The MACsec-IP-361 is a plug-and-play solution for adding MACsec on the xMII side of an Ethernet subsystem. It is ISO 26262 ASIL-B Ready certified and ideally positioned for designs where the MAC function is tightly integrated with the system-side, for example DMA-MAC Ethernet controllers or switch core IP with integrated MAC modules.
With the MACsec-IP-361, silicon vendors can add line-rate MACsec function using the industry-standard interfaces and achieve seamless operation with an existing Ethernet controller subsystem.
How the MACsec-IP-361 Works
The MACsec-IP-361 engine provides complete MACsec processing for a port. A port may process a single stream or an interleaved stream of IEEE802.3br fragments (if preemption support is included). It contains a flexible classifier with a table of programmable rules with the programmable actions. The transformation engine supports all features and ciphers of the standard MACsec and VLAN-in-clear extension. The processing results are reflected in the MACsec compliant statistics as additional non-standard counters.
The MACsec-IP-361 engine operates as a fixed delay component at the xMII side, preserving accuracy of PTP timestamping and TSN scheduling created by the TSN MAC subsystem. Its operation is transparent for non-packet related information that is sent over the xMII bus.
The target integration would be instantiating the MACsec-IP-361 between an Ethernet MAC and a PCS. The PCS function may reside in a different device, for example, in the PHY. For egress direction, the MAC must be programmed to reserve space for MACsec expansion for example by stretching the IPG or managing the packet rate accordingly.
