Manuals+

NVIDIA BlueField Modes of Operation

Introduction

The NVIDIA® BlueField® networking platform (DPU or SuperNIC) supports several modes of operation:

Note: The default mode of operation for the BlueField DPU is DPU mode. The default mode of operation for the BlueField SuperNIC is NIC mode.

DPU Mode

DPU mode, also known as embedded CPU function ownership (ECPF) mode, is the default mode for the BlueField DPU. In this mode, the NIC resources and functionality are owned and controlled by the embedded Arm subsystem. All network communication to the host flows through a virtual switch control plane hosted on the Arm cores before proceeding to the host. The BlueField acts as a trusted function managed by the data center and host administrator for tasks such as loading network drivers, resetting interfaces, bringing interfaces up and down, updating firmware, and changing the mode of operation.

A network function is still exposed to the host, but with limited privileges. Specifically:

  1. The driver on the host side can only be loaded after the driver on the BlueField has loaded and completed NIC configuration.
  2. All ICM (Interface Configuration Memory) is allocated by the ECPF and resides in the BlueField's memory.
  3. The ECPF controls and configures the NIC embedded switch, ensuring that traffic to and from the host (BlueField) interface always lands on the Arm side.

A diagram illustrates the HOST and ARM sides with interfaces PFO, PF1, ECPFO, ECPF1, and an eSwitch, showing the traffic offload and slow path.

When the server and BlueField are initiated, networking to the host is blocked until the virtual switch on the BlueField is loaded. Once loaded, traffic to the host is allowed by default. Traffic can be passed to the host interface either by using representors to forward traffic or by pushing rules to the embedded switch for offload.

In DPU mode, OpenSM and management tools (e.g., sminfo, ibdev2netdev, ibnetdiscover) must be run from the BlueField side.

Zero-trust Mode

Zero-trust mode is a specialization of DPU mode that implements an additional layer of security. It prevents the host system administrator from accessing BlueField from the host. Data center administrators should control BlueField entirely through the Arm cores and/or BMC connection instead of the host. This mode can restrict host operations that might compromise BlueField, such as:

Enabling Zero-trust Mode

To enable host restriction:

  1. Start the MST service.
  2. Set zero-trust mode from the Arm side by running: 
    $ sudo mlxprivhost -d /dev/mst/ r --disable_rshim --disable_tracer --disable_counter_rd --disable_port_owner
  3. If no --disable_* flags are used, perform a BlueField system reboot.
  4. If any --disable_* flags are used, perform a BlueField system-level reset.

Disabling Zero-trust Mode

To disable host restriction:

  1. Set the mode to privileged by running: 
    $ sudo mlxprivhost -d /dev/mst/ p
  2. Apply configuration.
  3. If host restriction was not applied using any --disable_* flags, perform a BlueField system reboot.
  4. If host restriction was applied using any --disable_* flags, perform a BlueField system-level reset.

NIC Mode

In NIC mode, BlueField behaves exactly like an adapter card from the perspective of the external host.

Note: The following instructions presume BlueField is operating in DPU mode. If BlueField is operating in zero-trust mode, please return to DPU mode before proceeding.

Note: The following notes are relevant for updating the BFB bundle in NIC mode:

NIC Mode for BlueField-3

Note: When BlueField-3 is configured to operate in NIC mode, Arm OS will not boot.

NIC mode for BlueField-3 saves power, improves device performance, and reduces the host memory footprint.

Configuring NIC Mode on BlueField-3 from Linux

Enabling NIC Mode on BlueField-3 from Linux

Before moving to NIC mode, ensure you are in DPU mode by running:

host/bf> sudo mlxconfig -d /dev/mst/mt41692_pciconf0 -e q

The output should show INTERNAL_CPU_MODEL=EMBEDDED_CPU(1) and EXP_ROM_UEFI_ARM_ENABLE = True (1).

To enable NIC mode from DPU mode:

  1. Run the following on the host or Arm: 
    host/bf> sudo mlxconfig -d /dev/mst/mt41692_pciconf0 s INTERNAL_CPU_OFFLOAD_ENGINE=1
  2. Perform a BlueField system-level reset for the mlxconfig settings to take effect.
Disabling NIC Mode on BlueField-3 from Linux

To return to DPU mode from NIC mode:

  1. Run the following on the host: 
    host> sudo mlxconfig -d /dev/mst/mt41692_pciconf0 s INTERNAL_CPU_OFFLOAD_ENGINE=0
  2. Perform a BlueField system-level reset for the mlxconfig settings to take effect.

Configuring NIC Mode on BlueField-3 from Host BIOS HII UEFI Menu

Info: The screenshots in this section are examples only and may vary depending on the vendor of your specific host.

  1. Select the network device that presents the uplink (i.e., select the device with the uplink MAC address).
  2. Select "BlueField Internal Cpu Configuration".

