Ultra Ethernet Security: Protecting AI/HPC at Scale
The Evolving Landscape of AI/HPC Connectivity
As artificial intelligence and high-performance computing (AI/HPC) reshape industries, the need for robust, scalable, and secure connectivity has never been greater. Built from tightly integrated CPUs, GPUs, and SmartNICs, today’s compute clusters demand high-throughput, low-latency networks that can scale from die-to-die to multi-rack deployments.
Why Network Security Matters More Than Ever
AI/HPC clusters process vast amounts of sensitive data, making network security a top priority. Effective solutions must deliver access control, data confidentiality, and threat detection, without sacrificing performance or scalability. Protocols like MACsec and IPsec have long protected data in transit, but new use cases are pushing the limits of these technologies.
MACsec and IPsec: Proven, But Ready for Evolution
MACsec and IPsec are trusted standards for securing Ethernet and IP traffic, respectively. Their use of AES-GCM enables terabit-per-second throughput, but feature scaling to the demands of modern AI/HPC clusters exposes limitations in flexibility and domain isolation. The industry is now looking to the Ultra Ethernet Consortium (UEC) for answers.
Ultra Ethernet Consortium: Purpose-Built for AI/HPC
UEC’s new specification introduces a high-performance Ethernet stack tailored for AI/HPC, with a Transport Security Sub-layer (TSS) that draws on the strengths of IPsec and Google’s PSP. UEC is designed for scale-out networks, enabling secure, efficient data delivery directly to application memory, minus the overhead of legacy protocols.
Looking Ahead: Integrating Security at Terabit Speeds
As SmartNICs and DPUs evolve to support 800G and 1.6T Ethernet, integrating UEC TSS will be key to protecting AI/HPC workloads at scale. IPsec remains to be used for RoCEv2, an industry-wide transport protocol as well as for securing virtual networks and management traffic. MACsec will continue to secure DCI and long-haul links. The future of network security is purpose-built, high-speed, and ready for the next wave of innovation.
Additional Resources:
- Webinar: Network Security at Terabit-per-second Rates with MACsec, IPsec and UEC
- Ask the Experts Video: MACsec at Terabit Line Rates
- SemiEngineering.com: Network Security For AI/HPC: From MACsec/IPsec Towards Ultra Ethernet
About Maxim Demchenko
Maxim Demchenko is a technical director for Rambus Security IP. He joined Rambus following the acquisition of Inside Secure. His work focuses on network security IP architectures, design/verification methods, and bringing various line-rate MACsec/IPsec and Ultra Ethernet products to market. Maxim’s role includes direct engagement with leading SoC and system vendors to define optimal product solutions. Before Rambus, Maxim worked at Philips as an FPGA/ASIC engineer.
Related Semiconductor IP
- 1.6T/3.2T Multi-Channel MACsec Engine with TDM Interface (MACsec-IP-364)
- 1G to 100G Single-Port MACsec Engine
- 800G Multi-Channel MACsec Engine with TDM Interface
- 1.6 Tbps MACsec Engine
- 1G to 50G Single-Port MACsec Engine with xMII interface and TSN support
Related Blogs
- Powering Scale Up and Scale Out with 224G SerDes for UALink and Ultra Ethernet
- Get a Glimpse at New Ethernet Standards in the Works
- Arm Cortex-M35P: multi-layered security at the heart of your device
- Protecting Wi-Fi chipsets with hardware-based security cores
Latest Blogs
- ML-KEM explained: Quantum-safe Key Exchange for secure embedded Hardware
- Rivos Collaborates to Complete Secure Provisioning of Integrated OpenTitan Root of Trust During SoC Production
- From GPUs to Memory Pools: Why AI Needs Compute Express Link (CXL)
- Verification of UALink (UAL) and Ultra Ethernet (UEC) Protocols for Scalable HPC/AI Networks using Synopsys VIP
- Enhancing PCIe6.0 Performance: Flit Sequence Numbers and Selective NAK Explained