The MACsec Intel® FPGA IP core implements the IEEE Media Access Control Security standard as defined in 802.1AE (2018) as fully configurable soft IP. MACsec provides data confidentiality and integrity for the Ethernet protocol and is commonly used to secure network traffic in 5G systems, between the cloud and data center, and between IoT devices.
MACsec Intel® FPGA IP
Overview
Key Features
- IP Functionality
- Intel developed, fully featured soft IP core
- Support for cipher suites (GCM-AES-128/256, GCM-AES-XPN-128/256)
- Supports SecTAG and ICV insertion/removal, and VLAN Tag
- Configurable store-and-forward versus cut through mode for each stream
- Support for stream interleaving on user and AES interfaces
- Supports controlled and uncontrolled ports with configurable data widths
- Supports 2 Tx and 2 Rx security channels (SC) per port
- Security association shall be 4 per SC, total of up to 1024 SA for 64 ports
- Integration with the Intel 200Gbps AES and SM4 Inline Crypto Accelerator hard IP, or user provided soft AES IP
- User packet bypass metadata to support PTP use cases
- Optional RX Replay Protection Check based on Replay Window, Lowest Acceptable PN,
- Next PN
- 64 bits MACSEC Statistic Counters per MACSEC specification on each SC and SA
- Performance specifications
- IEEE 802.1AE-2018 compliant
- 200Gbps total throughput capability per instance
- User and system interfaces
- AXI4 Streaming interfaces for the data
- AXI-Lite interface for management path
- Debug and test capabilities
- Debug and logging capability
- Testbench, example design and system-level example design available
Block Diagram
