The MACsec-IP-164 is a MACsec/IPsec engine developed specifically for high-speed, multi-rate and multi-port Ethernet devices. Its architecture provides an optimal multi-protocol solution solution for aggregate throughput ranging from 100G to 800G and beyond. The MACsec-IP-164 is ideal for deployment in data center, enterprise and carrier network applications, as well as network-attached high-performance computing.
Cloud computing and data center throughput requirements have driven Ethernet and OTN standards to 100G, 400G and now to 800G. These standards deploy multiple SerDes lanes with various rates, which require support for flexible bandwidth allocation for a varying number of channels (ports), depending on the target silicon.
How the MACsec-IP-164 works
The MACsec-IP-164 engine provides complete MACsec SecY frame processing for multiple channels (port). It supports multiple SecY (virtual ports) to realize protection for each individual virtual network running over the same physical port. Its pooled classification and transformation resources allow optimal implementation of multi-port designs. The fat-pipe design allows aggregating multiple port to use the same MACsec SecY.
The MACsec-IP-164 engine provides a cost-effective option for line-rate IPsec ESP packet processing for transport and tunnel modes with AES-GCM cipher. A port can work in either MACsec or IPsec mode. In IPsec mode, at egress, it receives classification results from the system side. At ingress, it can match the decrypting SA. Like in MACsec, it supports pooled SA and classification resources. Implementation supports IPsec topologies with sharing the same group key.
The MACsec-IP-164 engine is delivered together with a widely adopted Driver Development Kit (DDK-164). To build a system-level solution, Rambus offers the MACsec Toolkit product that implements a complete IEEE 802.1X specification and has multiple features that facilitate development and testing of the MACsec compliant processing.
The MACsec-164 engine has been used by leading silicon and system vendors over multiple generations thanks to the engine’s software compatibility and proven history of API scalability.
The MACsec-IP-163 is a virtual port matching classifier that works with the MACsec- IP-164 to form an autonomous MACsec processing data path. Alternatively, the MACsec-IP-164 can be used in combination with an external classifier or stand alone, depending on the use case.
