The MACsec Engine implements the latest IEEE 802.1AE specification, providing connectionless data integrity, data origin authenticity and confidentiality on OSI layer 2.
The scalable architecture provides low-latency, line rate acceleration of frame encapsulation, encryption and replay protection. The multi-channel structure makes the engine extremely suitable for use in switches, enabling per-port security with a single IP instantiation. Integration options with either performance or area-optimized AES-GCM IP cores enables a high level of scalability enabling unrivalled trade-off possibilities between throughput, area and latency.
Implementation aspects
At its very core, the MACsec Engine is completely technology-agnostic and can be integrated in a wide range of FPGA and ASIC technologies. On FPGA, the engine can use vendor-specific optimizations to reach very high throughput goals.
Secure-IC's Securyzr™ 1.5Tbps MACsec Engine
Overview
Key Features
- Throughput up to 1.5Tb
- ASIC and FPGA
- Multi-channel support for link aggregation or FlexE
- Throughput from 1 Gbps up to 800 Gbps
- 32 to 1024 bits datapath
- Compliant with IEEE 802.1AE-2018
- Supports AES-GCM-128/256
- Extended Packet Numbering (optional)
- Confidentiality Offset (optional)
- Classification based on MAC, SCI, VLAN ID
- Generic interface to TCAM
- VLAN-in-the-clear mode
- Bypass mode
- Data interface: AMBA 4 AXI-Stream
- Control interface: AMBA 4 APB
Benefits
- Scalable architecture
- Ideal for use in switches
Block Diagram
Applications
- Cloud & data center interconnection
- Secure IP/MPLS (replace MPLS over GRE + IPsec)
- Secure IoT devices on LAN
- In-vehicle communication with Automotive Ethernet
Deliverables
- Netlist or RTL
- Scripts for synthesis
- Self-checking TestBench based on FIPS vectors
- Documentation
Technical Specifications
Availability
Now