Ultra Ethernet Security: Protecting AI/HPC at Scale
The Evolving Landscape of AI/HPC Connectivity
As artificial intelligence and high-performance computing (AI/HPC) reshape industries, the need for robust, scalable, and secure connectivity has never been greater. Built from tightly integrated CPUs, GPUs, and SmartNICs, today’s compute clusters demand high-throughput, low-latency networks that can scale from die-to-die to multi-rack deployments.
Why Network Security Matters More Than Ever
AI/HPC clusters process vast amounts of sensitive data, making network security a top priority. Effective solutions must deliver access control, data confidentiality, and threat detection, without sacrificing performance or scalability. Protocols like MACsec and IPsec have long protected data in transit, but new use cases are pushing the limits of these technologies.
MACsec and IPsec: Proven, But Ready for Evolution
MACsec and IPsec are trusted standards for securing Ethernet and IP traffic, respectively. Their use of AES-GCM enables terabit-per-second throughput, but feature scaling to the demands of modern AI/HPC clusters exposes limitations in flexibility and domain isolation. The industry is now looking to the Ultra Ethernet Consortium (UEC) for answers.
Ultra Ethernet Consortium: Purpose-Built for AI/HPC
UEC’s new specification introduces a high-performance Ethernet stack tailored for AI/HPC, with a Transport Security Sub-layer (TSS) that draws on the strengths of IPsec and Google’s PSP. UEC is designed for scale-out networks, enabling secure, efficient data delivery directly to application memory, minus the overhead of legacy protocols.
Looking Ahead: Integrating Security at Terabit Speeds
As SmartNICs and DPUs evolve to support 800G and 1.6T Ethernet, integrating UEC TSS will be key to protecting AI/HPC workloads at scale. IPsec remains to be used for RoCEv2, an industry-wide transport protocol as well as for securing virtual networks and management traffic. MACsec will continue to secure DCI and long-haul links. The future of network security is purpose-built, high-speed, and ready for the next wave of innovation.
Additional Resources:
- Webinar: Network Security at Terabit-per-second Rates with MACsec, IPsec and UEC
- Ask the Experts Video: MACsec at Terabit Line Rates
- SemiEngineering.com: Network Security For AI/HPC: From MACsec/IPsec Towards Ultra Ethernet
About Maxim Demchenko
Maxim Demchenko is a technical director for Rambus Security IP. He joined Rambus following the acquisition of Inside Secure. His work focuses on network security IP architectures, design/verification methods, and bringing various line-rate MACsec/IPsec and Ultra Ethernet products to market. Maxim’s role includes direct engagement with leading SoC and system vendors to define optimal product solutions. Before Rambus, Maxim worked at Philips as an FPGA/ASIC engineer.
Related Semiconductor IP
- 1.6T/3.2T Multi-Channel MACsec Engine with TDM Interface (MACsec-IP-364)
- 1G to 100G Single-Port MACsec Engine
- 800G Multi-Channel MACsec Engine with TDM Interface
- 1G to 50G Single-Port MACsec Engine with xMII interface and TSN support
- 1.5Tbps MACsec Engine
Related Blogs
- Get a Glimpse at New Ethernet Standards in the Works
- Arm Cortex-M35P: multi-layered security at the heart of your device
- Protecting Wi-Fi chipsets with hardware-based security cores
- Why thinking about software and security is so important right at the start of an ASIC design
Latest Blogs
- Shaping the Future of Semiconductor Design Through Collaboration: Synopsys Wins Multiple TSMC OIP Partner of the Year Awards
- Pushing the Boundaries of Memory: What’s New with Weebit and AI
- Root of Trust: A Security Essential for Cyber Defense
- Evolution of AMBA AXI Protocol: An Introduction to the Issue L Update
- An Introduction to AMBA CHI Chip-to-Chip (C2C) Protocol