A screenshot shows the "Main Configuration Page" with options like "Firmware Image Properties", "NIC Configuration", "iSCSI Configuration", "Power Configuration", and "Device Level Configuration". Under "Device Level Configuration", "BlueField Internal Cpu Configuration" is selected.

Details shown include "Device Name: Nvidia Network Adapter", "Chip Type: BlueField-3", "PCI Device ID: A2DC", "Link Status: ", and "Link Speed: <100Gbps>".

Another screenshot shows the "BlueField InternalCpu Configuration" screen with fields like "InternalCpu Model", "InternalCpu Page Supplier", "InternalCpu Eswitch Manager", "InternalCpu IB Uporto", and "InternalCpu Offload Engine".

The "InternalCpu Model" is set to <EMBEDDED CPU>, and "InternalCpu Offload Engine" is set to <Disabled>. A description states: "Defines whether the Internal CPU is used as an offload engine".

Configuring NIC Mode on BlueField-3 from Arm UEFI

  1. Access the Arm UEFI menu by pressing the Esc button twice.
  2. Select "Device Manager".
  3. Select "System Configuration".
  4. Select "BlueField Modes".
  5. Set the "NIC Mode" field to NicMode to enable NIC mode.

A table shows "Internal CPU Model: ", "Host Privilege Level: ", and "NIC Mode: ". It also indicates that changes require powercycling the system.

Info: Configuring Unavailable is inapplicable.

  1. Exit "BlueField Modes" and "System Configuration", ensuring settings are saved. Exit the UEFI setup using the 'reset' option. The configuration is not yet applied, and BlueField is expected to boot normally in DPU mode.
  2. Perform a BlueField system-level reset to change to NIC mode.

Configuring NIC Mode on BlueField-3 Using Redfish

Run the following from the BlueField BMC:

  1. Get the current BIOS attributes: 
    sudo curl -k -u root:'<password>' -H 'content-type: application/json' -X GET https://<bmc_ip>/redfish/v1/Systems/Bluefield/Bios/
  2. Change BlueField mode from DpuMode to NicMode: 
    curl -k -u root:'<password>' -H 'content-type: application/json' -d '{ "Attributes": { "NicMode": "NicMode" } }' -X PATCH https://<bmc_ip>/redfish/v1/Systems/Bluefield/Bios/Settings

  3. Info: To revert back to DPU mode, run: 

    curl -k -u root:'<password>' -H 'content-type: application/json' -d '{ "Attributes": { "NicMode": "DpuMode" } }' -X PATCH https://<bmc_ip>/redfish/v1/Systems/Bluefield/Bios/Settings

  4. Verify that the BMC has registered the new settings: 
    curl -k -u root:'<password>' -H 'content-type: application/json' -X GET https://<bmc_ip>/redfish/v1/Systems/Bluefield/Bios/Settings
  5. Issue a software reset and then power cycle the host for the change to take effect.
  6. Verify the mode is changed: 
    curl -k -u root:'<password>' -H 'content-type: application/json' -X GET https://<bmc_ip>/redfish/v1/Systems/Bluefield/Oem/Nvidia

Note: To retrieve the mode via BIOS attributes, another BlueField software reset is required before running the command: 

curl -k -u root:'<password>' -H 'content-type: application/json' -X GET https://<bmc_ip>/redfish/v1/Systems/Bluefield/Bios

Updating Firmware Components in BlueField-3 NIC Mode

Once in NIC mode, updating ATF and UFEI can be done using the standard *.bfb image:

#bfb-install --bfb <BlueField-BSP>.bfb --rshim rshim0

NIC Mode for BlueField-2

In this mode, the ECPFs on the Arm side are not functional, but the user can still access the Arm system and update mlxconfig options.

Note: When NIC mode is enabled, the drivers and services on the Arm are no longer functional.

Configuring NIC Mode on BlueField-2 from Linux

Enabling NIC Mode on BlueField-2 from Linux

To enable NIC mode from DPU mode:

  1. Run the following from the x86 host side: 
    $ mst start
$ mlxconfig -d /dev/mst/<device> s \
INTERNAL_CPU_PAGE_SUPPLIER=1 \
INTERNAL_CPU_ESWITCH_MANAGER=1 \
INTERNAL_CPU_IB_VPORT0=1 \
INTERNAL_CPU_OFFLOAD_ENGINE=1

  2. Note: To restrict RShim PF (optional), make sure to configure INTERNAL_CPU_RSHIM=1 as part of the mlxconfig command.

  3. Perform a BlueField system-level reset to load the new configuration.

  4. Info: Refer to the troubleshooting section of the guide for a step-by-step procedure.

  5. Note: Multi-host is not supported when BlueField is operating in NIC mode.

Disabling NIC Mode on BlueField-2 from Linux

To change from NIC mode back to DPU mode:

  1. Install and start the RShim driver on the host.
  2. Disable NIC mode by running: 
    $ mst start
$ mlxconfig -d /dev/mst/<device> s \
INTERNAL_CPU_PAGE_SUPPLIER=0 \
INTERNAL_CPU_ESWITCH_MANAGER=0 \
INTERNAL_CPU_IB_VPORT0=0 \
INTERNAL_CPU_OFFLOAD_ENGINE=0

  3. Note: If INTERNAL_CPU_RSHIM=1, then make sure to configure INTERNAL_CPU_RSHIM=0 as part of the mlxconfig command.

  4. Perform a BlueField system reboot for the mlxconfig settings to take effect.

Configuring NIC Mode on BlueField-2 from Arm UEFI

Follow the same instructions in section "Configuring NIC Mode on BlueField-3 from Arm UEFI".

