KeySet=8; Color=100; KeyType=KT] = ([d7a0:4e95:0:0:0:0:af:0000]), \\ ([91:92:0:0:0:0:93:94])
CAM and TCAM
- If the CAM is full and the TCAM is available, the SmartNIC attempts to store values for an exact match in the TCAM.
- If a value for an exact key match has a length greater than the specified limit, the SmartNIC attempts to store the value in the TCAM (if available).
>>> Not enough TCAM resources to store the Key type
The CAM can store a maximum of 36,000 IPv4-address-size entries or a maximum of 8,000 IPv6-address-size entries. The TCAM can store a maximum of 864 IPv4-address-size entries or a maximum of 216 IPv6-address-size entries.
TCAM bank structure
The TCAM consists of 12 banks. Each bank can contain 72 entries of a
32-bit value as shown in this figure.
For example, if values are 32-bit IPv4 addresses, 72 IPv4 addresses can be stored in one bank.
Banks are coupled to store values with larger lengths. For example, 4 banks
are coupled to store IPv6 addresses (128 bits) as shown in the following figure.
If two key tests per frame are configured, banks are split in two. If the length of
values for both key tests are the same, 6 banks are available for each key test. Therefore,
a maximum of 192 bits can be used to store each entry as 6 banks are coupled.
>>> Not enough TCAM resources to store the Key type
Using a mask in KeyDef
// Macros for KeySet identifiers. Define IP_list0 = Macro("3") Define IP_list1 = Macro("4") // IPv4 protocol filter. Define isIPv4 = Filter(Layer3Protocol == IPv4) // Source IPv4 field. Define IPv4SrcField = Field(Layer3Header[12]/32) KeyType[Name=KT_IPv4] = {32} KeyDef[Name=IPv4Src; KeyType=KT_IPv4] = (IPv4SrcField) Assign[StreamId=0] = isIPv4 AND Key(IPv4Src)==IP_list0 Assign[StreamId=1] = isIPv4 AND Key(IPv4Src)==IP_list1 KeyList[KeySet=IP_list0; KeyType=KT_IPv4] = ( {[ff.ff.ff.00]:[192.168.0.0]} ),\\ ( {[ff.ff.ff.00]:[192.168.1.0]} ) KeyList[KeySet=IP_list1; KeyType=KT_IPv4] = ( {[ff.ff.ff.00]:[192.168.2.0]} ),\\ ( {[ff.ff.ff.00]:[192.168.3.0]} )Using this example, the SmartNIC delivers frames to stream 0 if the IP address is contained in the subnet of 192.168.0.0 or 192.168.1.0. The second Assign command indicates that frames are delivered to stream 1 if the IP address is contained in the subnet of 192.168.2.0 or 192.168.3.0.
KeyDef[Name=IPv4Src; KeyType=KT_IPv4] = ( {[ff.ff.ff.00]:IPv4SrcField} ) KeyList[KeySet = IP_list0; KeyType=KT_IPv4] = ( [192.168.0.0] ),( [192.168.1.0] ) KeyList[KeySet = IP_list1; KeyType=KT_IPv4] = ( [192.168.2.0] ),( [192.168.3.0] )A mask can be used in the KeyDef command as shown in this example. A subnet mask [ff.ff.ff.00] is applied to IPv4SrcField. As the values in the KeyList commands are configured without any masks (an exact match), they are stored in the CAM whereas values with a mask (a wild card match) in the previous example are stored in the TCAM. Substantially greater number of values can be stored in the CAM using a subnet mask in the KeyDef command. See CAM and TCAM for more information on the CAM and the TCAM.