Multi-channel Ultra Ethernet TSS Transform Engine

Solution for UET-TSS transform with rates up to 1.6Tbps

In the data center environment, the servers, storage and AI/HPC clusters need to move confidential data quickly and securely. Traditionally, RDMA is used as a transport protocol along with the network security based on MACsec and IPsec ESP protocols. To improve efficiency of using Ethernet in AI/HPC systems, the Ultra Ethernet Consortium introduced the new, IP-based transport protocol (UET), along with a new security protocol (TSS), that uses concepts from IPsec and PSP to protect or isolate the traffic. The UET protocol is implemented in SmartNICs that are connected to front-end and scale-out (backend) networks. For line rate performance and lowest latency, the TSS layer shall be implemented fully in hardware, close to the Ethernet port.

How the UET-TSS-IP-69 Works

The UET-TSS-IP-69 (EIP-69) is a high-performance, multi-channel transform engine that provides the complete TSS packet transformation (including KDF and IP/UDP updates), bypass/drop and basic crypto processing at rates up to 1.6Tbps. The engine is designed for integration into the systems that require TSS processing for one or more ports. The engine is provided as separate ingress and egress data paths.

It receives a packet with input parameters that select one of the possible operations:

• TSS: A complete TSS layer handling is performed. IP header location is parsed or received externally. At egress, SD index is received from the host, at ingress it is searched in the CAM. The SDKDB is stored in the local SRAM. If the TSS operation cannot be performed, the packet is marked for dropping. The result contains security checks and processing results. The TSS compliant statistics are counted.
• Authenticated Encryption mode: Basic AES-GCM/GMAC operation with byte-aligned data. Can be used to offload crypto operations for other protocols and run NIST CAVP vectors.
• Bypass/Drop: A packet is bypassed without or with drop signaling.

Packet Interfaces

• Single-segment TDM interface
• Bus width options: 1024-bit, 2048-bit
• Up to 64 channels (ports)
• Flexible bandwidth allocation
• Each packet has input and result token
• TSS pass/fail output

Control Interface

• Simple 32-bit
• Interrupts  

Protocol Support

• Native and UDP encapsulated TSS
• Basic AES-GCM/GMAC on byte-aligned streams

NIST CAVP Ready

• Basic AES-GCM/ECB transformation mode for data path crypto certification
• Basic AES-CMAC/ECB test mode for KDF certification

Packages

• Silicon IP

Complete Documentation

• Hardware integration guide
• Hardware reference manual
• Programming guide
• IP-XACT Register description

Tools and Scripts

• System Verilog for synthesis and simulation
• All scripts and support files needed for standard EDA tool flows