Configuring NIC Mode on BlueField-2 Using Redfish

Follow the same instructions in section "Configuring NIC Mode on BlueField-3 Using Redfish".

Separated Host Mode (Obsolete)

Warning: This BlueField mode of operation is obsolete. Please do not use it!

In separated host mode, a network function is assigned to both the Arm cores and the host cores. The ports/functions are symmetric, with traffic sent to both physical functions simultaneously. Each function has its own MAC address, allowing communication between them and enabling Ethernet and RDMA over Converged Ethernet (RoCE) traffic. There is an equal bandwidth share between the two functions.

The two functions have no dependency and can operate simultaneously or separately. The host can communicate with the embedded function as two separate hosts, each with its own MAC and IP addresses.

In separated host mode, the host administrator is a trusted actor who can perform all configuration and management actions related to either network function.

A diagram illustrates the HOST and ARM sides with interfaces PFO, PF1, ECPFO, ECPF1, and an eSwitch.

This mode enables the operational model of a SmartNIC without a separated control plane. The Arm control plane can be used for different functions but has no control over host steering functions.

Limitations of this mode:

To configure separated host mode from DPU mode:

  1. Enable separated host mode by running: 
    $ mst start
$ mlxconfig -d /dev/mst/<device> s INTERNAL_CPU_MODEL=0
  2. Power cycle.
  3. Verify configuration by running: 
    $ mst start
$ mlxconfig -d /dev/mst/<device> q | grep -i model
  4. Remove OVS bridges configuration from the Arm-side by running: 
    $ ovs-vsctl list-br | xargs -r -l ovs-vsctl del-br
Models: BlueField-3, BlueField-2, Blue Field Super NIC, Field Super NIC, Super NIC

File Info : application/pdf, 17 Pages, 805.51KB

PDF preview unavailable. Download the PDF instead.

modes-of-operation

References

Related Documents

Preview NVIDIA BlueField DPU Initial Configuration Guide
Comprehensive guide to configuring NVIDIA BlueField DPUs, covering UEFI settings, system services, secure boot, and password policies for optimal performance and security.
Preview NVIDIA BlueField BSP v4.8.0 Software Manual and Release Notes
Explore the NVIDIA BlueField BSP v4.8.0 software manual, offering comprehensive release notes, installation guides, configuration details, and troubleshooting for BlueField DPU networking platforms. Ideal for software developers and DevOps engineers.
Preview NVIDIA BlueField Factory Reset Guide
Comprehensive guide on performing factory resets for NVIDIA BlueField systems, including BMC, eMMC, SSD, UEFI, and NIC TLVs using Redfish commands and console utilities.
Preview NVIDIA MLNX_EN Documentation v24.10-3.2.5.0 LTS: High-Performance Ethernet Driver Guide
Explore the NVIDIA MLNX_EN Linux driver documentation (v24.10-3.2.5.0 LTS). This guide details installation, configuration, and advanced features for ConnectX and BlueField network adapters, essential for high-performance Ethernet and InfiniBand applications.
Preview NVIDIA MLNX_EN Documentation v5.8-5.1.1.2 LTS - User Manual & Release Notes
Explore the NVIDIA MLNX_EN Documentation v5.8-5.1.1.2 LTS, a comprehensive guide for Linux drivers and software for NVIDIA's ConnectX® EN family network adapters. Learn about installation, configuration, features, supported hardware, and troubleshooting for high-performance Ethernet and InfiniBand networking.
Preview NVIDIA DOCA Pipeline Language Services Guide: Programming Network Data Planes
Explore the NVIDIA DOCA Pipeline Language (DPL) Services Guide. Learn how to program network data planes on NVIDIA BlueField DPUs using DPL, a domain-specific language derived from P4-16, for enhanced networking functionality and efficiency.
Preview NVIDIA DOCA vSwitch and Representors Model User Guide
User guide for NVIDIA DOCA vSwitch and Representors Model, detailing configuration, features, and management of NVIDIA BlueField DPUs for enhanced networking performance and offloading.
Preview NVIDIA DOCA Telemetry Service Guide
This guide provides instructions on how to use the DOCA Telemetry Service (DTS) container on top of NVIDIA BlueField DPU. It covers service deployment, configuration, data providers, and troubleshooting.